Page 2 of 10 FirstFirst 1234 ... LastLast
Results 11 to 20 of 97

Thread: SSLStrip & Ettercap not playing nicely together in BT5R1

  1. #11
    Senior Member
    Join Date
    Dec 2010
    Posts
    127

    Default Re: SSLStrip & Ettercap not playing nicely together in BT5R1

    OK, so none of the above has worked (purging & reinstall)

    I am only experiencing this issue on BT5 R1 with kernel 2.6.39.4. If someone is using this kernel and not getting the L3 errors, please let me know. I took couple of wireshark dumps and purehat and I are going to look at it next week.

    Essential libnet is throwing an error. We really can't see the error, because it gets placed in a custom error within ettercap. (see code above).

    Again, this issue only comes up when sslstrip & ettercap are running at the same time.

    It looks like everything still works properly,but those errors are annoying.

    I haven't tried the LIBNET_ADV_WRITE_RAW yet, but I've tried everything else and no luck.

  2. #12
    Just burned his ISO Carnacior's Avatar
    Join Date
    Apr 2010
    Location
    Romania
    Posts
    11

    Default Re: SSLStrip & Ettercap not playing nicely together in BT5R1

    The L3 errors only come up when SSLStrip is fired up... if ettercap is runned alone it works ok... but no ssl

  3. #13
    Just burned his ISO
    Join Date
    Sep 2011
    Posts
    2

    Default Re: SSLStrip & Ettercap not playing nicely together in BT5R1

    Hi guys,

    I am getting a similar error with my setup.

    I'm using Backtrack 5 (not R1) with Kernel 2.6.38

    When I run ettercap I get the following error

    Code:
    root@bt:~# ettercap -Tq -M arp:remote /10.0.0.1-255/ -P autoadd
    
    ettercap NG-0.7.3 copyright 2001-2004 ALoR & NaGA
    
    Dissector "dns" not supported (etter.conf line 70)
    Listening on eth0... (Ethernet)
    
      eth0 ->    08:00:27:E5:E3:41  10.0.0.103  255.0.0.0
    
    Privileges dropped to UID 0 GID 0...
    
      28 plugins
      39 protocol dissectors
      53 ports monitored
    7587 mac vendor fingerprint
    1698 tcp OS fingerprint
    2183 known services
    
    Scanning for merged targets (255 hosts)...
    
    * |==>| 100.00 %
    
    5 hosts added to the hosts list...
    
    ARP poisoning victims:
    
    GROUP 1 : 10.0.0.5 00:16:CB:C2:85:FC
    GROUP 1 : 10.0.0.16 00:0C:F1:CA:13:1F
    GROUP 1 : 10.0.0.102 00:23:6C:92:31:6B
    GROUP 1 : 10.0.0.104 00:1B:63:09:C6:27
    GROUP 1 : 10.0.0.138 00:90:D0:34:28:E1
    
    GROUP 2 : ANY (all the hosts in the list)
    Starting Unified sniffing...
    
    Text only Interface activated...
    Hit 'h' for inline help
    
    Activating autoadd plugin...
    
    DHCP: [08:00:27:E5:E3:41] REQUEST 10.10.24.152
    DHCP: [08:00:27:E5:E3:41] REQUEST 10.10.24.152
    SEND L3 ERROR: 56 byte packet (0800:01) destined to 10.0.0.102 was not forwarded (libnet_write_raw_ipv4(): -1 bytes written (Operation not permitted)
    )
    DHCP: [08:00:27:E5:E3:41] REQUEST 10.10.24.152
    DHCP: [08:00:27:E5:E3:41] REQUEST 10.10.24.152
    DHCP: [08:00:27:E5:E3:41] REQUEST 10.10.24.152
    SEND L3 ERROR: 56 byte packet (0800:01) destined to 10.0.0.102 was not forwarded (libnet_write_raw_ipv4(): -1 bytes written (Operation not permitted)
    )
    DHCP: [00:1B:63:09:C6:27] REQUEST 10.0.0.104
    SEND L3 ERROR: 56 byte packet (0800:01) destined to 10.0.0.102 was not forwarded (libnet_write_raw_ipv4(): -1 bytes written (Operation not permitted)
    )
    DHCP: [00:1B:63:09:C6:27] REQUEST 10.0.0.104
    DHCP: [08:00:27:E5:E3:41] REQUEST 10.10.24.152
    DHCP: [08:00:27:E5:E3:41] REQUEST 10.10.24.152
    DHCP: [08:00:27:E5:E3:41] REQUEST 10.10.24.152
    DHCP: [08:00:27:E5:E3:41] REQUEST 10.10.24.152
    DHCP: [08:00:27:E5:E3:41] REQUEST 10.10.24.152
    DHCP: [08:00:27:E5:E3:41] REQUEST 10.10.24.152
    DHCP: [08:00:27:E5:E3:41] REQUEST 10.10.24.152
    DHCP: [08:00:27:E5:E3:41] REQUEST 10.10.24.152
    SEND L3 ERROR: 56 byte packet (0800:01) destined to 10.0.0.102 was not forwarded (libnet_write_raw_ipv4(): -1 bytes written (Operation not permitted)
    )
    SEND L3 ERROR: 56 byte packet (0800:01) destined to 10.0.0.102 was not forwarded (libnet_write_raw_ipv4(): -1 bytes written (Operation not permitted)
    )
    DHCP: [08:00:27:E5:E3:41] REQUEST 10.10.24.152
    And my network interface:

    Code:
    root@bt:~# ifconfig
    eth0  Link encap:Ethernet  HWaddr 08:00:27:e5:e3:41  
        inet addr:10.0.0.103  Bcast:10.255.255.255  Mask:255.0.0.0
        inet6 addr: fe80::a00:27ff:fee5:e341/64 Scope:Link
        UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
        RX packets:78032 errors:10 dropped:0 overruns:0 frame:0
        TX packets:20180 errors:0 dropped:0 overruns:0 carrier:0
        collisions:0 txqueuelen:1000
        RX bytes:7181598 (7.1 MB)  TX bytes:1906369 (1.9 MB)
        Interrupt:10 Base address:0xd020
    Also when running ettercap I get the following:
    Code:
    Dissector "dns" not supported (etter.conf line 70)
    I can get it to work on my Ubuntu 11.04 computer with Kernel 2.6.38-10-generic,
    but I just get all these warnings for all the sites I go to the the network isn't
    secure haha.

    I hope this can help you guys.

    Thanks

  4. #14
    Junior Member
    Join Date
    Jun 2011
    Posts
    43

    Default Re: SSLStrip & Ettercap not playing nicely together in BT5R1

    No dice for me either... i'm going to try the suggestions in this thread in the ubuntu forums....

    http://ubuntuforums.org/showthread.php?t=1555044&page=2

  5. #15
    Just burned his ISO Carnacior's Avatar
    Join Date
    Apr 2010
    Location
    Romania
    Posts
    11

    Default Re: SSLStrip & Ettercap not playing nicely together in BT5R1

    any results ? any news ? This sslstrip issue is really annoying...

  6. #16
    Junior Member
    Join Date
    Jun 2011
    Posts
    43

    Default Re: SSLStrip & Ettercap not playing nicely together in BT5R1

    Is there any repository to get the source from ettercap downloaded? i'm trying to get the fix above working.. thanks

    apt-get source ettercap

    comes back with URI not found error

  7. #17
    Just burned his ISO
    Join Date
    Aug 2011
    Posts
    7

    Default Re: SSLStrip & Ettercap not playing nicely together in BT5R1

    Quote Originally Posted by ericmilam View Post
    OK, so none of the above has worked (purging & reinstall)

    I am only experiencing this issue on BT5 R1 with kernel 2.6.39.4. If someone is using this kernel and not getting the L3 errors, please let me know. I took couple of wireshark dumps and purehat and I are going to look at it next week.

    Essential libnet is throwing an error. We really can't see the error, because it gets placed in a custom error within ettercap. (see code above).

    Again, this issue only comes up when sslstrip & ettercap are running at the same time.

    It looks like everything still works properly,but those errors are annoying.

    I haven't tried the LIBNET_ADV_WRITE_RAW yet, but I've tried everything else and no luck.
    As i stated in a previous post in this thread thier are two versions of ettercap available for bt5/bt5r1 ,all you did was reinstall the same verion you had.You need to uninstall/remove your current ettercap version and install ettercap version 0.7.4-bt7! To do that run the following commands in terminal (you will need to have internet connection to download that package).


    apt-get remove ettercap-desktop
    apt-get remove ettercap-gtk
    apt-get remove ettercap-common
    apt-get install ettercap

  8. #18
    Senior Member
    Join Date
    Dec 2010
    Posts
    127

    Default Re: SSLStrip & Ettercap not playing nicely together in BT5R1

    Quote Originally Posted by destro23 View Post
    No dice for me either... i'm going to try the suggestions in this thread in the ubuntu forums....

    http://ubuntuforums.org/showthread.php?t=1555044&page=2
    I did this...explained in another post I think. I changed my sources to the latest version of Ubuntu (Natty) and installed ettercap and that fixed the issues. It's a known bug in the 10.04 release of ettercap

  9. #19
    Senior Member
    Join Date
    Dec 2010
    Posts
    127

    Default Re: SSLStrip & Ettercap not playing nicely together in BT5R1

    The dns dissector is a know issue for 64 Bit processors. I think they fixed that in the latest Ubuntu version. If you look at the ubuntu launchpad page (google ubuntu ettercap bugs)

    I think the BT guys may have fixed it as well. But not sure.

  10. #20
    Senior Member
    Join Date
    Dec 2010
    Posts
    127

    Default Re: SSLStrip & Ettercap not playing nicely together in BT5R1

    Quote Originally Posted by Carnacior View Post
    any results ? any news ? This sslstrip issue is really annoying...
    So I did a wireshark dump and see ICMP not being forwarded. I was going to work on it this week with purehate, but we didn't have any time.

    I was going to switch to the LIBNET_ADV_WRITE_RAW in the source and recompile, but again, no time.

    I can tell you that even though it throws errors, it still works. Problem is, ettercap has pthread issues too, so this makes the program run out of threads and close even faster.

    What we really need is someone who is good with C and can resurrect Ettercap-NG. I know there are guys who update stuff for Ubuntu releases, but I submitted a bug months ago and it hasn't even been acknowledged yet.

Page 2 of 10 FirstFirst 1234 ... LastLast

Similar Threads

  1. Ettercap+Sslstrip
    By ms282 in forum BackTrack 5 General Topics
    Replies: 22
    Last Post: 03-08-2012, 10:45 AM
  2. Problema con Ettercap & Sslstrip
    By mapoetto in forum Discussioni Generali
    Replies: 1
    Last Post: 04-14-2011, 10:30 PM
  3. Ettercap and Sslstrip problem
    By f4llcon in forum Beginners Forum
    Replies: 5
    Last Post: 11-02-2010, 05:26 PM
  4. ettercap & sslstrip question
    By mroy1300 in forum OLD Newbie Area
    Replies: 0
    Last Post: 02-01-2010, 01:55 AM
  5. playing whit ettercap remote_brower
    By Jon3s in forum OLD Tutorials and Guides
    Replies: 0
    Last Post: 03-23-2008, 11:22 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •