Help needed: Ettercap MITM not working

[xdobermanx]

Please help!

I am ussing a Lynksis WRT54G router, Alfa AWUS036H and the Backtrack 4 R2 live cd. I don't untherstand why it is not working fom me. I have tested this exactly like many tut that I have watched.

* First when starting I use the "start-network"
* Connect with Wicd network manager to my network
* Open command screen and: echo "1" > /proc/sys/net/ipv4/ip_forward (have also tried, without this option)
* Open Ettercap-ng 0.7.3
* Sniff -> I choose my adapter (also tried it with my built in laptop adapter)
* Hosts -> Scan for hosts
* I put 192.168.1.1 in target 1 and 192.168.1.2 in to target 2
* Arp poisonin have tried without this and after that only one of the two options and then both.
* Then start Sniffing

It remains on "Starting Unified Sniffing..."

The target on my net work is my other laptop running Vista. I login on my hotmail, gmail, facebook accounts but nothing happens on Ettercap.
I then check the plugins chk_poison and it tells me that the poisoning was successful. Than check the plugin remote_browser and I can see all the website visited on my other laptop but still no username and password combination.

I have been bssy with this for days now. What am I missing?

[sickness]

Have you edited the etter.conf file ?
Also have you tried using arpspoof + sslstrip ? without ettercap ?

[s33king]

* I put 192.168.1.1 in target 1 and 192.168.1.2 in to target 2

Maybe a silly question, are you sure that one of these two target is the router?

[drgr33n]

The reason you cannot see the passwords is because the passwords are being entered via a secured SSL page. I've not been into the auditing scene for a while so don;t know what tools are available at the present time but if I can remember correctly the way around this is a plugin for ettercap that sends the client a spoofed SSL cert that you know the key to. Then you can decrypt the SSL encrypted packets with ease. On the downside most browsers for a while now check the SSL certs of websites and flag errors when things don't add up. A bit of google fu is what the doctor's going to prescribe here I'm 99% sure you will find what your looking for here try looking in the archived posts from the old forum for more info.

[2901119]

from what you've posted it looks like you're not really specifying any options for ettercap. When I do this I typically type

Code:

ettercap -i <your interface> -TqM ARP:REMOTE // //

this syntax would tell ettercap to perform a man in the middle attack and arp cache poison all hosts.

as sickness said you need to first look into editing your etter.conf file.

as sickness also stated you should look into arpspoof and sslstrip. I personally prefer it over ettercap as arpspoof doesn't display an untrusted certificate message.

[xdobermanx]

Thank you for your help. I will start with checking out the arpspoof + sslstrip. I have seen that on this forum.
This is new for me so I hoop I will find a tut how to work with that. I happy to find out that there are more ways to do this