Results 1 to 7 of 7

Thread: ettercap redirect stopped working?

Hybrid View

  1. #1
    Just burned their ISO
    Join Date
    Feb 2012
    Posts
    3

    Default ettercap redirect stopped working?

    Alright, this problem arose just overnight, the day before ettercap as redirecting websites just fine but today, i get nothing.

    These are the steps that I put together and used, and it worked many times.

    nano /usr/local/share/ettercap/etter.dns

    Change website address to redirect, and ip to redirect it to. Save with Ctrl+o then enter.

    Open ettercap-gtk

    Sniff –> Unified Sniffing

    Host, Scan for hosts. Add the router to target 1, and the others to target 2

    Mitm > arcp poisoning > sniff remote connections

    start scanning

    Plugins > manage plugins > dns_spoof plugin


    However, today I can't get it to work, and I've done everything i can think of short of reinstalling the OS. These steps worked perfectly fine yesterday, so I don't get whats going on. The section that shows when the target attempts to access the webpage just stays empty, and the target is un-affected.

    So, what is the fix for this?

    Also, can I select just one or two targets from the command line, and have it work the same? I'd rather do it that way that dealing with the GUI

  2. #2
    Just burned their ISO
    Join Date
    Feb 2012
    Posts
    3

    Default Re: ettercap redirect stopped working?

    Heres where the output stops, and I don't get any feedback. I've also enabled ip forwarding, but it still doesnt work. using arpspoof in terminal is bust too.

    Scanning the whole netmask for 255 hosts...
    4 hosts added to the hosts list...
    Host 172.16.*.** added to TARGET1
    Host 172.16.*.*** added to TARGET2

    ARP poisoning victims:

    GROUP 1 : 172.16.*.*** B8:E6:25:8E:0D9

    GROUP 2 : 172.16.*.** F0:7B:CB:5A:76:5E
    Starting Unified sniffing...

    Activating dns_spoof plugin...

    I've seen some placed 64 bit is a problem with ettercap, is that true? would installing 32 bit fix that?

  3. #3
    Very good friend of the forum maverik35's Avatar
    Join Date
    Sep 2009
    Location
    Debian land
    Posts
    734

    Default Re: ettercap redirect stopped working?

    Quote Originally Posted by XOIIO View Post
    Heres where the output stops, and I don't get any feedback. I've also enabled ip forwarding, but it still doesnt work. using arpspoof in terminal is bust too.

    Scanning the whole netmask for 255 hosts...
    4 hosts added to the hosts list...
    Host 172.16.*.** added to TARGET1
    Host 172.16.*.*** added to TARGET2

    ARP poisoning victims:

    GROUP 1 : 172.16.*.*** B8:E6:25:8E:0D9

    GROUP 2 : 172.16.*.** F0:7B:CB:5A:76:5E
    Starting Unified sniffing...

    Activating dns_spoof plugin...

    I've seen some placed 64 bit is a problem with ettercap, is that true? would installing 32 bit fix that?
    You might want to check the poissoning..I always use cli, I post my command line:
    ettercap -Tqi eth1 -M arp:remote // // -P dns_spoof

    Recheck the etter.dns file (/usr/share/ettercap/etter.dns) and see if nothing has been changed as to redirecting IP.

    After using the ettercap line I posted above, use the key "h" for help (i belive that is the key, anyway, below the command, it says the key).

    look for the option: check poissoning. Check it. No arp-poissoning, no dns_spoof, no sniffing, nothing. Traffic never passes thru your PC.

  4. #4
    Just burned their ISO
    Join Date
    Feb 2012
    Posts
    3

    Default Re: ettercap redirect stopped working?

    Quote Originally Posted by maverik35 View Post
    You might want to check the poissoning..I always use cli, I post my command line:
    ettercap -Tqi eth1 -M arp:remote // // -P dns_spoof

    Recheck the etter.dns file (/usr/share/ettercap/etter.dns) and see if nothing has been changed as to redirecting IP.

    After using the ettercap line I posted above, use the key "h" for help (i belive that is the key, anyway, below the command, it says the key).

    look for the option: check poissoning. Check it. No arp-poissoning, no dns_spoof, no sniffing, nothing. Traffic never passes thru your PC.
    Ahh, thanks, but I figured our what I was doing wrong, I was editing the etter.dns file, but somehow I had one in the wrong directory lol, so that's why nothing was changing.

  5. #5
    Good friend of the forums zimmaro's Avatar
    Join Date
    Mar 2010
    Location
    milano
    Posts
    407

    Default Re: ettercap redirect stopped working?

    hi
    I'm NOT expert:
    I must be honest to me sometimes happens that the DNS_spoof associated with "" ARP "" INTO-ETTERCAP should not be always successful!.I've done a lot of testing (BT5-R3-32-bit VM)
    I noticed (my opinion):
    that in (my) version (VM-32-gnome "update" hdd install) sometimes does not work
    as well (cleaning the iptables & switching "0/1" ip forwarding) ... but if you start BT5-R3_LIVE-mode (VM) function always good!.
    I am not able to understand if it is a question of "ettercap" or the "assignment-dns" in the network!
    the result of WORKED-TEST:

    http://vimeo.com/59764427

    sorry low-quality
    bye

  6. #6
    Very good friend of the forum maverik35's Avatar
    Join Date
    Sep 2009
    Location
    Debian land
    Posts
    734

    Default Re: ettercap redirect stopped working?

    I had a lots of problems using ettercap installed in my debian Testing, not as to installation is concerned, but the thing is that arp poissoning is just almost impossible in some scenarios. Then I tried from live DVD and strange thing, the same result, no arp poissoning..I also have BT5r3 in the same hdd, along side with mint, Xp and W7.

    Also tried with the BT5r3 HDD installation, same result....

    Some how I never knew if there was something going on in that particular lan I was auditing..I search and research about ettercap, arp poissoning..Everything remains the same..Everything I do seems to be just fine. It has become an obsesion with that lan....mmmmm...

    But in my case, it could probably have been something in that lan I was auditing...Still trying after 4 months with that lan...
    Last edited by maverik35; 02-17-2013 at 07:38 PM.

  7. #7
    Good friend of the forums zimmaro's Avatar
    Join Date
    Mar 2010
    Location
    milano
    Posts
    407

    Default Re: ettercap redirect stopped working?

    hi maverik35
    if you can be of interest to "flush out" any problems
    I did a lot of tests (in MY-lan) using the example posted earlier [(dns_spoof + arp) ettercap] 32-bit
    the best result (in MY case) you have with the version BT5-r3 LIVE! 10/10
    instead with the installations (updated) in HHD (vm or physical) I got 5/10

    ps: With your permission I enclose a(VM)live-mode demo

    http://vimeo.com/59855773

    ps1: it worked as well without ip_forward

    MANY THANKS as always

Similar Threads

  1. Ettercap won't redirect DNS spoofing
    By Quieterror in forum BackTrack 5 General Topics
    Replies: 3
    Last Post: 11-06-2012, 03:42 PM
  2. Ettercap Redirect problem
    By Loki1986 in forum BackTrack 5 General Topics
    Replies: 0
    Last Post: 11-08-2011, 08:41 AM
  3. DNS Redirect with Ettercap
    By Nazagul in forum OLD BackTrack 4 General Support
    Replies: 7
    Last Post: 11-10-2009, 08:35 PM
  4. Card stopped working
    By ready_freddy in forum OLD Newbie Area
    Replies: 6
    Last Post: 08-17-2008, 10:52 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •