Results 1 to 7 of 7

Thread: Dns_spoof working in ettercap; But not able to sniff.

  1. #1
    Just burned his ISO
    Join Date
    May 2011
    Posts
    3

    Default Dns_spoof working in ettercap; But not able to sniff.

    Have been reading this forum for a long time, but first post here.

    I got a problem with ettercap. I think I have done everything correctly but am unable to sniff credentials entered in my localhost local login page. The steps are as follows:

    1. Saved a login page. (its not HTTPS.) and put it in my localhost

    2. Connected an AP to the machine. IP of AP is 10.10.2.1 and IP of machine is 10.10.2.100

    3. started apache

    4. Started ettercap in same machine as well as in another machine too (not at the same time) enabling dns_spoof and autoadd plugin. Command was
    ettercap -T -q -M ARP:remote // // -i eth0 (wlan1 if in another machine) -P dns_spoof
    I have everything setup in ettercap, uid,guid to 0, uncommented iptables, dns_spoof to my machine ip.

    5. dns_spoof works well, it redirects anyone who is connected to my localhost with login page. but when I enter user name and password in the login page and hit enter/submit.. ettercap is unable to sniff anything. I have tried using ettercap with iptables and sslstrip too.

    So, please point out if anything i did was wrong, or help me to get it work.
    Also, the same login page works fine with airbase-ng.
    Thanks in advance.

  2. #2
    Very good friend of the forum maverik35's Avatar
    Join Date
    Sep 2009
    Location
    Debian land
    Posts
    734

    Default Re: Dns_spoof working in ettercap; But not able to sniff.

    It looks like everything is fine to me..As long as ettercap for sniffing and forwarding is concerned; looks ok...The plugin also as it should be...
    Try the -l parameter with ettercap, it save all trafic in a file, example: ettercap -T -q -l my_data -M ARP:remote // // -i eth0 (wlan1 if in another machine) -P dns_spoof
    This way you will save all credentials traffic in a file named my_data.eci
    If you use the-L parameter, you will create 2 files: my_data.eci and my_data.ecp..The eci file has the credentials..Just read it with etterlog: etterlog my_data.eci
    You must install the etterlog (aptitude install etterlog)..
    I assume you are using BT5, you can try this in BT4 final..BT5 is not that stable...Another thing, put the uid and guid back to 65534 and try using one target and the GW..See what happens...
    Try it and keep posting..
    Best of lucks...
    Last edited by maverik35; 05-27-2011 at 02:58 PM.

  3. #3
    Just burned his ISO
    Join Date
    May 2011
    Posts
    3

    Default Re: Dns_spoof working in ettercap; But not able to sniff.

    Thanks for you reply maverick.
    I did as you said, but it didnt work. But i solved it, i didnt use the "ARP:remote" option, and it worked. I wonder why....
    Now, I got another problem, dns_spoof works fine sometimes but sometimes it doesnt work. i guess this dns_spoof does the same thing as dnsspoof from dsniff. Both dns spoofing tools behave in the same way, sometimes they redirect and sometimes they dont. I would be more than happy to know why is it behaving like that, what are the "terms and conditions" for dns spoofing?
    Also, has anyone had this problem?

    Thanks.

  4. #4
    Just burned his ISO
    Join Date
    Jul 2011
    Posts
    3

    Red face How to Sniff password n username from Gateway login webpage !!!

    hi, i'm a new guy to learn how to use Ettercap.

    I want to capture or sniff my gateway password and username within that login webpage.
    Any one can help me or point me out to some where to get this info.??
    I have Alfa awus036H adapter card and using VMware for learning this matter.
    Thanks alot ....first...

  5. #5
    Very good friend of the forum maverik35's Avatar
    Join Date
    Sep 2009
    Location
    Debian land
    Posts
    734

    Default Re: How to Sniff password n username from Gateway login webpage !!!

    I do not understand well your question, could you be more specific?...
    Using your computer, you want to sniff the user and paswword of the gateway in the same computer?..Using the web browser and accesing gateway and at the same time sniffing with the same computer?..
    If so, just arp poisson yourself (ip) and gateway -------> ettercap -Tqi "iface" -M arp:remote /your ip/ /GW/
    ..Or use the VM and do it that way, with your comp and the virtual (VM)..

    Hope this helps.

  6. #6
    Just burned his ISO
    Join Date
    Jul 2011
    Posts
    3

    Question Re: Dns_spoof working in ettercap; But not able to sniff.

    Quote Originally Posted by snowleopard View Post
    hi, i'm a new guy to learn how to use Ettercap.

    I want to capture or sniff my gateway password and username within that login webpage.
    Any one can help me or point me out to some where to get this info.??
    I have Alfa awus036H adapter card and using VMware for learning this matter.
    Thanks alot ....first...

    Hi, Thanks for pay attention my Questions.

    Im using :- 1) backtrack 4 R2
    2)Using WinXp as based Os, and using VMware open 2 more OS (a)winxp & (b)backtrack4 r2
    3) The (a) & (b) vmware_based OS , using bringing network method to access internet.
    Now i already to poison (a) & gateway(192.168.1.1) ,(b) is the in the middle attack.

    So,when i try to use (a) to login the wifi_modem login webpage and key in the username and password then successful login.
    BUt,problem was my ettercap not showing what im key in from that wifi_modem login page!!!

    So..can you point me out what wrong...

  7. #7
    Administrator sickness's Avatar
    Join Date
    Jan 2010
    Location
    Behind the screen.
    Posts
    2,921

    Default Re: Dns_spoof working in ettercap; But not able to sniff.

    Backtrack 4 is no longer supported, download the latest Backtrack 5 R1.
    Back|track giving machine guns to monkeys since 2007 !

    Do not read the Wiki, most your questions will not be answered there !
    Do not take a look at the: Forum Rules !

Similar Threads

  1. Ettercap dns_spoof... strange no effect
    By aeronavi in forum Beginners Forum
    Replies: 0
    Last Post: 11-03-2010, 11:45 PM
  2. ettercap - LAN Sniff
    By Gimmy in forum Beginners Forum
    Replies: 3
    Last Post: 10-20-2010, 01:50 PM
  3. Ettercap can't sniff
    By giomax in forum Beginners Forum
    Replies: 1
    Last Post: 06-15-2010, 11:29 PM
  4. ettercap & dns_spoof
    By falco81 in forum Supporto Software
    Replies: 0
    Last Post: 05-11-2010, 09:30 PM
  5. ettercap dns_spoof
    By tigershark in forum OLD Newbie Area
    Replies: 12
    Last Post: 08-01-2009, 08:10 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •