man in the middle with ettercap?

**kid protocol** · 02-06-2009, 02:33 AM

I set up a man in the middle attack on my network with ettercap, and I notice when I go to sites like yahoo, myspace, and google my browser says that the certificate is not trusted, and that some body could be impersonating the server.(lol) Is their any way around this?
Here's the command:ettercap -T -q -p -M ARP // //

**KMDave** · 02-06-2009, 02:42 AM

Theoretically yeah it is possible.

**larryhaja** · 02-06-2009, 04:57 PM

Originally Posted by kid protocol

I notice when I go to sites like yahoo, myspace, and google my browser says that the certificate is not trusted, and that some body could be impersonating the server.(lol) Is their any way around this?

There was a tool introduced back in August 2008 called "The Middler" that presented the user with a http page rather then the corresponding https page. This overrides the Certificate check that most browsers present to the user. It is open source and the original author said the code was going to be released, but as far as I know it was never released.
http://www.geek.com/articles/news/op...ector-2008108/
http://mirror.sweon.net/defcon16/Spe...16-beale-2.pdf

**kid protocol** · 02-06-2009, 06:05 PM

I've been reading through the forum and found that quite a few people has encountered this issue. Also that was stated that my user name and pass does not get logged from this site also. Has any one corrected this issue?

**imported_=Tron=** · 02-07-2009, 12:03 PM

Originally Posted by kid protocol

I've been reading through the forum and found that quite a few people has encountered this issue. Also that was stated that my user name and pass does not get logged from this site also. Has any one corrected this issue?

Well this is not an Ettercap issue per se. Unless you use a properly signed and valid certificate for the target cite all newer browsers will catch the error and warn the user about the possible security breach.

Even though this site does not use SSL encryption the password will be hashed before it is transmitted so it can not be intercepted in clear-text using a simple packet sniffer. On the other hand it is possible to replace the script that does the hashing with your own and this way obtain the password quite easily.

**KMDave** · 02-07-2009, 09:09 PM

What you are looking for is called Certifcate Collision. But unless you got the computing power of around 200 PS3's you won't find a suitable one in apropriate time.

If you want to I can post the link to the presentation of it.

**kid protocol** · 02-07-2009, 11:51 PM

Originally Posted by KMDave

What you are looking for is called Certifcate Collision. But unless you got the computing power of around 200 PS3's you won't find a suitable one in apropriate time.

If you want to I can post the link to the presentation of it.

Yes I'll appreciate that. Any other alternatives?

**KMDave** · 02-08-2009, 05:21 AM

Originally Posted by kid protocol

Yes I'll appreciate that. Any other alternatives?

Here is the link.
Have fun with it

**omarara** · 02-08-2009, 06:33 AM

sorry this is a wrong Post

**Wolfbane** · 04-23-2009, 06:50 AM

Originally Posted by KMDave

What you are looking for is called Certifcate Collision. But unless you got the computing power of around 200 PS3's you won't find a suitable one in apropriate time.

If you want to I can post the link to the presentation of it.

hey KMDave, do you still have that link kicking around?

BackTrack Linux - Penetration Testing Distribution

Thread: man in the middle with ettercap?

Thread Tools

Search Thread

Display

man in the middle with ettercap?

Bandwidth Limitation and NetCut!

Posting Permissions