SSLStrip & Ettercap not playing nicely together in BT5R1

[ericmilam]

OK, so none of the above has worked (purging & reinstall)

I am only experiencing this issue on BT5 R1 with kernel 2.6.39.4. If someone is using this kernel and not getting the L3 errors, please let me know. I took couple of wireshark dumps and purehat and I are going to look at it next week.

Essential libnet is throwing an error. We really can't see the error, because it gets placed in a custom error within ettercap. (see code above).

Again, this issue only comes up when sslstrip & ettercap are running at the same time.

It looks like everything still works properly,but those errors are annoying.

I haven't tried the LIBNET_ADV_WRITE_RAW yet, but I've tried everything else and no luck.

[Carnacior]

The L3 errors only come up when SSLStrip is fired up... if ettercap is runned alone it works ok... but no ssl

[tomnzed]

Hi guys,

I am getting a similar error with my setup.

I'm using Backtrack 5 (not R1) with Kernel 2.6.38

When I run ettercap I get the following error

Code:

root@bt:~# ettercap -Tq -M arp:remote /10.0.0.1-255/ -P autoadd

ettercap NG-0.7.3 copyright 2001-2004 ALoR & NaGA

Dissector "dns" not supported (etter.conf line 70)
Listening on eth0... (Ethernet)

  eth0 ->    08:00:27:E5:E3:41  10.0.0.103  255.0.0.0

Privileges dropped to UID 0 GID 0...

  28 plugins
  39 protocol dissectors
  53 ports monitored
7587 mac vendor fingerprint
1698 tcp OS fingerprint
2183 known services

Scanning for merged targets (255 hosts)...

* |==>| 100.00 %

5 hosts added to the hosts list...

ARP poisoning victims:

GROUP 1 : 10.0.0.5 00:16:CB:C2:85:FC
GROUP 1 : 10.0.0.16 00:0C:F1:CA:13:1F
GROUP 1 : 10.0.0.102 00:23:6C:92:31:6B
GROUP 1 : 10.0.0.104 00:1B:63:09:C6:27
GROUP 1 : 10.0.0.138 00:90:D0:34:28:E1

GROUP 2 : ANY (all the hosts in the list)
Starting Unified sniffing...

Text only Interface activated...
Hit 'h' for inline help

Activating autoadd plugin...

DHCP: [08:00:27:E5:E3:41] REQUEST 10.10.24.152
DHCP: [08:00:27:E5:E3:41] REQUEST 10.10.24.152
SEND L3 ERROR: 56 byte packet (0800:01) destined to 10.0.0.102 was not forwarded (libnet_write_raw_ipv4(): -1 bytes written (Operation not permitted)
)
DHCP: [08:00:27:E5:E3:41] REQUEST 10.10.24.152
DHCP: [08:00:27:E5:E3:41] REQUEST 10.10.24.152
DHCP: [08:00:27:E5:E3:41] REQUEST 10.10.24.152
SEND L3 ERROR: 56 byte packet (0800:01) destined to 10.0.0.102 was not forwarded (libnet_write_raw_ipv4(): -1 bytes written (Operation not permitted)
)
DHCP: [00:1B:63:09:C6:27] REQUEST 10.0.0.104
SEND L3 ERROR: 56 byte packet (0800:01) destined to 10.0.0.102 was not forwarded (libnet_write_raw_ipv4(): -1 bytes written (Operation not permitted)
)
DHCP: [00:1B:63:09:C6:27] REQUEST 10.0.0.104
DHCP: [08:00:27:E5:E3:41] REQUEST 10.10.24.152
DHCP: [08:00:27:E5:E3:41] REQUEST 10.10.24.152
DHCP: [08:00:27:E5:E3:41] REQUEST 10.10.24.152
DHCP: [08:00:27:E5:E3:41] REQUEST 10.10.24.152
DHCP: [08:00:27:E5:E3:41] REQUEST 10.10.24.152
DHCP: [08:00:27:E5:E3:41] REQUEST 10.10.24.152
DHCP: [08:00:27:E5:E3:41] REQUEST 10.10.24.152
DHCP: [08:00:27:E5:E3:41] REQUEST 10.10.24.152
SEND L3 ERROR: 56 byte packet (0800:01) destined to 10.0.0.102 was not forwarded (libnet_write_raw_ipv4(): -1 bytes written (Operation not permitted)
)
SEND L3 ERROR: 56 byte packet (0800:01) destined to 10.0.0.102 was not forwarded (libnet_write_raw_ipv4(): -1 bytes written (Operation not permitted)
)
DHCP: [08:00:27:E5:E3:41] REQUEST 10.10.24.152

And my network interface:

Code:

root@bt:~# ifconfig
eth0  Link encap:Ethernet  HWaddr 08:00:27:e5:e3:41  
    inet addr:10.0.0.103  Bcast:10.255.255.255  Mask:255.0.0.0
    inet6 addr: fe80::a00:27ff:fee5:e341/64 Scope:Link
    UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
    RX packets:78032 errors:10 dropped:0 overruns:0 frame:0
    TX packets:20180 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1000
    RX bytes:7181598 (7.1 MB)  TX bytes:1906369 (1.9 MB)
    Interrupt:10 Base address:0xd020

Also when running ettercap I get the following:

Code:

Dissector "dns" not supported (etter.conf line 70)

I can get it to work on my Ubuntu 11.04 computer with Kernel 2.6.38-10-generic,
but I just get all these warnings for all the sites I go to the the network isn't
secure haha.

I hope this can help you guys.

Thanks

[destro23]

No dice for me either... i'm going to try the suggestions in this thread in the ubuntu forums....

http://ubuntuforums.org/showthread.php?t=1555044&page=2

[Carnacior]

any results ? any news ? This sslstrip issue is really annoying...

[destro23]

Is there any repository to get the source from ettercap downloaded? i'm trying to get the fix above working.. thanks

apt-get source ettercap

comes back with URI not found error

[DeserTEagLe]

OK, so none of the above has worked (purging & reinstall)

I am only experiencing this issue on BT5 R1 with kernel 2.6.39.4. If someone is using this kernel and not getting the L3 errors, please let me know. I took couple of wireshark dumps and purehat and I are going to look at it next week.

Essential libnet is throwing an error. We really can't see the error, because it gets placed in a custom error within ettercap. (see code above).

Again, this issue only comes up when sslstrip & ettercap are running at the same time.

It looks like everything still works properly,but those errors are annoying.

I haven't tried the LIBNET_ADV_WRITE_RAW yet, but I've tried everything else and no luck.

As i stated in a previous post in this thread thier are two versions of ettercap available for bt5/bt5r1 ,all you did was reinstall the same verion you had.You need to uninstall/remove your current ettercap version and install ettercap version 0.7.4-bt7! To do that run the following commands in terminal (you will need to have internet connection to download that package).


apt-get remove ettercap-desktop
apt-get remove ettercap-gtk
apt-get remove ettercap-common
apt-get install ettercap

[ericmilam]

No dice for me either... i'm going to try the suggestions in this thread in the ubuntu forums....

http://ubuntuforums.org/showthread.php?t=1555044&page=2

I did this...explained in another post I think. I changed my sources to the latest version of Ubuntu (Natty) and installed ettercap and that fixed the issues. It's a known bug in the 10.04 release of ettercap

[ericmilam]

The dns dissector is a know issue for 64 Bit processors. I think they fixed that in the latest Ubuntu version. If you look at the ubuntu launchpad page (google ubuntu ettercap bugs)

I think the BT guys may have fixed it as well. But not sure.

[ericmilam]

any results ? any news ? This sslstrip issue is really annoying...

So I did a wireshark dump and see ICMP not being forwarded. I was going to work on it this week with purehate, but we didn't have any time.

I was going to switch to the LIBNET_ADV_WRITE_RAW in the source and recompile, but again, no time.

I can tell you that even though it throws errors, it still works. Problem is, ettercap has pthread issues too, so this makes the program run out of threads and close even faster.

What we really need is someone who is good with C and can resurrect Ettercap-NG. I know there are guys who update stuff for Ubuntu releases, but I submitted a bug months ago and it hasn't even been acknowledged yet.