ElevenWarrior Posted February 11, 2009 Posted February 11, 2009 I've used ettercap in both Linux and windows, but I can't seem to get in to sniff SSL login's. I can get plain text fine, but not, the encrypted ones. any ideas? Quote
ax0n Posted February 15, 2009 Posted February 15, 2009 You need something more than Ettercap to do this. The easiest way I know of is using something that can man-in-the-middle the encryption, such as Jay Beale's Middler. Ettercap just sniffs (and arp poisons to get traffic from switched networks). MiTM attacks try to trick users into using encryption that you have the key for, so then you can decrypt the session. Quote
ElevenWarrior Posted February 17, 2009 Author Posted February 17, 2009 You need something more than Ettercap to do this. The easiest way I know of is using something that can man-in-the-middle the encryption, such as Jay Beale's Middler. Ettercap just sniffs (and arp poisons to get traffic from switched networks). MiTM attacks try to trick users into using encryption that you have the key for, so then you can decrypt the session. okay I've been told EVERYWHERE else that this isn't so. (no offence) can anyone else back this up? Quote
OIFhax Posted March 9, 2009 Posted March 9, 2009 okay I've been told EVERYWHERE else that this isn't so. (no offence) can anyone else back this up? you need to edit your etter.conf file. do some searching and the answer will be clear. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.