Page 1 of 8 123 ... LastLast
Results 1 to 10 of 248

Thread: Sniffing Tutorial:

Hybrid View

  1. #1
    Just burned his ISO
    Join Date
    Feb 2006
    Posts
    15

    Default Sniffing Tutorial:

    Simple Sniffing Tutorial

    Tools:

    Ettercap
    nano

    1. For SSL Dissection support (hotmail,gmail), you need to do this:
    Open a shell, type: "nano /usr/local/etc/etter.conf", use the down arrow until you reach "redir_command_on/off", look at the linux part, your gonna need to uncomment:
    Code:
    # if you use iptables:
    #redir_command_on = "iptables -t nat -A PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"
    #redir_command_off = "iptables -t nat -D PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"
    to:

    Code:
    # if you use iptables:
    redir_command_on = "iptables -t nat -A PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"
    redir_command_off = "iptables -t nat -D PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"
    after your done, press F2, Y, Return.

    Now boot Ettercap: Menu --> Backtrack --> Spoofing --> Ettercap
    Go to: Sniff --> Unified Sniffing -->ethX(what interface you want to sniff).
    Then Press: Ctrl+S to scan hosts.
    Then Go to: Mitm --> ARP poisoning, select sniff remote connections, and press ok.
    Then Go to: Start --> Start Sniffing.

    For an Example, Walk to another pc, go to your internet email account (Hotmail, Gmail), and log in, you will be asked to trust the certificate, Trust it, and watch your sniffing computer, the username and password should appear.

    When your done, go to Start --> Stop Sniffing, And go to Mitm --> Stop mitm attack(s)

    Yeehaw

  2. #2
    Just burned his ISO
    Join Date
    Jan 2006
    Posts
    2

    Default

    Thanks for the nice tutorial!

    I have another question to webmitm. I once was reading in the old forum that there is a other tool which fills the certificate automatically !?

  3. #3
    Junior Member
    Join Date
    Jan 2010
    Posts
    42

    Exclamation

    your gonna need to uncomment: # if you use iptables:
    Can you please explain this part. I found
    Code:
    # if you use iptables:
    #redir_command_on = "iptables -t nat -A PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"
    #redir_command_off = "iptables -t nat -D PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"
    but what do you mean "uncomment"? Sorry for the n00b question... Just need a little more explanation on what to do here???

    Thx

  4. #4
    Member
    Join Date
    Jan 2006
    Posts
    66

    Default

    Remove the hash marks ( # ) at the beginning of the two lines following "# if you use iptables:".

  5. #5
    Junior Member
    Join Date
    Jan 2010
    Posts
    42

    Default

    Quote Originally Posted by hobbes
    Remove the hash marks ( # ) at the beginning of the two lines following "# if you use iptables:".
    Worked and thanks... But I noticed the certificate keeps popping up and I was never able to log into hotmail using both ie & ff... Is there a fix or work around for this? Plus if you click "view cetificate" it says "This certificate cannot be verified up to a trusted certification authority.". How can I make the certificate look like its a trusted source?

  6. #6
    Just burned his ISO
    Join Date
    Feb 2006
    Posts
    15

    Default

    Quote Originally Posted by FreshFish
    Worked and thanks... But I noticed the certificate keeps popping up and I was never able to log into hotmail using both ie & ff... Is there a fix or work around for this? Plus if you click "view cetificate" it says "This certificate cannot be verified up to a trusted certification authority.". How can I make the certificate look like its a trusted source?
    you can't, you need to press yes multiple times...

    Yeehaw

  7. #7
    Just burned his ISO
    Join Date
    Dec 2007
    Posts
    8

    Default

    Thanks! Worked great. This is pretty scary stuff... sure as hell makes a point that NOONE should be using WEP!!!

    FYI, I found something interesting. When I was logging into ebay with my account, ebay actually prompted me stating that "there is a slight chance" somebody is using a fake certificate. Pretty interesting. I wonder what they do to anticipate the fake certificate.

    I was pleasantly surprised to also find that my bank didn't give up my info. The SSL fake cert. came up, but nothing was reported. I'm wondering if it had to do with the three-step login process. It requests more then just a password on the first page.

    Anyone else have any interesting stories they found?

    Are there are other tuts on how to use ettercap for other functions? Is it possible to just watch general web traffic? To list the address that you visit?

    I'm off to try testing how this works when I log in using my company VPN on my work laptop. I'm assuming it would only return an encrypted hash correct? At least I hope so.

  8. #8
    Junior Member
    Join Date
    Dec 2007
    Posts
    30

    Default

    Quote Originally Posted by skindeep View Post
    Thanks! Worked great. This is pretty scary stuff... sure as hell makes a point that NOONE should be using WEP!!!

    FYI, I found something interesting. When I was logging into ebay with my account, ebay actually prompted me stating that "there is a slight chance" somebody is using a fake certificate. Pretty interesting. I wonder what they do to anticipate the fake certificate.

    I was pleasantly surprised to also find that my bank didn't give up my info. The SSL fake cert. came up, but nothing was reported. I'm wondering if it had to do with the three-step login process. It requests more then just a password on the first page.

    Anyone else have any interesting stories they found?

    Are there are other tuts on how to use ettercap for other functions? Is it possible to just watch general web traffic? To list the address that you visit?

    I'm off to try testing how this works when I log in using my company VPN on my work laptop. I'm assuming it would only return an encrypted hash correct? At least I hope so.
    yea there is, i think its under plugins or extensions, i forget.

  9. #9
    Just burned his ISO
    Join Date
    Jan 2010
    Posts
    7

    Default

    Sorry for bad english!

    I have a little problem... my ettercap works fine with my gmail or hotmail account, but when i try to log in on any forum (local forum in my network) i get only

    "HTTP:xxx.xxx.xxx.xxx ->USER: usernema PASS: INFO: link of forum"
    Pass field is empty, but i get my username and that is on every forum i try to log in.

    Can someone plz help!

    THX!

  10. #10

    Default

    Hey guys, I tried this out on BT3 Beta, and noticed that this doesn't work. I followed this to the very step, and looked up a number of different tutorials on the net (all the same though). Is there anything I have to do differently in BT3 Beta? Or is it just due to the new version of ettercap, and in which case, do I have to use the old one? Thanks guys, if there is any newer tuts, could you point me to them? Thanks.

    -Stephen

Page 1 of 8 123 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •