Now... I know I might get flamed with this but, I'm a newbie at pentesting and searching 'Ettercap' on here and on google (couldnt come up with a better dork) didn't answer my question. But... Its a simple one....
When I use ettercap (on my own network of course), it works like I can see FTP passwords and Telnet when I log into things but, when I try and visit things like Devshed forums website, facebook, hotmail and such, and try to login to those. It doesn't log any passwords or such? Is this because its SSL encrypted? or just cause I haven't done something right cause Im a newbie. (You have to start somewhere right?)
Also, whats the best linux based (im using ubuntu) application for analyzing ettercap files? mainly with the .eci and .ecp file extensions? Ive tried to look into etterlog and its too complex. I couldn't find anything else, with a quick search. Like im not a complete network newb, I have CCNA and CCNP so, i know some stuff. just not this.
Any help on either of these questions would be great.
Stop the TSA now! Boycott the airlines.
Just remember that you will have to perform a MITM (Man In The Middle) attack to be able to retrieve passwords on sites using SSL. This will replace the SSL certificate issued by the site with your own, making it possible for you to retrieve the credentials in clear-text form. To do this is ettercap use the following command:Replace 192.168.1.100 with the IP of the target computer and 192.168.1.1 with the gateway IP.Code:ettercap -Tq -M ARP /192.168.1.100/ /192.168.1.1/
-Monkeys are like nature's humans.
I see.... I'll give the SSL one a try. The password hash? Shouldn't it still be sent in some POST or GET data though? Like, I don't see anything on ettercap except the connection, it shows up no post or get data. But, when I do FTP it shows up with my username and password in the Status box.