unyttig.INFO Your source to not so useless information

Sniffing around using Ettercap

Ever wondered how hackers are able to obtain your passwords? Well using a tool called "Ettercap" is one way of doing it. What the tool basically does is very simple, it intercepts network traffic(say in a hotspot) and captures passwords. The tool can also conduct active eavesdropping(man in the middle attack) against a number of common protocols. Im going to explain here how to setup this tool, so you can do your own experiments inside your own network. Remember that this is only meant to be used to penetration test your own network, and maybe teach you a thing or two of things not to do when connected to a public network.
Please use this tool responsibly, I do not support the use of this tool under illegal circumstanses as a result of following this tutorial.

Tools needed:

• Text editor(nano/vim etc)
• Ettercap

For SSL Dissection support (hotmail,gmail):

• Open up a terminal and edit "/usr/local/etc/etter.conf" (this path may vary from system to system) with your favourite text edit.
• Find your way to redir_command_on/off and change the following:

  # if you use iptables:
  #redir_command_on = "iptables -t nat -A PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"
  #redir_command_off = "iptables -t nat -D PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport" 
   
  #to
   
  # if you use iptables:
  redir_command_on = "iptables -t nat -A PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"
  redir_command_off = "iptables -t nat -D PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"

• Save and exit
• Open up Ettercap
• Go to: Sniff->Unified Sniffing->ethX (the interface you wish to use for sniffing)
• Press CTRL+S  to scan for hosts
• Go to: Mitm->ARP poisoning, select "sniff remote connections" and press OK
• Lastly go to Start->Start Sniffing

If you want to check out if it works, use a different computer in your network and try to login to hotmail/gmail. You will be asked to accept a certificate, just press yes and take a look at the "sniffer computer", you should now be able to see the password and username you just entered. In case you wondered, the certification bit is just for sites which requires SSL, forum sites and so on which normally don't require SSL certification works like a charm, and the user is non the wiser as there's nothing out of the ordinary.

No related posts.