Ettercap not showing up http and https data at all

[michelinok]

Hi, i hope to write this post in the correct way...

The problem i've encoured is that ettercap won't show anything about http and https data (tryed facebook,gmail and normal http).

The version i'm using is 32 bit gnome installed on hdd with all the updates.

i've tryed the exact tests with bt4 r2 and it works perfectly.

A simple login to an http page with bt4 r2 live (and install) works, bt5 gnome install and live doesn't work (of course, the installed one is fully updated).

For the rest ettercap shows pop3 ,dhcp data,and so on.

I've done some research over internet, but i'm not so expert to find a patch (and my english,as you can read,is not very good!).

I "hope" someone is the same situation (if so,it's not only a problem of mine).


Sorry for my english, is more infos are needed,please, let me know.

Thanks

Michelinok!

[Modify]

Yeah same issues. I've been trying to get help but there seems to be no support. sticking to bt4 for a while. hardly any bugs. dissapointed a bit tbh.

[shadowzero]

Have you tried updating? ettercap on my end captures HTTP logins without any problems.

[M1x3iZ]

I do have many issues with ettercap on BT5...in both 32 but mainly in 64 bits. In 32bits, it was mainly having issues with some network cards working and some others not. This makes no sense to me but it is the case!

[michelinok]

I've already updated, but the problem that it "hang while scanning for hosts" still remain, so i've installed the precompiled ettercap packages (as suggested in another thread) and it doesn't hang anymore while scanning, but the problem of "http logins" it's still there.
Same hardware, but with bt4 r2 works ok!, so i think it's something "hidden" in the bt5 rel that doesn't work for someone (maybe something related to drivers?).

Any suggestions now?

PS: again,sorry for my english!

[michelinok]

One minor update...
Tryed on a laptop with wifi (broadcom), same issue: with bt4r2 it's ok, with bt5 fully updated it's k.o. (k.o.: doesn't show http credentials,pop3 dhcp and others are shown)

[maverik35]

Make sure you dropped privs to a admin user like your id, in my case is e_uid=1000, just type "id" and you will get your user id in hex, uncomment redir comand on-off in "iptable lines" in etter.conf, please do it in the same order as I post them
1.Open a Terminal:
iptables -t nat --flush (To flush any Added rules to the nat table's PREROUTING chain)
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000
sslstrip -p -f (only logging https and uses the Favicon)
2. Open another terminal:
ettercap -Tqi "your iface" -M arp:remote // /Gateway or router ip/ -P autoadd
3. See the results..

I'm using a Ubuntu jaunty with many of the programs in BT5, excluding aircrack (due to my wifi card), and they run like a charm, and using a Intel mini pci 3915 (an oldie) with Dell 9200 (oldie with 17 inch display and intel centrino single core)...
In BT5 I'd wait a little longer, it is not workin 100% yet, so use it to test it. Try to work things out, but do not blow your head and mind trying to get it to work. Use BT4 or any Linux Distro modded with most of BT5 programs.
Many people insist in using BT5 I belive because of the looks, maybe some others because of the bugs fixed in earlier versions of the programs contained in BT5, new versions of tools like nmap, nessus, new additions like SET tool, etc. I have my Jaunty with the newest versions of nmap, ettercap, msnshadow, iptables, nessus, metasploit framework console, SET toolkit, Apache, etc. and every time a new version comes out (released), I install it (obiously I remove the old one first)..
And they work just incredible...My suggestion is to stick to stable. If you like the looks, just install Ubuntu 11.04 and install all ettercap, nessus, etc...
To get http or https, it really does not matter the looks, or just a simple mouse click...You can even work any distro including BT in text mode, guys.
This is my personal point of view..Keep working in BT5 and post problems, try to get possible solutions and share them, post it, try to debug BT5, but if you want to work with it, you know is a beta phase, is not 100% stable, keep that in mind.

Best of locks.

[michelinok]

Thanks maverik, i've already modified etter.conf with the appropriate id (in my case it's 0 maybe because i'm root? dunno...should investigate), and yes, i've performed the suggested steps in your order but the problem is still there...
Maybe I'll try with ubuntu, installing ettercap and sslstrip and see what happen.
Do you think it coule be a driver problem/patch? there's no other reason...(same hw with bt4r2 works! same steps! same urls!).

[michelinok]

just tryed on latest ubuntu and works...

[maverik35]

Good...I'm using jaunty and all ettercap, sslstrip, apache, nmap, mfsconsole, etc works just fine...
Now as you can see, there must be an issue with some programs like ettercap, sslstrip and more..So we have to address all problems and try to give the feedback so people knows about it and try to fix bugs...If someone have a solution then will be posted, if not the staff will fix it...But it is important to keep using bt5 to see the bugs...
Best of luck.