Page 1 of 10 123 ... LastLast
Results 1 to 10 of 97

Thread: SSLStrip & Ettercap not playing nicely together in BT5R1

  1. #1
    Senior Member
    Join Date
    Dec 2010
    Posts
    127

    Default SSLStrip & Ettercap not playing nicely together in BT5R1

    I recently upgrade to BT5R1 and ran my easy-creds script. Immediately, ettercap gave the old L3 error of not forwarding packets. My first thought was that Ettercap, being so old, was to blame. So I ran the command I had scripted by hand without issue, then I ran urlsnarf & dsniff, no issues.

    As soon as I added SSLStrip, the errors started flyign again like crazy. I stopped SSLStrip, they went away. I then fired it back up and went to my victim and attempted to browse to yahoo.com. Again, it was obvious that the packets were not forwarding.

    I can confirm I have checked all the "basics" involved in using ettercap & sslstrip. (easy-creds had no problems with BT5 or BT4R2)

    That being said, I am not sure if its a kernel issue or SSLStrip. I know that the only thing that has changed is the Kernel. That being said, purehate confirmed the IPTables are not something they mess with.

    Anyone have the same experience? Have any ideas?

    Best Regards
    JB

  2. #2
    Junior Member
    Join Date
    Jan 2010
    Posts
    29

    Default Re: SSLStrip & Ettercap not playing nicely together in BT5R1

    Hi, I experienced the same on my scripts, i figured out the solution for me was to reinstall booth. not sure this is the fix for you but its worth a try

  3. #3
    Senior Member
    Join Date
    Dec 2010
    Posts
    127

    Default Re: SSLStrip & Ettercap not playing nicely together in BT5R1

    Thanks for the suggestion...but no dice. It still give the old L3 Error.

    I did the following:

    apt-get purge ettercap
    apt-get purge sslstrip

    apt-get install ettercap
    apt-get install sslstrip

    Everything went just fine. Ran easy-creds...nothing but a flood of L3 errors.

    Was there something you did differently? If you could provide a bit more detail, perhaps I can see if I missed something.

    Thanks,
    JB

  4. #4
    Junior Member
    Join Date
    Jan 2010
    Posts
    29

    Default Re: SSLStrip & Ettercap not playing nicely together in BT5R1

    Stupid suggestion, but have you tried the latest version of the script, i provoked the same error on a older version

  5. #5
    Senior Member
    Join Date
    Dec 2010
    Posts
    127

    Default Re: SSLStrip & Ettercap not playing nicely together in BT5R1

    Yep. I've tried .8 and .9. Wondering is half duplex is causing issues.

  6. #6
    Just burned his ISO
    Join Date
    Apr 2011
    Posts
    2

    Default Re: SSLStrip & Ettercap not playing nicely together in BT5R1

    Same problem. Both deleted and installed again (ettercap was crashing after scanning hosts anyway) & still L3 Error.

    BT5 R1 KDE running in Virtual Box

  7. #7
    Senior Member
    Join Date
    Dec 2010
    Posts
    127

    Default Re: SSLStrip & Ettercap not playing nicely together in BT5R1

    I still haven't found a solutions, but I did find this which is interesting:

    >Hi,
    >libnet_write_raw_ipv4 is an official function in the old libnet API
    0.x.x.x
    >not in 1.x.x.x. But if you look carefully in the code you can see that it
    >is
    >used. I used this libnet_adv_write_raw with libnet 1.1.2 and it worked
    >without problems.
    >
    >Regards,
    >Mustaffa Abu Sedira

    Wondering if I replace the original ettercap code with this, if it'll work... Only thing to do is to try...

  8. #8
    Senior Member
    Join Date
    Dec 2010
    Posts
    127

    Default Re: SSLStrip & Ettercap not playing nicely together in BT5R1

    OK found this in ec_send.c in the ettercap source

    /* open the socket at layer 3 */
    l3 = libnet_init(LIBNET_RAW4_ADV, GBL_OPTIONS->iface, lnet_errbuf);
    ON_ERROR(l3, NULL, "libnet_init(LIBNET_RAW4_ADV) failed: %s", lnet_errbuf);

    Getting closer, maybe....

  9. #9
    Senior Member
    Join Date
    Dec 2010
    Posts
    127

    Default Re: SSLStrip & Ettercap not playing nicely together in BT5R1

    Quote Originally Posted by ericmilam View Post
    OK found this in ec_send.c in the ettercap source

    /* open the socket at layer 3 */
    l3 = libnet_init(LIBNET_RAW4_ADV, GBL_OPTIONS->iface, lnet_errbuf);
    ON_ERROR(l3, NULL, "libnet_init(LIBNET_RAW4_ADV) failed: %s", lnet_errbuf);

    Getting closer, maybe....
    OK...found this:

    /*
    * send the packet at layer 3
    * the eth header will be handled by the kernel
    */
    ...snip...
    libnet_geterror(GBL_LNET->lnet_L3));
    if (c == -1)
    USER_MSG("SEND L3 ERROR: %d byte packet (%04x:%02x) destined to %s was not forwarded (%s)\n",
    po->fwd_len, ntohs(po->L3.proto), po->L4.proto,

    So, since the kernel changed from BT5 to BT5r1 and that was really the only thing changed...I believe something is up there.

    Walking through the ec_send.c code and looking at ettercap, everything looks cool as far as using libnet to open link layer and layer 3.

    Still trying to find out more about LIBNET_ADV_WRITE_RAW...anyone who may know...post here please

  10. #10
    Just burned his ISO
    Join Date
    Aug 2011
    Posts
    7

    Default Re: SSLStrip & Ettercap not playing nicely together in BT5R1

    I also [COLOR="#B22222"]HAD[COLOR="#000000"]that problem with ettercap ,on both BT5 and BT5r1 kde 32-bit versions,plugins also do not work and does not pickup http pass words ,anyway it does not work The ettercap package installed need to be removed and ettercap package 0.7.4-bt7 need to be installed.That can be done with the package manager or apt-get.

    Code:
            apt-get remove ettercap-desktop
             apt-get remove ettercap-gtk
             apt-get remove ettercap-common
             apt-get install ettercap
    Now your go to go

Page 1 of 10 123 ... LastLast

Similar Threads

  1. Ettercap+Sslstrip
    By ms282 in forum BackTrack 5 General Topics
    Replies: 22
    Last Post: 03-08-2012, 10:45 AM
  2. Problema con Ettercap & Sslstrip
    By mapoetto in forum Discussioni Generali
    Replies: 1
    Last Post: 04-14-2011, 10:30 PM
  3. Ettercap and Sslstrip problem
    By f4llcon in forum Beginners Forum
    Replies: 5
    Last Post: 11-02-2010, 05:26 PM
  4. ettercap & sslstrip question
    By mroy1300 in forum OLD Newbie Area
    Replies: 0
    Last Post: 02-01-2010, 01:55 AM
  5. playing whit ettercap remote_brower
    By Jon3s in forum OLD Tutorials and Guides
    Replies: 0
    Last Post: 03-23-2008, 11:22 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •