How to Perform a Man in The Middle Attack With Ettercap [Published]

Unknown

This is a guide on performing MITM attacks with Ettercap for insecure passwords only! This does not cover the use of sslstrip to sniff SSL encrypted passwords, although this will be covered in another guide. This is still very useful however, when dealing with normal HTTP login pages. Have fun!

First, open up your Ettercap config file. It can be found at /etc/etter.conf. We're going to need to make a very quick change in here, so scroll down to the part about IP Tables under the Linux section, and uncomment the already commented parts. After you're done, it should read something like this;

# if you use iptables:
redir_command_on = "iptables -t nat -A PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"
redir_command_off = "iptables -t nat -D PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"

Next, fire up the Ettercap GUI (it's the easiest to work with) and click on the "Options" button, then select the Netmask option. You should be left with a window like this - only empty. Enter 255.255.255.0 as your netmask.



Next, click "Sniff" and then "unified sniffing". Ettercap will ask you for your Network Interface. If you're on an Ethernet connection, enter eth0. If you're on a Wireless connection, it's probably wlan0.



Then, you're going to click the "Hosts" dropdown, then "scan for hosts". This will scan your network for active machines.



Hit the hosts button again, and click on the hosts list. The results from the scan we just did will be sitting in your window right now. One of these IP addresses will be your router (you should know which one it is). What we are going to do is perform a Man In The Middle Attack, so we route all the traffic to our computer before sending it along to the router.



Add your victim IP address to target 1, and the router to Target 2. Then, click the "Mitm" button at the top, check the box which says "Sniff remote connections" and hit OK.



Now, you can press the Start button and begin sniffing for passwords! As soon as someone logs into a website using insecure HTTP, you will be notified. For example, I logged into Warez-bb and this is what happened;

Unknown

Just to add - this is an easy alternative to using Cain and Able for Windows. This software will only work using Linux, but don't let it worry you. It's very simple to use

RemadE

Cheers for this guide! I cannot connect to my Uni network on Backtrack (running on VMWare), so I can't use this unless a PC version exists also they have some epic security in place now so you cannot see any other IP address on the network. Suuucks.

Darth Beaver

The screenshots are great, well formatted guide. :thumbsup:

Unknown

RemadE wrote: »

Cheers for this guide! I cannot connect to my Uni network on Backtrack (running on VMWare), so I can't use this unless a PC version exists also they have some epic security in place now so you cannot see any other IP address on the network. Suuucks.

How come you can't connect to your uni network with Backtrack? Have you tried running it from a Live CD instead of in VMWare? I bet there's a way around this

Also, what methods have you tried for seeing IP addresses on the network? If you manage to get BT connected to the network, run some nmap scans. It's possible that the network blocks connections from scanning the network, but if you know an IP address where a computer SHOULD be, you can force a connection through nmap with one of the options (I forget which one now).

Dfg

Taken from: Network (in)Security
CMS Status:

sepuku

Hello people,i have installed ettercap under OpenBSD.In most cases The guide could be enough.But in OpenBSD things are a bit different;According to the etter.conf file i must write a script.Has anyone managed to get ettercap work under OBSD?

Unknown

Can you post your etter.conf file here so I can take a look? Or at least tell me exactly what it says with regards to writing this script? Sounds strange to me, but then again I've never used OBSD?

sepuku

#---------------
#   Open BSD
#---------------

# unfortunately the pfctl command does not accepts direct rules adding
# you have to use a script wich executed the following command:

 # ----- cut here -------
 #   #!/bin/sh
 #   rdr pass on $1 inet proto tcp from any to any port $2 -> localhost port $3
| pfctl -a sslsniff -f -
 # ----- cut here -------

# it's important to remember that you need "rdr-anchor sslsniff" in your
# pf.conf in the TRANSLATION section.

   #redir_command_on = "the_script_described_above %iface %port %rport"
   #redir_command_off = "pfctl -a sslsniff -Fn"

# also, if you create a group called "pfusers" and have EC_GID be that group,
# you can do something like:
#     chgrp pfusers /dev/pf
#     chmod g+rw /dev/pf
# such that all users in "pfusers" can run pfctl commands; thus allowing non-roo
t
# execution of redir commands.

That's the OBSD section of the etter.conf file.I undestand that i must write the script.But should the script be under a specific folder?Also by default OBSD has korn shell not bash.Should i make changes to the script?

edit:I think that if you have installed ettercap you could read the whole file too:

#vi /etc/etter.conf

Unknown

Try creating that script and running it. It shouldn't have to be in a certain directory, and if it does then stick it in your usr/bin directory where the rest of your scripts are. I don't know if it gets called by Ettercap or something - it's just not something I've had a problem with Sorry bro.