Results 1 to 5 of 5

Thread: sniffing on a remote host: forwarding fail ?

  1. #1
    Just burned his ISO
    Join Date
    Dec 2008
    Posts
    8

    Question sniffing on a remote host: forwarding fail ?

    Hello everyone, that's my first experience with backtrack and sniffing tools and i'm having troubles with ettercap :

    I've two laptops and i'm trying to perform a mitm attack with ettercap (arp poisoning), it works like a charm, BUT when I try to access some "secured" website (https) like the gmail connection page, it doesn't work, i just can't access to it (time wait).

    I've enabled tcp forwarding in etter.conf and set to 1 the ip_forward, same thing when i try to connect to msn. Do you know guys what's my problem ?

    Thanks in advance and sorry for my poor english .

  2. #2
    Senior Member Thorn's Avatar
    Join Date
    Jan 2010
    Location
    The Green Dome
    Posts
    1,509

    Default

    Quote Originally Posted by shiro View Post
    Hello everyone, that's my first experience with backtrack and sniffing tools and i'm having troubles with ettercap :

    I've two laptops and i'm trying to perform a mitm attack with ettercap (arp poisoning), it works like a charm, BUT when I try to access some "secured" website (https) like the gmail connection page, it doesn't work, i just can't access to it (time wait).

    I've enabled tcp forwarding in etter.conf and set to 1 the ip_forward, same thing when i try to connect to msn. Do you know guys what's my problem ?

    Thanks in advance and sorry for my poor english .
    Do you understand how https/SSL works?
    Thorn
    Stop the TSA now! Boycott the airlines.

  3. #3
    Just burned his ISO
    Join Date
    Dec 2008
    Posts
    8

    Default

    Quote Originally Posted by Thorn View Post
    Do you understand how https/SSL works?
    I do (the basics), like I said i'm just discovering the tools, i checked out some documents on internet looking for the possibilities of ettercap to catch id and pass and tried it...

    PS: I know it's a BT forum, not a script kidding school but maybe someone could help me to understand my error.

    edit: i may be wrong but aren't the arp mitm attack generate a fake ssl certificate ?
    edit2: of course not, but i according to some informations it still _should_ work.

  4. #4
    Senior Member Thorn's Avatar
    Join Date
    Jan 2010
    Location
    The Green Dome
    Posts
    1,509
    Thorn
    Stop the TSA now! Boycott the airlines.

  5. #5
    Junior Member Amlord1's Avatar
    Join Date
    Nov 2008
    Posts
    78

    Default

    Thanks for the link Thorn, I found the post quite interesting.
    Originally Posted by pureh@te
    You may think its stupid but when you are posting online sometimes spelling, grammar and thought put into the content of your posts is the only thing people have to measure you by and to determine the level of seriousness they should give you. So with that in mind I'd say "Yes" its pretty important.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •