thx man the video was good.
I've tried this over a wired ethernet connection to the network. The target machines web browsing experience was only slightly slower than normal - not slow enough to alarm the user.
I managed to sniff my Paypal password and Windows Live Mail (via web), also login details for an unsecure site. I was able to sniff Gmail also, but I couldn't get to the mailbox, when logging in it just took me to the login screen again. I assume this is because Gmail does a check to ensure we're using SSL, like the other poster said in this thread.
With the iptables command in the tutorial, it will only route web browsing traffic through the man in the middle, any other port is not routed. For example, Windows Live Messenger, Yahoo Messenger will not connect - which is likely to alarm the user and prompt him to investigate.
Surely there must be a way to tell iptables to route all ports through the man in the middle, in order to create a more seamless attack. Anyone know what the command would be?
Well done and thanks to g0tmi1k for bringing this vulnerability to light.
thx man the video was good.
Actually i am also having sm similar trouble, My sslstrip says-- error 501 message unsupported method ('CONNECT)
I am using port 3128 instead of 80 as my HHTP proxy is runnig for same.
Victim -192.168.65.12
GW-192.168.65.254
Proxy server (HTTP) 192.168.1.32:3128
And when i implement the same the Victim's net connectivity is blocked- works as a DoS for him. How do I rectify the error/problem here(which maybe authorization for LDAP pass ) cos my internal proxy server 192.168.1.32 is blocking it.
Helppppp
Hmm, when i run the iptable command i get
Bad argument `PREROUTING
I have edit the /etc/etter.conf already
Unsuccessful ARP Spoofing
I've been playing with this for the better part of 3 hours now and can't seem to find a solution to my problem anywhere. First, a little background:
Attacker Machine: Backtrack 4 Final (VM Workstation) 192.168.1.105 eth0
Victim Machine: Ubuntu 64 9.10 (VM Workstation) 192.168.1.110
Base Machine Running VM's: Windows 7 192.168.1.107
Router: Linksys WRT54G2 192.168.1.1
I've followed each step in the video one by one and done everything exactly as it was demonstrated.
I uncommented /etc/etter.conf at the iptables section and saved it, then I ran theNext, I ranCode:echo 1 > /proc/sys/net/ipv4/ip_forwardand arpspoof started doing its thing. I opened up another konsole and ranCode:arpspoof -i eth0 -t 192.168.1.110 192.168.1.1
next I started ettercapCode:iptables -t nat -A PREROUTING -p tcp --desination-port 80 -j REDIRECT --to-ports 10000
and everything looked to be running just fine.Code:ettercap -T -q -i eth0
Switching over to the Ubuntu box, it gives me an 'Unable to Connect' error in Firefox (whereas previously it worked just fine). When I runon the Ubuntu box it shows that the default gateway is pointing to the BT4's mac address.Code:arp
If I kill all the processes (ettercap text mode and arpspoof) and attempt to run ettercap in GUI mode (using the built-in ARP Spoofing) it no longer successfully spoofs. If I reboot the boxes from scratch and run nothing but the ettercap GUI, however, it spoofs successfully and the Internet seems to be working normally. Ettercap then is able to pick up ftp passwords, but cannot pick up anything in ssl.
One other thing to note: While running arpspoof and Ettercap as demonstrated in the tutorial, I happened to log into my router (192.168.1.1) from my base PC (192.168.1.107) to see what the model number was. Ettercap managed to successfully capture the username and password of my router.
Any help would be much appreciated as I've been racking my brain over this for hours and almost spent an equal amount of time trying to put this problem into words.
If you runOriginally Posted by RusH487
does it display 1?Code:cat 1 > /proc/sys/net/ipv4/ip_forward
Does it work if you do just arpspoof?
Have you tired doing
Have you tired running sslstrip?Code:arpspoof -i eth0 -t 192.168.1.110 192.168.1.1 arpspoof -i eth0 -t 192.168.1.1 192.168.1.110
Can you ping anything? (either google, the router, another node etc)?
What if you only did ettercap?
Hopefully something will work (=Code:ettercap -T -q -i eth0 -M ARP /192.168.1.1/ /192.168.1.110/
~ Have you, g0tmi1k? ~
:rolleyes: <(^^,)> :p d[-_^]b (= =D-->--< :eek:
when runningit displays cat: 1:no such file or directorycat 1 > /proc/sys/net/ipv4/ip_forward
will i figure it out
i should remove the ">"
thanxx for that great tut by the way
very nice
Sorry it took me so long to get back to you, I just moved into a new house and only got the network set up yesterday so I couldn't run any tests.
Thanks for the detailed response, here's what I've got so far...
displays the same thing that thearcher got, "cat: 1: no such file or directory"Code:cat 1 > /proc/sys/net/ipv4/ip_forward
I ran
(two separate konsoles, one arpspoof in each) followed by the same iptables and ettercap commands that previously followed itCode:arpspoof -i eth0 -t 192.168.1.110 192.168.1.1 arpspoof -i eth0 -t 192.168.1.1 192.168.1.110
...but it still gave me the 'unable to connect' error when attempting to view Google on the Ubuntu (victim) box. I am, however, able to ping the "router" successfully from the Ubuntu box while arpspoof is running.
Since this was unsuccessful, I killed the arpspoof and ettercap processes and tried to run ettercap by itself as you suggested
Again, 'unable to connect'.Code:ettercap -T -q -i eth0 -M ARP /192.168.1.1/ /192.168.1.110/
So I figured I'd try again from a fresh reboot on both attacker (BT4) and victim (Ubuntu) boxes. This time I started with just ettercap using the above command. It worked flawlessly, picking up my gmail login credentials (once I told it to trust the untrusted certificate).
Now, to get rid of the untrusted certificate message, I quit ettercap, and in two separate konsoles, ran
Unfortunately, while this still managed to successfully run the ARP spoof and capture the login info, it did not get rid of the 'untrusted' certificate message. So I figured I'd kill sslstrip and ettercap and go back and try running the iptables commandCode:sslstrip -a -k -f ettercap -T -q -i eth0 -M ARP /192.168.1.1/ /192.168.1.110/
I then fired up sslstrip followed by ettercap again and this seemed to get rid of the 'untrusted certificate' message. However, it took me 3 tries to log into gmail (it just kept kicking me back to the login screen until it finally let me in). When I finally managed to log in, the credentials were not picked up by ettercap. When I went to the PayPal website, ettercap again did not pick up any credentials but sslstrip showed me the long paypal URL that it had just found.Code:iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 10000
I figured this had something to do with the fact that I hadn't run the
command this time, so I killed ettercap and sslstrip, ran the echo 1... command, ran the iptables command again, started sslstrip and started ettercap... and now I'm back to getting the 'Unable to Connect' error in Firefox again.Code:echo 1 > /proc/sys/net/ipv4/ip_forward
...just when I think I'm getting somewhere I end up back where I started.
This needs to be
To sum up what your saying:Code:cat /proc/sys/net/ipv4/ip_forward
> Victim cant surf when you do arpspoof
> Victim can surf when you use ettercap
> sslstrip isnt working with ettercap
*I also had this problem - I dunno why, only work when I use arpspoof.*
Is your victim wired or wireless? (Dunno if it makes a different - just "putting it out there")
~ Have you, g0tmi1k? ~
:rolleyes: <(^^,)> :p d[-_^]b (= =D-->--< :eek:
Posting Permissions