View Full Version : Poisoning problem in ettercap

12-31-2008, 02:50 PM
First, i want to say I'm on mac osx 10.5.6. I installed ettercap with fink.

here is the part of my etter.conf file concerning the port redirection :

# a better solution is to use a script that keeps track of the rules interted
# and then deletes them on exit:
redir_command_on = "ettercap_redir_on %rport %port %iface"

ettercap_redir_on :

if [ -a "/tmp/osx_ipfw_rules" ]; then
ipfw -q add `head -n 1 osx_ipfw_rules` fwd,$1 tcp from any to any $2 in via $3
ipfw add fwd,$1 tcp from any to any $2 in via $3 | cut -d " " -f 1 >> /tmp/osx_ipfw_rules

ettercap_redir_off :

if [ -a "/tmp/osx_ipfw_rules" ]; then
ipfw -q delete `head -n 1 /tmp/osx_ipfw_rules`
rm -f /tmp/osx_ipfw_rules

both these scripts are located in /usr/local/bin
With this configuration, i've had some succes in getting https password with ettercap.

Second, i've some problem with getting a true and stable poisoning with ettercap.
Most of time i've, when i launch the chk_poison plugin i get message in the style of :

chk_poison: No poisoning between ->

Usually i reboot ettercap and after a few times, i'm able of getting a proper poisoning ; hence chk_poison tells me :

poisoning successfull!
But i never get a true "success" as it oscillates between a "poisoning successfull" state and a "no poisoning between" state.

What should i do to get it work in the proper way ?
Are my scripts the good thing (i followed the instruction within ettercap.sourceforge.net/forum/viewtopic.php?t=2257&sid=67c4d47db4094013485a7517df658990) ?
Should i change the

arp_storm_delay = 10 # milliseconds
arp_poison_warm_up = 1 # seconds
arp_poison_delay = 10
parameter in etter.conf ?

12-31-2008, 03:16 PM
This is a support forum for backtrack not osx