Results 1 to 9 of 9

Thread: airtun-ng -> Ettercap: View traffic* in real time possible ?

  1. #1
    Senior Member
    Join Date
    Dec 2006
    Posts
    105

    Default airtun-ng -> Ettercap: View traffic* in real time possible ?

    Hi all,

    I am (sucessfully) using airtun-ng to create a virtual interface(at0) in order to use it in Ettercap.


    Question:
    Is there a way to have Ettercap shown the traffic in real time (the same view as it looks when I do webbrowsing e.g. with Firefox) ?


    Thank's a lot for your help!

    John

    PS.
    Sorry for the case my problem would simply be a matter of switching/activating an program option :-)

  2. #2
    Jenkem Addict imported_wyze's Avatar
    Join Date
    Jul 2007
    Posts
    1,543

    Default

    Quote Originally Posted by john99 View Post
    Question:
    Is there a way to have Ettercap shown the traffic in real time (the same view as it looks when I do webbrowsing e.g. with Firefox) ?
    You don't need Airtun-ng for that - you'd need to do MITM with ettercap w/possibly the remote_browser plugin.
    dd if=/dev/swc666 of=/dev/wyze

  3. #3
    Senior Member
    Join Date
    Apr 2008
    Posts
    2,008

    Default

    Quote Originally Posted by wyze View Post
    ...w/possibly the remote_browser plugin.
    The remote_browser_plugin in ettercap will achieve this just as wyze says, but is a bit buggy and will interpret most ads, banners and frames as additional webpages and therefore open each of them in an additional window/tab. Personally I find webspy to be a more solid, although not perfect, option for this task.
    -Monkeys are like nature's humans.

  4. #4
    Senior Member
    Join Date
    Dec 2006
    Posts
    105

    Default

    Quote Originally Posted by wyze View Post
    You don't need Airtun-ng for that - you'd need to do MITM with ettercap w/possibly the remote_browser plugin.

    Thank's wyze, I am going to try to find out more about MITM of Ettercap (even
    Ettercap does quite often crash (if BT3 is booted from CD-ROM).

    Are you referring to the 4 options Arppoisoning, Icmpredirect, Portstealing
    and Dhcpspoofing?


    Thank you!

    John

  5. #5
    Senior Member
    Join Date
    Dec 2006
    Posts
    105

    Default

    Quote Originally Posted by =Tron= View Post
    The remote_browser_plugin in ettercap will achieve this just as wyze says, but is a bit buggy and will interpret most ads, banners and frames as additional webpages and therefore open each of them in an additional window/tab. Personally I find webspy to be a more solid, although not perfect, option for this task.

    Thank's =Tron= for suggesting an alternative :-) What's your experiences with the mentioned tools with faked MAC in a stealth mode(unassociated) ?


    Thank's a lot!

    John

  6. #6
    Senior Member
    Join Date
    Apr 2008
    Posts
    2,008

    Default

    Quote Originally Posted by john99 View Post
    Thank's =Tron= for suggesting an alternative :-) What's your experiences with the mentioned tools with faked MAC in a stealth mode(unassociated) ?


    Thank's a lot!

    John
    Ettercap naturally will not work in unassociated mode, and to be able to view the target computers' internet activity using webspy in a live fashion you will have to implement a MITM attack using for example ettercap. You can however capture the traffic of the target AP in unassociated mode and at a later time pull out the required data using the tools of your choice. For example chaosreader is good for this, as are the dsniff suite tools, although they will require you to re-broadcast the cap file at the loopback interface using tcpreplay.
    -Monkeys are like nature's humans.

  7. #7
    Senior Member
    Join Date
    Dec 2006
    Posts
    105

    Default

    Quote Originally Posted by =Tron= View Post
    Ettercap naturally will not work in unassociated mode, and to be able to view the target computers' internet activity using webspy in a live fashion you will have to implement a MITM attack using for example ettercap. You can however capture the traffic of the target AP in unassociated mode and at a later time pull out the required data using the tools of your choice. For example chaosreader is good for this, as are the dsniff suite tools, although they will require you to re-broadcast the cap file at the loopback interface using tcpreplay.
    Thanks =Tron= for mentioning Chaosreader, it's quite sophisticated for my requirements :-)


    Are the following steps not considered a MITM?

    # airodump-ng -w w -c 10 ath0

    # modprobe tun
    # airtun-ng -a 00:11:22:33:44:55 -W 75:67:98:45:65 ath0

    # ifconfig ath0 up

    # run ettercap in graphic mode


    Thank you!

    John

  8. #8
    Senior Member
    Join Date
    Apr 2008
    Posts
    2,008

    Default

    Quote Originally Posted by john99 View Post
    Thanks =Tron= for mentioning Chaosreader, it's quite sophisticated for my requirements :-)


    Are the following steps not considered a MITM?

    # airodump-ng -w w -c 10 ath0

    # modprobe tun
    # airtun-ng -a 00:11:22:33:44:55 -W 75:67:98:45:65 ath0

    # ifconfig ath0 up

    # run ettercap in graphic mode


    Thank you!

    John
    I have not really played around with airtun-ng, but as all traffic from the clients will go through you it should constitute as a MITM attack. Whether or not tools like msgsnarf, mailsnarf, webspy etc. will work under this setup is another question. However, I do know that they work if you implement a MITM attack using ettercap on its own, i.e. by ARP-poisoning the victims.
    -Monkeys are like nature's humans.

  9. #9
    Senior Member shamanvirtuel's Avatar
    Join Date
    Mar 2010
    Location
    Somewhere in the "Ex" human right country
    Posts
    2,988

    Default

    airbase-ng have a mitm mode ...........but was not working in the reliz ive tried , maybe now it's working

    to you all , HAVE A DEEP LOOK IN AIRBASE-NG ! IT'S A ****ING TOOL
    and karmetasploit too !!
    check this : http://www.metasploit.com/dev/trac/wiki/Karmetasploit
    Watch your back, your packetz will belong to me soon... xD

    BackTrack :
    Giving Machine Guns to Monkeys since 2006

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •