Results 1 to 9 of 9

Thread: Is it possible to capture HTTP passwords (Ettercap)

Hybrid View

  1. #1
    Just burned his ISO
    Join Date
    Apr 2008
    Posts
    6

    Default Is it possible to capture HTTP passwords (Ettercap)

    Well I successfully sniffed HTTPS password (rapidshare / megaupload) but I was hoping I could sniff HTTP passwords too (msn, forums, etc.), is it possible?

    Purely ethical, I mean no harm to my sisters accounts. xD

  2. #2
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default

    Quote Originally Posted by OldGregg View Post
    Well I successfully sniffed HTTPS password (rapidshare / megaupload) but I was hoping I could sniff HTTP passwords too (msn, forums, etc.), is it possible?

    Purely ethical, I mean no harm to my sisters accounts. xD
    Yes, you sniff http traffic by, you know, sniffing it... its sent over the network in clear text. If you've managed to sniff https (which is encrypted when sent over the network) then you should be able to manage http...
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  3. #3
    Just burned his ISO
    Join Date
    Apr 2008
    Posts
    6

    Default

    Quote Originally Posted by lupin View Post
    Yes, you sniff http traffic by, you know, sniffing it... its sent over the network in clear text. If you've managed to sniff https (which is encrypted when sent over the network) then you should be able to manage http...
    That's what I thought, but whenever I sniff I only get https results, I tested it with one computer sniffing and logged into some places on the other one, but nothing was captured, but when I try with https it works..

    Am i doing something wrong?
    I open ettercap in GTK mode with the WEP key, I click Set Netmask and set it to "255.255.255.0", I then go to sniffing > unified sniffing and scan hosts, I add the router (192.168.2.1) to host 1 and the victim (192.168.2.101) to host 2, I then click mitm > arp poisoning and tick "sniff remote connections", I then start the sniffing, but as said, it is only sniffing https. :S

  4. #4

    Default

    Quote Originally Posted by OldGregg View Post
    Well I successfully sniffed HTTPS password (rapidshare / megaupload) but I was hoping I could sniff HTTP passwords too (msn, forums, etc.), is it possible?

    Purely ethical, I mean no harm to my sisters accounts. xD
    MSN doesnt run on port 80 plus its not HTTP traffic! So ettercap will not do it!
    Unless you mean a web based client?

    Now for sites that ettercap doesn't pick up, you could try and make your own filter! An example (Yahoo Web Based Email)
    Ettercap :: View topic - HowTo do filters (Yahoo example)

    Any of that help?
    ~ Have you, g0tmi1k? ~
    :rolleyes: <(^^,)> :p d[-_^]b (= =D-->--< :eek:

  5. #5
    Just burned his ISO
    Join Date
    Apr 2008
    Posts
    6

    Default

    Quote Originally Posted by g0tmi1k View Post
    MSN doesnt run on port 80 plus its not HTTP traffic! So ettercap will not do it!
    Unless you mean a web based client?
    I mean the MSN website, hotmail and whatnot, it's not just that though, I tested it with other things, vbulletin & phpbb forums, blogspot, twitter, etc. and none are working.. but when I try with rapidshare, megaupload, etc. it works.. :/

    Thanks for the help guys, it's appreciated.

  6. #6
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default

    Quote Originally Posted by OldGregg View Post
    I mean the MSN website, hotmail and whatnot, it's not just that though, I tested it with other things, vbulletin & phpbb forums, blogspot, twitter, etc. and none are working.. but when I try with rapidshare, megaupload, etc. it works.. :/

    Thanks for the help guys, it's appreciated.
    You could also try using Wireshark or tcpdump instead of Ettercap.
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  7. #7
    Member imported_vvpalin's Avatar
    Join Date
    Apr 2009
    Posts
    442

    Default

    Its ssl thats why its not working, how are you planning on sniffing encrypted traffic ??

    I probably shouldn't say it as i hate to be a spoonfeeder, but just google yourself sslstripm and yes it works nicely with ettercap.
    Using backtrack for the first time is like being 10 years old again with the keys to a Ferrari.

  8. #8

    Default

    Quote Originally Posted by OldGregg View Post
    I mean the MSN website, hotmail and whatnot, it's not just that though, I tested it with other things, vbulletin & phpbb forums, blogspot, twitter, etc. and none are working.. but when I try with rapidshare, megaupload, etc. it works.. :/

    Thanks for the help guys, it's appreciated.
    I posted a link, on how to make a filter - apply a bit of known-age and you can apply it to other sites!

    and with SSLStrip - I posted a video on how to use it!
    ~ Have you, g0tmi1k? ~
    :rolleyes: <(^^,)> :p d[-_^]b (= =D-->--< :eek:

  9. #9
    Just burned his ISO
    Join Date
    Apr 2008
    Posts
    6

    Default

    Quote Originally Posted by g0tmi1k View Post
    I posted a link, on how to make a filter - apply a bit of known-age and you can apply it to other sites!

    and with SSLStrip - I posted a video on how to use it!
    Thanks for all the help mate, I have heard of SSLStrip and was checking it out the other day.

    Anyway I'll take a look at making a filter, thanks again for the help.

    ~Old Gregg

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •