Comments (14)
I tested and can confirm. I even enabled IP forwarding...no love. But honestly I have no love for GTK or curses. CLI works just fine.
from ettercap.
cli works fine? I issued the commands:
root@bt:# echo 1 > /proc/sys/net/ipv4/ip_forward# ettercap -Tql -eth1 -M arp:remote ///
root@bt:
And it dosnt sniff nothing.
I even tryed using this 2 comands in other window:
iptables -t nat -A PREROUTING -i eth1 -p tcp --destination-port 80 -j REDIRECT --to-port 10000
and
sslstrip -a -k -f
And there are no results.
Any help?
from ettercap.
ettercap 0.7.5 has an sslstrip plugin built into it with this version. Try disabling and see if you get better results... That way we can hope to narrow down the issue.
from ettercap.
One thing as well you have to do the echo 1 command after you fire up ettercap....
from ettercap.
I've done extensive testing today and it does seem like the poisoning is working, but the packets are not being forwarded. For example, on the victim system, I browse to a webpage and I get Error 102(net::ERR_CONNECTION_REFUSED): The server refused the connection. For about 99% of the sites I visit.
I can ping the site just fine and receive the proper reply.
I tried it both with SSLStrip plugin enabled and disabled. Both gave the same result.
Looking at wireshark I see what looks to be the proper reply from the website, however the attacking machine may not be passing along appropriately.
Bottom line I think right now is ettercap 0.7.5 is not function as expected, even the simple poisoning piece.
from ettercap.
Are you seeing any errors such as packet too large? L3 send errors that is. I have tested it without any issues. I forwarding needs to be disabled. Can you compile with root and check the debug file for anything that does not look normal?
from ettercap.
I am not seeing any errors. Tested on Ubuntu 12.04 with libcurl 7.28. Loading up a new BT5R3 image....will install from scratch and retest.
Everything seems to be operating as expected, except the victim never gets the proper response.
Let me know what you need from me, wireshark dumps, etc.
I have tried it both with forwarding enabled and disabled as well as sslstrip plugin on/off.
With regards to forwarding, it always says you don't need it, but I have never experienced ettercap workign without ip forwarding enabled.
will keep you posted.
from ettercap.
Yeh, on my network, with etetrcapr 0.7.5 I have same problem. But with version 0.7.4.1 I can get a bit more info.
But I believe that is something around with my network. Because, the arp table on victim computer, only keep the mac adrress of the attacker pc in the ip of the gateway for like 1 second, then it changes for the original mac.
Anyway, version 0.7.4.1 seams to work better then 0.7.5 at least on BT5R3.
CUmps,
from ettercap.
I did additional testing here were my steps
Installed BackTrack 5R3 64 Bit Gnome
apt-get purge ettercap (removes ettercap and easy-creds)
apt-get install libnet1* libnet6*
downloaded 0.7.5 from github
Installed curl 7.28 from source (cURL website)
completed the steps to build 0.7.5
cloned easy-creds from github
Once I had everything back in place I ran ettercap 0.7.5 by hand with your command (minus the interface specification) and it worked fine. It seemed a bit slow, but worked a-ok.
I then fired up easy-creds 3.7.1 and completed an attack against the same VM. Worked like a champ, no lag, no issues no crashing.
So from this testing, everything worked as expected with no issues.
I enabled the sslstrip plugin and there are some issues there.
My suggestion is to complete the steps above on a fresh BT5R3 and see if you still have issues let us know. As far as I can tell, everything worked as expected. I will continue to test on Ubuntu 12.04 as it wasn't performing up to the level expected.
Best Regards
from ettercap.
I'll do more testing tonight. The sslstrip plug in adds an ip tables rule to forward http traffic to a random port it chooses. You can't run both the python script and plug in at the same time. It seems that either the plug in can't go out to reach to the web servers or its failing to send responses back to victim. I'll test some more.
Thanks guys!
from ettercap.
That is correct. If you look at wireshark you will see proper communication
with the website, however it is not conveyed back to the victim.
On Mon, Nov 5, 2012 at 2:16 AM, Emilio A. Escobar
[email protected]:
I'll do more testing tonight. The sslstrip plug in adds an ip tables rule
to forward http traffic to a random port it chooses. You can't run both the
python script and plug in at the same time. It seems that either the plug
in can't go out to reach to the web servers or its failing to send
responses back to victim. I'll test some more.Thanks guys!
—
Reply to this email directly or view it on GitHubhttps://github.com//issues/48#issuecomment-10065610.
from ettercap.
This is how I configured curl:
1208 ./configure --prefix=/usr --enable-http --enable-cookies --with-ssl=/usr --enable-debug
Now one thing I noticed is that there is a libcurl installed with BT5r3 in /usr/lib64, ettercap is finding that one and not the new one. You might want to change the CMakeLists.txt (line 24) and set /usr/lib (or where you installed libcurl) first.
Also, I had to download and install libnet1.1.6 from the sourceforge page (libnet-dev). The ones that come with BT5r3 will not work.
I was able to sniff connections and creds using the GTK GUI and console. There seems to be something new with google.com that the SSLStrip plugin is not handling. It did work with slashdot.org. One thing I noticed is that when I disable the plugin, nothing else works, gotta look into it.
I might, however, just set the plugin to forward data to Moxie's python script and not worry about it from a C-code perspective.
from ettercap.
Ok, will test it today night. And about the ssl plugin, how I activate it?
Just need to use the ssltrip command and the ip tables one?
Thanks in advance
from ettercap.
You can activate it by managing your plugins from the Plugins menu. Now, I was seeing issues with it.
from ettercap.
Related Issues (20)
- Replacing data at a specific location within a packet HOT 1
- Unified vs Bridged HOT 2
- Way to use on windows HOT 1
- FATAL : "arp:remote" and "-z" HOT 3
- Ettercap filter
- libcurl version error HOT 1
- no such file or directory: libettercap-ui.0.8.4-rc.dylib HOT 1
- Bridge sniffing slow bandwidth HOT 3
- Etterfilter compilation broken for drop, kill, exit in latest RC. HOT 12
- Filter doesnt work HOT 9
- Pcre_regex or replace has no effect in Ettercap filters HOT 2
- ettercap HOT 1
- HSTS issue HOT 1
- mitm tab missing HOT 1
- Cmake trying in kali linux HOT 2
- Problem with the host button HOT 6
- Segmentation fault - cannot use GUI HOT 3
- I can't run ettercap on any interface. I also make reinstall and install again but it only shows like that if i start sniffing tick button. HOT 5
- FATAL: ARP poisoning needs a non empty hosts list.
- FATAL: ARP poisoning needs a non empty hosts list. HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ettercap.