Results 1 to 4 of 4

Thread: Ettercap without ARP Spoofing

Hybrid View

  1. #1
    Just burned their ISO
    Join Date
    Jan 2013
    Posts
    7

    Default Ettercap without ARP Spoofing

    I'm trying to use Ettercap for sniffing and manipulating packets coming across the wire.

    My current setup is Client > Wlan-(Karma)-Eth > My Box < Wlan < Router.

    So the problem I'm running into is that I don't want to run ARP spoofing and need to forward what is coming in Eth0 to Wlan0 so that the client still has web access.

    I've got everything else working fine, such as SSLStrip, but I'm having problems with Ettercap.

    Whenever I enable Ettercap (ettercap -Tqi eth0), it disables ip_forward, which I can understand because Ettercap should be forwarding everything for me. Problem is that Ettercap is not properly forwarding from what it seems. All of the rules are showing up in iptables, so that isn't the issue.

    I've been beating my head off my desk because I can't for the life of me figure out how to get Ettercap to work without ARP spoofing. I'm already sitting in the middle of the line, so there is no need to try and get the clients to connect to me.

    If anyone has any idea and could push me in the right direction, I would really appreciate it.

  2. #2
    Just burned their ISO
    Join Date
    Jan 2013
    Posts
    11

    Default Re: Ettercap without ARP Spoofing

    If i've understood well,
    You got a client (wireless connection)
    You want it to connecto to YOU on your wireless interface
    Link your wireless interface to your wired interface
    and your wired interface connected on your router ?

    ##Client## ---- Wireless ---- ##Wlan0 -> Computer -> Eth0## ---- Wired ---- ##Router##

    If it is, then what i should have done is :
    Setting up a Fake Ap (it will use Wlan0 as a fake access point, and eth0 to get access to the internet)
    Since datas go through wlan0 and eth0, no need of MITm with ettercap, because it's a MITM in itself.
    Let's just capture packets with wireshark, apply filters if you want to see only your client's packets, and i think u're done.

    I hope u'll understand my answer (i'm french T-T), anyway, if i've misunderstood something, or if i've not been clear enough PM me

  3. #3
    Very good friend of the forum maverik35's Avatar
    Join Date
    Sep 2009
    Location
    Debian land
    Posts
    734

    Default Re: Ettercap without ARP Spoofing

    Let me quote: "I've been beating my head off my desk because I can't for the life of me figure out how to get Ettercap to work without ARP spoofing. "

    Well, you need to use -u...ettercap -Tqiu "your iface" or ettercap -T -q -u -i "your iface" This way you prevent ettercap from enabling forwarding, in such case you would have to forward the traffic in kernel with arpspoof.

    Luck.

  4. #4
    Just burned their ISO
    Join Date
    Jan 2013
    Posts
    7

    Default Re: Ettercap without ARP Spoofing

    The problem with using -u is that it disables the ability to do packet injection. That's my entire problem.

    Ettercap is great for MiTM when you're not actually in the middle, but if you are physically in the middle of a connection, it seems to be lacking.

Similar Threads

  1. Help with ettercap DNS spoofing
    By TheSubtleKnife in forum Beginners Forum
    Replies: 0
    Last Post: 08-18-2010, 02:14 AM
  2. Ettercap DNS Spoofing Not.. Spoofing
    By oxide in forum OLD Newbie Area
    Replies: 4
    Last Post: 04-02-2009, 10:39 PM
  3. DNS Spoofing with Ettercap
    By Irongeek in forum OLD Tutorials and Guides
    Replies: 5
    Last Post: 06-08-2008, 03:02 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •