Sniffing Tutorial:

[relaxis]

Start unified sniffing and select your interface
scan for hosts

Under plugins - use the plugin to isolate the IP of the gateway

in the host tab, assign the gateway ip to target 1

leaving target 2 blank will auto assign all ALREADY scanned hosts to be poisoned (not recommended for wifi - cards simply aren't fast enough to deal with more than a few hosts at a time) - or assign specific hosts for poisoning

select the arp poisoning attack and enable sniffing of remote connections

go to plugins and then activate the auto add host plugin by double clicking

hope this helps.

[relaxis]

I was told these attacks can be performed over the internet, not just LANs. Is there a tutorial somewhere on the forum for that?

You will need to know the ip address of the target's gateway and the target ip address. From outside a LAN this would be very difficult because remote ip addresses are often dynamic and not static (they change). Generally MITM attacks have to be done on local networks. Of course, if I'm wrong - i'm sure someone will correct me.

[tscott]

Great guide! Worked too well on my home network. :-/

[acebrazer]

You will need to know the ip address of the target's gateway and the target ip address.

So, as the thread's title suggests, you wanna say: A MITM-Attack with ettercap as described above will work, as long as i have a Gateway-Address like 217.230.xxx.xxx (the router's ip in WAN) and a the targets IP-Address like 192.168.xxx.xxx ???? which are easy to be derived from an email-header?
Again: You really think that works via WAN....

[BlownCPU]

Hi,

If I edit the etter.conf file on my Fedora PC I this error when I start up Ettercap.

Code:

iptables v1.4.1.1: can't initialize iptables table `nat': Permission denied (you must be root)

If I manually try and put in the line on the command prompt I get this:

Code:

[root@mylinux ~]# iptables -t nat -A PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport
iptables v1.4.1.1: invalid port/service `%port' specified
Try `iptables -h' or 'iptables --help' for more information.
[root@mylinux ~]#

What else can I use instead of "%port"? I thought iptables was universal in its command structure... doesn't seem to work or does "%" mean put a value there?

Can someone tell me where I#m going wrong please.

Cheers,

Blown CPU

[bobdamnit]

Excellent tutorial guys. I must say, this forum has been a pentester godsend!

I seem to be having troubles though. I'll start with my setup. I'm running Backtrack 3 in a virtual machine in VMware Fusion, in my own created virtual machine. Not the pre-made one remote-exploit provides.

I have a Belkin Wireless G 54Mbps F5D7234-4 v4 hooked up to a modem because I like wireless on my DSL line. The modem connects to a "modem" port on the Belkin wireless router, using the default 192.168.2.1 network configuration. There are 4 machines on the network setup like so:

192.168.2.1: Router
192.168.2.2: My MacBook Pro (With BCM4311 Airport card)
192.168.2.3: Windows XP
192.168.2.4: Windows XP
192.168.2.5: Backtrack 3 virtual machine

ALL are hooked up via wireless. There is no wired computer in my home.

Here are the issues I seem to be having:

1. When I go to uncomment the IPTABLES section of "etter.conf", I found that it is already uncommented. I'll assume this is OK.

2. I've enabled promiscuous mode on the VMware ethernet adaptor. I get a warning in OS X that something is trying to use promiscuous mode. I have to enter my root password in OS X. Again, fine. I had assumed something along these lines were going to happen. I can still surf on the host machine, and so can everyone else.

3. When using Ettercap to start ARP poisoning, it kills the whole entire network. Nobody can surf the web, and nobody gets the certificate errors. Everyone just dies and must disable/re-enable their wireless card in order to function properly. This includes the host machine.

I'm particularly worried about problem number 3. I can't for the life of me figure out why this is happening. When running Backtrack 3 from a live USB install, I run into the problem of not being able to connect to the wireless access point due to the bcm4311 module not having the capabilities to connect to an access point. (It works great for aircrack-ng though!) This is the only reason I am running in a virtual environment.

Can anyone give me some feedback? (I have enabled IP forwarding) Many thanks guys, and keep up the great work! (Also, yes, this is my home network.)

[mcurran]

If anyone is receiving the following error with ettercap - just edit etter.conf and set both privileges to 0 (root):

iptables v1.4.0: can't initialize iptables table `nat': Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.

[gwassef]

thanks for the tutoril