I'm playing around with sniffing SSL packets on my home network. My laptop (running BT4b) is wirelessly connected and I have a desktop wired to the router.
I changed /etc/etter.conf to look like this:
ec_uid = 0 # nobody is the default
ec_gid = 0 # nobody is the default
Then I fire up ettercap like so (where 192.168.0.1 is the router and 192.168.0.100 is the wired PC):
# if you use iptables:
redir_command_on = "iptables -t nat -A PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"
redir_command_off = "iptables -t nat -D PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"
It detects both the hosts and if I open up my e-mail client ettercap displays my POP username and password. If I open up Gmail however (or any other SSL site) the certificate remains the same and when I log in nothing happens in ettercap. It also doesn't capture anything if I log into regular non-SSL sites. If I run Wireshark at the same time I can see the connections so I know ettercap is doing it right, but why won't it pick up any login details?
ettercap -Tqi wlan0 -M arp:remote /192.168.0.1/ /192.168.0.100/
I do notice sometimes that when I capture packets through Wireshark that sometimes I can see the data flow and other times I see just DNS and ARP queries. ettercap also sometimes will not pick up my POP details. The command I use never changes.
IP forwarding is on, just in case, and cat /proc/sys/net/ipv4/ip_forward returns 1.
What am I doing wrong?
EDIT: chk_poison also returns No poisoning at all.