Page 2 of 5 FirstFirst 1234 ... LastLast
Results 11 to 20 of 45

Thread: Script for sniffing passwords and data on lan/wlan using ettercap, sslstrip, urlsnarf

  1. #11
    Just burned his ISO
    Join Date
    May 2010
    Posts
    2

    Default

    sorry man, the script work in part because when i quit script etterlog didn't show the passwords but only this:

    etterlog NG-0.7.3 copyright 2001-2004 ALoR & NaGA

    Log file version : NG-0.7.3
    Timestamp : Sat May 15 12:28:57 2010
    Type : LOG_INFO

    but in .log and .txt i see the details of accounts with related passwords. How i can solve this problem? thanks in advance.

    hi man, i have a little problem with the script. It work in part i'll explain better: in last part when i stop the script with q i have a problem with etterlog. It didn't show the password but only this:

    etterlog NG-0.7.3 copyright 2001-2004 ALoR & NaGA

    Log file version : NG-0.7.3
    Timestamp : Sat May 15 12:28:57 2010
    Type : LOG_INFO

    But in .log and .txt files i can read accounts with passwords related so i suppose that the problem is on etterlog. How i can solve this problem? thanks in advance.
    Last edited by balding_parrot; 05-17-2010 at 12:46 AM.

  2. #12
    Just burned his ISO
    Join Date
    Apr 2010
    Posts
    7

    Default Re: Script for sniffing passwords and data on lan/wlan using ettercap, sslstrip, urls

    Hi. I wanna point out:
    1. tcpxtract -f /root/$SESSION/$SESSION.pcap -d wlan0 (interface (to download images and stuff we have in .pcap) is missing in your script)
    2. after tcpxtract actually "exracted" images and html from the .pcap file, there were many duplicates. I googled a program to kill dupes, and found FSlint - Duplicate file finder for linux. It¨s available from default bt4 repos. Then run fslint-gui and find all dupes, merge. Done.
    Hints (=
    apt-get install tcpxtract
    apt-get install fslint
    Any other "kill dupes" tool suggestions to be used in the script?

  3. #13
    Just burned his ISO
    Join Date
    Apr 2010
    Posts
    6

    Default Re: Script for sniffing passwords and data on lan/wlan using ettercap, sslstrip, urls

    Quote Originally Posted by escucho View Post
    sorry man, the script work in part because when i quit script etterlog didn't show the passwords but only this:

    etterlog NG-0.7.3 copyright 2001-2004 ALoR & NaGA

    Log file version : NG-0.7.3
    Timestamp : Sat May 15 12:28:57 2010
    Type : LOG_INFO

    but in .log and .txt i see the details of accounts with related passwords. How i can solve this problem? thanks in advance.

    hi man, i have a little problem with the script. It work in part i'll explain better: in last part when i stop the script with q i have a problem with etterlog. It didn't show the password but only this:

    etterlog NG-0.7.3 copyright 2001-2004 ALoR & NaGA

    Log file version : NG-0.7.3
    Timestamp : Sat May 15 12:28:57 2010
    Type : LOG_INFO

    But in .log and .txt files i can read accounts with passwords related so i suppose that the problem is on etterlog. How i can solve this problem? thanks in advance.

    As far as i know, that is because etterlog doesn't recognize those passwords as passwords. You follow me? I have no idea how you can fix that.

    Teddy

  4. #14
    Just burned his ISO
    Join Date
    May 2010
    Posts
    2

    Default Re: Script for sniffing passwords and data on lan/wlan using ettercap, sslstrip, urls

    i understand, so etterlog's line is useless?

  5. #15
    Just burned his ISO
    Join Date
    Apr 2010
    Posts
    6

    Default Re: Script for sniffing passwords and data on lan/wlan using ettercap, sslstrip, urls

    No its not useless. Only in your particular case.
    Maybe in another session you'll get usernames/passwords which are recognized by etterlog. You follow? Try to test this on your own network. Run the script and arpspoof your test computer and go to ie. gmail.com. Enter username and password. Those should be in clear text and recognized by etterlog. The same applies for facebook and hotmail.
    Be sure that you got sslstrip working properly. You can test that by looking at your target computers urlline while visiting gmail.com: it should show http://gmail.com and NOT https://gmail.com

  6. #16
    Very good friend of the forum killadaninja's Avatar
    Join Date
    Oct 2007
    Location
    London, United Kingdom.
    Posts
    526

    Default Re: Script for sniffing passwords and data on lan/wlan using ettercap, sslstrip, urls

    Hi tedbear I am in no way trying to jack your thread, but my script over here, should filter https and non https credientals
    Last edited by killadaninja; 11-20-2010 at 07:10 AM.
    Sometimes I try to fit a 16-character string into an 8–byte space, on purpose.

  7. #17
    Just burned his ISO
    Join Date
    Jun 2010
    Posts
    1

    Default Re: Script for sniffing passwords and data on lan/wlan using ettercap, sslstrip, urls

    Quote Originally Posted by PipeDevil View Post
    Thanks for nice script!

    But how should i use sslstrip with a proxy server?
    i agree with this. i've follow the tuts, but all i got just the proxy authentification prompt (user and password proxy prompt unencrypted). I cannot see the other user/pass such as facebook,gmail etc, even not with https

    thx 4 caring, sorry for my english, that was lack..

  8. #18
    Just burned his ISO
    Join Date
    Jun 2010
    Posts
    3

    Default Re: Script for sniffing passwords and data on lan/wlan using ettercap, sslstrip, urls

    would sites with Extend Validation (EV) give a warning screen about a MITM attack in Firefox?

  9. #19
    Just burned his ISO
    Join Date
    Jul 2010
    Location
    Elsewhere
    Posts
    13

    Default Re: Script for sniffing passwords and data on lan/wlan using ettercap, sslstrip, urls

    This may well be me being silly, but I have followed these instructions to the letter - but opening my anything.sh script just opens Wireshark? No questions etc. Could the OP post the script as an attachment?

  10. #20
    Member
    Join Date
    Aug 2009
    Posts
    54

    Default Re: Script for sniffing passwords and data on lan/wlan using ettercap, sslstrip, urls

    Yeah, same prob..the script can open just wireshark to me...any ideas? BT4R1 ofc

Page 2 of 5 FirstFirst 1234 ... LastLast

Similar Threads

  1. cannot driftnet, ettercap, or urlsnarf!
    By xplainet in forum OLD BackTrack 4 General Support
    Replies: 1
    Last Post: 03-29-2010, 08:45 AM
  2. sniffing passwords and hashes from a wireless network
    By kalgecin in forum OLD Wireless
    Replies: 10
    Last Post: 02-14-2010, 04:24 AM
  3. Replies: 8
    Last Post: 11-26-2009, 08:09 AM
  4. Sniffing domain passwords?
    By ESC201 in forum OLD Specialist Topics
    Replies: 6
    Last Post: 01-30-2008, 01:32 AM
  5. ettercap - sniffing works, but I can't see passwords
    By Trick17 in forum OLD BackTrack v2.0 Final
    Replies: 6
    Last Post: 08-29-2007, 09:09 AM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •