Results 1 to 4 of 4

Thread: Ettercap theory

  1. #1
    Just burned his ISO
    Join Date
    Jul 2008
    Posts
    5

    Default Ettercap theory

    Now... I know I might get flamed with this but, I'm a newbie at pentesting and searching 'Ettercap' on here and on google (couldnt come up with a better dork) didn't answer my question. But... Its a simple one....

    When I use ettercap (on my own network of course), it works like I can see FTP passwords and Telnet when I log into things but, when I try and visit things like Devshed forums website, facebook, hotmail and such, and try to login to those. It doesn't log any passwords or such? Is this because its SSL encrypted? or just cause I haven't done something right cause Im a newbie. (You have to start somewhere right?)

    Also, whats the best linux based (im using ubuntu) application for analyzing ettercap files? mainly with the .eci and .ecp file extensions? Ive tried to look into etterlog and its too complex. I couldn't find anything else, with a quick search. Like im not a complete network newb, I have CCNA and CCNP so, i know some stuff. just not this.

    Any help on either of these questions would be great.

    Thanks,
    Drez

  2. #2
    Senior Member Thorn's Avatar
    Join Date
    Jan 2010
    Location
    The Green Dome
    Posts
    1,509

    Default

    Quote Originally Posted by Mastor-Winfrey View Post
    ...
    When I use ettercap (on my own network of course), it works like I can see FTP passwords and Telnet when I log into things but, when I try and visit things like Devshed forums website, facebook, hotmail and such, and try to login to those. It doesn't log any passwords or such? Is this because its SSL encrypted? or just cause I haven't done something right cause Im a newbie. (You have to start somewhere right?)
    ...
    You're probably doing everything right. Many sites such as the ones you mention use script to produce a password hash before the login credentials are sent to the site. In other words, the password is never sent in the clear.
    Thorn
    Stop the TSA now! Boycott the airlines.

  3. #3
    Senior Member
    Join Date
    Apr 2008
    Posts
    2,008

    Default

    Just remember that you will have to perform a MITM (Man In The Middle) attack to be able to retrieve passwords on sites using SSL. This will replace the SSL certificate issued by the site with your own, making it possible for you to retrieve the credentials in clear-text form. To do this is ettercap use the following command:
    Code:
    ettercap -Tq -M ARP /192.168.1.100/ /192.168.1.1/
    Replace 192.168.1.100 with the IP of the target computer and 192.168.1.1 with the gateway IP.
    -Monkeys are like nature's humans.

  4. #4
    Just burned his ISO
    Join Date
    Jul 2008
    Posts
    5

    Default

    I see.... I'll give the SSL one a try. The password hash? Shouldn't it still be sent in some POST or GET data though? Like, I don't see anything on ettercap except the connection, it shows up no post or get data. But, when I do FTP it shows up with my username and password in the Status box.

    Thanks,
    Drez

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •