I am rather new to Ettercap but I have successfully set up the latest Ettercap, in fact the release candidate 0.7.5.
Anyhow, I manage to ARP poison a single victim and I manage to see the username and password from a decrypted SSL session. The -w options allows me to save the network traffic in pcap format.
The problem is however that I want to see the full SSL payload in clear text to verify what I should modify with an ettercap filter in a later stage.
1) How can I see the SSL payload in clear text? The pcap file still contains the traffic in an encrypted format and Wireshark cannot decrypt it (because of Diffie-Hellman ciphers).
2) Any more hints on creating etterfilters?
For the moment I am not using sslstrip or stunnel or so, is that a way to go? Should we redirect that traffic? How?