Results 1 to 2 of 2

Thread: Ettercap not capturing HTTP or HTTPS

  1. #1
    Junior Member
    Join Date
    Aug 2010

    Default Ettercap not capturing HTTP or HTTPS

    This is all being done on my own home network.

    Ok, I've done the following things:

    A. Uncommented the iptables part of etter.conf.
    B. Done "echo 1 > /proc/sys/net/ipv4/ip_forward" and I've seen that the value is set to 1.
    C. Opened ettercap, began sniffing, added all hosts to target 1, began ARP spoofing Mitm, checked "Sniff remote connections."

    First off, nothing appears at the bottom of my ettercap window. If I use etterlog to view the log as it's sniffing though, almost every packet is random SSDP traffic. If I try to view a page on my main computer (the victim), the DNS query will appear in the log, and it'll display the name of the page, but if I login or submit a post or anything, nothing appears. Nothing is seen as coming in on port 80.

    If I view Wireshark, it's the same result. Nothing from HTTP. Also, if I send an MSN message, some sort of ACK packet appears with the name of the person I'm talking to, but nothing that I've said appears.

    So, what am I doing wrong? I seem to be getting some but not all packets from the victim.


  2. #2
    Just burned his ISO
    Join Date
    Mar 2010

    Default Re: Ettercap not capturing HTTP or HTTPS

    You forgot to tell iptables to redirect traffic. After enabling ip_forward as you did, type:

    "iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000"

    After that, run "sslstrip -a -k" and then ettercap with your options.
    I recommend not adding all hosts (// //) to the hosts list cause it might crash the network or cause errors in the captures/replies. It's best to target a specific host when sniffing.

    Let us know if it worked =]

Similar Threads

  1. sniffing, ettercap, https, ssl
    By theoleek in forum OLD Newbie Area
    Replies: 1
    Last Post: 10-25-2009, 01:27 AM
  2. sslstrip with ettercap or airspoof not capturing password
    By danielgc in forum OLD BackTrack 4 General Support
    Replies: 3
    Last Post: 08-29-2009, 10:29 PM
  3. Is it possible to capture HTTP passwords (Ettercap)
    By OldGregg in forum OLD Newbie Area
    Replies: 8
    Last Post: 07-11-2009, 12:39 PM
  4. ettercap, https
    By theoleek in forum OLD Newbie Area
    Replies: 8
    Last Post: 11-22-2008, 07:30 PM
  5. Replies: 0
    Last Post: 12-18-2007, 07:50 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts