ettercap -G dosn't show any sniffing results about ettercap HOT 14 CLOSED

I tested and can confirm. I even enabled IP forwarding...no love. But honestly I have no love for GTK or curses. CLI works just fine.

from ettercap.

cli works fine? I issued the commands:

root@bt:# echo 1 > /proc/sys/net/ipv4/ip_forward
root@bt:# ettercap -Tql -eth1 -M arp:remote ///

And it dosnt sniff nothing.
I even tryed using this 2 comands in other window:

iptables -t nat -A PREROUTING -i eth1 -p tcp --destination-port 80 -j REDIRECT --to-port 10000

and

sslstrip -a -k -f

And there are no results.

Any help?

from ettercap.

ettercap 0.7.5 has an sslstrip plugin built into it with this version. Try disabling and see if you get better results... That way we can hope to narrow down the issue.

from ettercap.

One thing as well you have to do the echo 1 command after you fire up ettercap....

from ettercap.

I've done extensive testing today and it does seem like the poisoning is working, but the packets are not being forwarded. For example, on the victim system, I browse to a webpage and I get Error 102(net::ERR_CONNECTION_REFUSED): The server refused the connection. For about 99% of the sites I visit.

I can ping the site just fine and receive the proper reply.

I tried it both with SSLStrip plugin enabled and disabled. Both gave the same result.

Looking at wireshark I see what looks to be the proper reply from the website, however the attacking machine may not be passing along appropriately.

Bottom line I think right now is ettercap 0.7.5 is not function as expected, even the simple poisoning piece.

from ettercap.

Are you seeing any errors such as packet too large? L3 send errors that is. I have tested it without any issues. I forwarding needs to be disabled. Can you compile with root and check the debug file for anything that does not look normal?

from ettercap.

I am not seeing any errors. Tested on Ubuntu 12.04 with libcurl 7.28. Loading up a new BT5R3 image....will install from scratch and retest.

Everything seems to be operating as expected, except the victim never gets the proper response.

Let me know what you need from me, wireshark dumps, etc.

I have tried it both with forwarding enabled and disabled as well as sslstrip plugin on/off.

With regards to forwarding, it always says you don't need it, but I have never experienced ettercap workign without ip forwarding enabled.

will keep you posted.

from ettercap.

Yeh, on my network, with etetrcapr 0.7.5 I have same problem. But with version 0.7.4.1 I can get a bit more info.
But I believe that is something around with my network. Because, the arp table on victim computer, only keep the mac adrress of the attacker pc in the ip of the gateway for like 1 second, then it changes for the original mac.
Anyway, version 0.7.4.1 seams to work better then 0.7.5 at least on BT5R3.

CUmps,

from ettercap.

I did additional testing here were my steps

Installed BackTrack 5R3 64 Bit Gnome
apt-get purge ettercap (removes ettercap and easy-creds)
apt-get install libnet1* libnet6*
downloaded 0.7.5 from github
Installed curl 7.28 from source (cURL website)
completed the steps to build 0.7.5
cloned easy-creds from github

Once I had everything back in place I ran ettercap 0.7.5 by hand with your command (minus the interface specification) and it worked fine. It seemed a bit slow, but worked a-ok.

I then fired up easy-creds 3.7.1 and completed an attack against the same VM. Worked like a champ, no lag, no issues no crashing.

So from this testing, everything worked as expected with no issues.

I enabled the sslstrip plugin and there are some issues there.

My suggestion is to complete the steps above on a fresh BT5R3 and see if you still have issues let us know. As far as I can tell, everything worked as expected. I will continue to test on Ubuntu 12.04 as it wasn't performing up to the level expected.

Best Regards

from ettercap.

I'll do more testing tonight. The sslstrip plug in adds an ip tables rule to forward http traffic to a random port it chooses. You can't run both the python script and plug in at the same time. It seems that either the plug in can't go out to reach to the web servers or its failing to send responses back to victim. I'll test some more.

Thanks guys!

from ettercap.

That is correct. If you look at wireshark you will see proper communication
with the website, however it is not conveyed back to the victim.

On Mon, Nov 5, 2012 at 2:16 AM, Emilio A. Escobar
[email protected]:

I'll do more testing tonight. The sslstrip plug in adds an ip tables rule
to forward http traffic to a random port it chooses. You can't run both the
python script and plug in at the same time. It seems that either the plug
in can't go out to reach to the web servers or its failing to send
responses back to victim. I'll test some more.

Thanks guys!

—
Reply to this email directly or view it on GitHubhttps://github.com//issues/48#issuecomment-10065610.

from ettercap.

This is how I configured curl:
1208 ./configure --prefix=/usr --enable-http --enable-cookies --with-ssl=/usr --enable-debug

Now one thing I noticed is that there is a libcurl installed with BT5r3 in /usr/lib64, ettercap is finding that one and not the new one. You might want to change the CMakeLists.txt (line 24) and set /usr/lib (or where you installed libcurl) first.

Also, I had to download and install libnet1.1.6 from the sourceforge page (libnet-dev). The ones that come with BT5r3 will not work.

I was able to sniff connections and creds using the GTK GUI and console. There seems to be something new with google.com that the SSLStrip plugin is not handling. It did work with slashdot.org. One thing I noticed is that when I disable the plugin, nothing else works, gotta look into it.

I might, however, just set the plugin to forward data to Moxie's python script and not worry about it from a C-code perspective.

from ettercap.

Ok, will test it today night. And about the ssl plugin, how I activate it?
Just need to use the ssltrip command and the ip tables one?

Thanks in advance

from ettercap.

You can activate it by managing your plugins from the Plugins menu. Now, I was seeing issues with it.

from ettercap.