ElevenWarrior Posted February 11, 2009 Share Posted February 11, 2009 I've used ettercap in both Linux and windows, but I can't seem to get in to sniff SSL login's. I can get plain text fine, but not, the encrypted ones. any ideas? Quote Link to comment Share on other sites More sharing options...
ax0n Posted February 15, 2009 Share Posted February 15, 2009 You need something more than Ettercap to do this. The easiest way I know of is using something that can man-in-the-middle the encryption, such as Jay Beale's Middler. Ettercap just sniffs (and arp poisons to get traffic from switched networks). MiTM attacks try to trick users into using encryption that you have the key for, so then you can decrypt the session. Quote Link to comment Share on other sites More sharing options...
ElevenWarrior Posted February 17, 2009 Author Share Posted February 17, 2009 You need something more than Ettercap to do this. The easiest way I know of is using something that can man-in-the-middle the encryption, such as Jay Beale's Middler. Ettercap just sniffs (and arp poisons to get traffic from switched networks). MiTM attacks try to trick users into using encryption that you have the key for, so then you can decrypt the session. okay I've been told EVERYWHERE else that this isn't so. (no offence) can anyone else back this up? Quote Link to comment Share on other sites More sharing options...
OIFhax Posted March 9, 2009 Share Posted March 9, 2009 okay I've been told EVERYWHERE else that this isn't so. (no offence) can anyone else back this up? you need to edit your etter.conf file. do some searching and the answer will be clear. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.