Results 1 to 3 of 3

Thread: Ettercap - No poisoning between client -> host

Hybrid View

  1. #1
    Just burned his ISO
    Join Date
    Mar 2010
    Posts
    8

    Default Ettercap - No poisoning between client -> host

    Hi!
    I am trying to perform a Mitm attack on my wireless network, but it seems that im only able to sniff plain text passwords. When i enter SSL encrypted pages on the victim computer, there is no false certificate injected, and of course ettercap doesn't capture the login. I have changed the priveledges to "0", and also uncommented the iptables option in etter.conf.

    I have tried using both the GUI-version and console with the same result. When i use the chk_poison plugin, i get this:
    Activating chk_poison plugin...
    chk_poison: Checking poisoning status...
    chk_poison: No poisoning between 192.168.1.181 -> 192.168.1.1

    Where 192.168,1,181 is the victims ip, and the other one is the router. Im guessing this is the reason why ettercap doesn't inject the certificate into the victims browser. (I have NOT checked the "posion only one way" option). I am still able to DNS spoof successfully, but i am not sure if this requires poisoning both ways.

    I have read somewhere that the chk_poison plugin doesn't work properly. So i've tried to look at the traffic using Wireshark on the attacking system:

    I can see that when the victim asks for 192.168.1.1, the attacking system broadcasts "*victims ip* is at *attackers MAC*" to the router, and afterwards it answers the victim and tells it that "*routers ip* is at *attackers MAC*". Im not sure if this is everything that is supposed to happen, and maybe i will need to use wireshark on the victims computer to see the full image?

    I've tried using the repoison_arp plugin with same result. And also even using a different router. It may be worth mentioning that in the start, i had no poisoning at all between the router and client. However i fixed this by using "ifconfig wlan0 mtu 1500". It seems that sometimes the NIC sets itself to 576 on its own. This is of course annoying, so if anyboy has a solution to this as well, i would be very grateful. I dont think it has anything to do with the other problem though.

    I hope somebody has a solution to my problem, and im grateful for all input.
    Thank you!

  2. #2
    Member dustyboner's Avatar
    Join Date
    Jan 2010
    Posts
    98

    Default Re: Ettercap - No poisoning between client -> host

    I am trying to perform a Mitm attack on my wireless network, but it seems that im only able to sniff plain text passwords. When i enter SSL encrypted pages on the victim computer, there is no false certificate injected, and of course ettercap doesn't capture the login. I have changed the priveledges to "0", and also uncommented the iptables option in etter.conf.
    are u using sslstrip? if your not, use it.

  3. #3
    Just burned his ISO
    Join Date
    Mar 2010
    Posts
    8

    Default Re: Ettercap - No poisoning between client -> host

    Thanks for the tip I'll try that instead!

Similar Threads

  1. Ettercap With ARP Poisoning
    By micole in forum BackTrack Howtos
    Replies: 24
    Last Post: 04-23-2011, 12:33 PM
  2. ARP Poisoning 101 (Not sniffing info...)
    By Whiskey in forum Beginners Forum
    Replies: 12
    Last Post: 07-15-2010, 02:12 AM
  3. Host-based intrusion detection using psad
    By brtw2003 in forum Experts Forum
    Replies: 3
    Last Post: 03-30-2010, 05:54 AM
  4. Replies: 15
    Last Post: 03-20-2010, 03:10 AM
  5. BT4 VMWare on XP Host
    By mattyj1085 in forum Beginners Forum
    Replies: 1
    Last Post: 02-24-2010, 07:17 AM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •