Page 1 of 25 12311 ... LastLast
Results 1 to 10 of 248

Thread: Sniffing Tutorial:

  1. #1
    Just burned his ISO
    Join Date
    Feb 2006
    Posts
    15

    Default Sniffing Tutorial:

    Simple Sniffing Tutorial

    Tools:

    Ettercap
    nano

    1. For SSL Dissection support (hotmail,gmail), you need to do this:
    Open a shell, type: "nano /usr/local/etc/etter.conf", use the down arrow until you reach "redir_command_on/off", look at the linux part, your gonna need to uncomment:
    Code:
    # if you use iptables:
    #redir_command_on = "iptables -t nat -A PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"
    #redir_command_off = "iptables -t nat -D PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"
    to:

    Code:
    # if you use iptables:
    redir_command_on = "iptables -t nat -A PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"
    redir_command_off = "iptables -t nat -D PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"
    after your done, press F2, Y, Return.

    Now boot Ettercap: Menu --> Backtrack --> Spoofing --> Ettercap
    Go to: Sniff --> Unified Sniffing -->ethX(what interface you want to sniff).
    Then Press: Ctrl+S to scan hosts.
    Then Go to: Mitm --> ARP poisoning, select sniff remote connections, and press ok.
    Then Go to: Start --> Start Sniffing.

    For an Example, Walk to another pc, go to your internet email account (Hotmail, Gmail), and log in, you will be asked to trust the certificate, Trust it, and watch your sniffing computer, the username and password should appear.

    When your done, go to Start --> Stop Sniffing, And go to Mitm --> Stop mitm attack(s)

    Yeehaw

  2. #2
    Just burned his ISO
    Join Date
    Jan 2006
    Posts
    2

    Default

    Thanks for the nice tutorial!

    I have another question to webmitm. I once was reading in the old forum that there is a other tool which fills the certificate automatically !?

  3. #3
    Junior Member
    Join Date
    Jan 2010
    Posts
    42

    Exclamation

    your gonna need to uncomment: # if you use iptables:
    Can you please explain this part. I found
    Code:
    # if you use iptables:
    #redir_command_on = "iptables -t nat -A PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"
    #redir_command_off = "iptables -t nat -D PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"
    but what do you mean "uncomment"? Sorry for the n00b question... Just need a little more explanation on what to do here???

    Thx

  4. #4
    Member
    Join Date
    Jan 2006
    Posts
    66

    Default

    Remove the hash marks ( # ) at the beginning of the two lines following "# if you use iptables:".

  5. #5
    Junior Member
    Join Date
    Jan 2010
    Posts
    42

    Default

    Quote Originally Posted by hobbes
    Remove the hash marks ( # ) at the beginning of the two lines following "# if you use iptables:".
    Worked and thanks... But I noticed the certificate keeps popping up and I was never able to log into hotmail using both ie & ff... Is there a fix or work around for this? Plus if you click "view cetificate" it says "This certificate cannot be verified up to a trusted certification authority.". How can I make the certificate look like its a trusted source?

  6. #6
    Just burned his ISO
    Join Date
    Feb 2006
    Posts
    15

    Default

    Quote Originally Posted by FreshFish
    Worked and thanks... But I noticed the certificate keeps popping up and I was never able to log into hotmail using both ie & ff... Is there a fix or work around for this? Plus if you click "view cetificate" it says "This certificate cannot be verified up to a trusted certification authority.". How can I make the certificate look like its a trusted source?
    you can't, you need to press yes multiple times...

    Yeehaw

  7. #7
    Junior Member
    Join Date
    Feb 2006
    Posts
    72

    Default

    Very well done. Thanks alot for using Ettercap! Hahaha
    \|,,,,,,,,,,,\|/,,,,,,,,,,,,|/
    -(o)===(<(O)>)===(o)-
    /|''''''''''''''''`/|\'''''''''''''''''''|\

  8. #8
    Just burned his ISO
    Join Date
    Feb 2006
    Posts
    15

    Default

    TheGreatVirus, are you the author?

  9. #9
    Junior Member
    Join Date
    Feb 2010
    Posts
    38

    Default

    what about a small video tutorial hosted by rapidshare?

  10. #10
    Just burned his ISO
    Join Date
    Feb 2006
    Posts
    15

    Default

    dunno wich tools for linux and windows i should use, enlighten me

Page 1 of 25 12311 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •