Hotmail uses SSL to encrypt the data. You must set up Ettercap correctly in etter.conf to get it working with SSL. Off the top of my head you need to uncomment the iptables lines in the config file. Have you done this?
Sniffing MSN password on a network.
Hi all, I was playing around with Ettercap and Wireshark trying to see if I could find my MSN messenger password. I used Ettercap to do some arp poisoning and then Wreshark to sniff and dump all the data to a text file… I started to analyse the traffic but I was unable to find my password in it…
I was just wondering if perhaps MSN messenger hashes the password? I don’t think it encrypts it because I think I was able to find my username…
Has anyone else tried this before? Or perhaps someone could shed some light on how the msn messenger login works?
Hotmail uses SSL to encrypt the data. You must set up Ettercap correctly in etter.conf to get it working with SSL. Off the top of my head you need to uncomment the iptables lines in the config file. Have you done this?
heres an interesting link describing this issue.....
http://www.derkeiler.com/Mailing-Lis...2-09/0017.html
"Well... the algorithm is an md5 sum of the password + a random value
that the server gives to the client in the moment they start the auth
transaction. Like everything else, it is crackable, but a lot of cpu
cylces."
RxCoup - Killthepage
I don’t think msn uses SSL to encrypt its data, because I was able to capture conversations, and I think possibly the username.Originally Posted by SBerry
But even if I did spoof the SSL cert by using my own fake one, wouldn’t messenger realise that it is not the correct cert? I know when I have played around intercepting http traffic, you receive a warning about the face cert… well an unregistered one... i think, correct me if i am wrong...
Thats what i tought it would be, so you would have to capture the random value and the md5. and then using some sort of dictonary or brute force attack to crack it... which if they have a strong password, well it could take a while...
That is correct. Hotmail.com, which naturally uses the same password, does on the other hand use SSL encryption and the passwords can therefore be intercepted in clear-text using ettercap's ability to replace the SSL certificate with your own.I don’t think msn uses SSL to encrypt its data, because I was able to capture conversations, and I think possibly the username.
I realize that this is not what you are asking for in this thread, but since the password will be the same it might be an approach worth considering as opposed to trying to crack the MD5 hash using wordlists or bruteforce.
Yes the browser will pop up a warning about the SSL certificate, which probably 99% of all users will ignore.I know when I have played around intercepting http traffic, you receive a warning about the face cert… well an unregistered one... i think, correct me if i am wrong...
-Monkeys are like nature's humans.
Thanks Tron. When I posted the suggestion it was 4 in the morning GMT. Hotmail and MSN (Messenger) at that time in the morning were the same thing to me. Thought he meant Hotmail!
Posting Permissions