Results 1 to 7 of 7

Thread: Ettercap not detecting hosts

Hybrid View

  1. #1
    Junior Member
    Join Date
    Aug 2009
    Posts
    27

    Default Ettercap not detecting hosts

    I'm having trouble with ettercap, when it scans for hosts it detects the router but not me (connected via wifi) so I can't arp poison, does anyone know what to do here?

  2. #2
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    Is your wi-fi connected machine actually on the same subnet?
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  3. #3
    Junior Member
    Join Date
    Aug 2009
    Posts
    27

    Default Yes

    Yes they are on the same subnet, if I run via terminal with:
    sudo ettercap -T --iface ra0 -q -M arp:remote /192.168.0.1/ // ***(192.168.0.1 is router)

    then it will scan and add the router to the hosts list, and not detect my IP (192.168.0.3) but I have noticed if I use links (terminal browser) and log in to the router I get this:

    HTTP : 192.168.0.1:80 -> USER: <MYUSER> PASS: <MYPASS> INFO: (null)

    I don't get any output if I try SSl logins and I don't get any output whatsoever from firefox

  4. #4
    Junior Member
    Join Date
    May 2009
    Posts
    61

    Default

    Ettercap doesnt show your ip but if you arp poisning all hosts on subnet you can also see your surfing.

    And if you new to ettercap why dont you try ettercap with graphic this will be much easier if you new to this program.

    I prefer ettercap options from terminal if i must combine program with other tools so i dont need to have many open windows.

    Also for ssl you must uncomment lines in etter.conf and combine attack with sslstrip (nice little tool).

    Look here nice video from g0tmi1k's about attack to sniff ssl connections: http://forums.remote-exploit.org/bac...slstrip-3.html .

  5. #5
    Junior Member
    Join Date
    Aug 2009
    Posts
    27

    Default

    Quote Originally Posted by Handsome-geek View Post
    Ettercap doesnt show your ip but if you arp poisning all hosts on subnet you can also see your surfing.
    I thought this may have been the case thats why I poisoned all

    Quote Originally Posted by Handsome-geek View Post
    I prefer ettercap options from terminal if i must combine program with other tools so i dont need to have many open windows.
    Same here...


    Quote Originally Posted by Handsome-geek View Post
    Also for ssl you must uncomment lines in etter.conf and combine attack with sslstrip (nice little tool).

    Look here nice video from g0tmi1k's about attack to sniff ssl connections:
    I have already set up etter.conf and am combining with sslstrip, the parts I have changed in etter.conf are:

    ec_uid = 0
    ec_gid = 0

    # if you use iptables:
    redir_command_on = "iptables -t nat -A PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"
    redir_command_off = "iptables -t nat -D PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"


    arpspoof redirects traffic to my MAC but only if I do not specify myself as the target. If I do I get "arpspoof: couldn't arp for host 192.168.0.3"

    This is the iptables command I am running;

    iiptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 10000

    I run sslstrip

    I get NOTHING. Totally stumped

  6. #6
    Junior Member
    Join Date
    May 2009
    Posts
    61

    Default

    Insert this before prerouting iptables and tell me results echo 1 > /proc/sys/net/ipv4/ip_forward.

    And when you arp spoof, then 1 target is ip you are attacking and second target your gateaway try this attack with specified targets.

    Arp spoofing all hosts on gateaway is good if you have 4 or more hosts on network try first with specefied target.

    Tell results after you try. After you set ip forwading and prerouting then start sslstrip.

    If page you are visiting on vicitim machine has http and is login page who normally has https then your attack is doing fine.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •