Ettercap ARP poisoning inquiry

[dedalus]

Hello,

Very new to ARP Poisoning and using Ettercap to get started. heard very good things about it.

Operating in the GUI i got ARP poisoning functioning on my network however it will not return all posted data on the targeted IP.

Facebook as well as a few other sites always return the login details in Ettercap however on select sites such as Gmail i dont return any
result whatsoever.

Im confident im just missing something stupid and any input would be helpful.

Also if you need specifics on any aspect just ask.

[scottm99]

You may need to do some editing of the etter.conf file, as well as load different plugins...depending on what you're trying to do with the ARP poisoning.

[dedalus]

Thanks for the quick reply.

What exactly would i be looking to change in etter.conf?

As far as what id like it to do, id like it to monitor all form data on my network.

[scottm99]

I believe that the etter.conf file has some regex expressions you can use to capture specific types of traffic. My knowledge of Ettercap is a bit rusty, but I recall the etter.conf file has some helpful examples.

[dennis00]

[QUOTE=dedalus;218880]
Facebook as well as a few other sites always return the login details in Ettercap however on select sites such as Gmail i dont return any
result whatsoever.
QUOTE]

It sounds like you may need to add to the etter.fields.
http://www.backtrack-linux.org/forum...ad.php?t=49870
(Of course you will need sslstrip as well)

[aerokid240]

Dennis00 beat me to it . Ettercap will spoof a certifacate for https on the gmail website. Once the victim browser accepts that certificate, ettercap should be able to parse the username and passwords as long as they are defined in the etter.fields file. You can view the page source for the gmail login page and verify what the username and password fields are, then make sure that they exist in etter.fields.