Ettercap And Ssl

[gandaran]

Hi,

I'm trying ettercap on my network and I can capture uncrypted username and passwords, I have followed a lot of video tutorials claiming they can capture SSL encrypted username and passwords but it doesn't work here using Ubuntu 11.04, so whats the secret? how do you do it?

thanks

[Jamo]

what tutorials?

For https you need sslstrip.

[gandaran]

what tutorials?

For https you need sslstrip.

so sslstrip is the only way?

tried installing sslstrip from http://www.thoughtcrime.org/software/sslstrip/ on ubuntu 11.04 but shows errors running the commands

sudo echo "1" > /proc/sys/net/ipv4/ip_forward
bash: /proc/sys/net/ipv4/ip_forward: Permission denied

mfp@PC:~$ sudo iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port <listenPort>
bash: syntax error near unexpected token `newline'

any way to fix this for 11.04?

[Jason Cooper]

for the first line try

sudo bash -c 'echo "1" > /proc/sys/net/ipv4/ip_forward'

for the second line try replacing <listenPort> with the port that sslstrip is listening on.

[gandaran]

for the first line try

sudo bash -c 'echo "1" > /proc/sys/net/ipv4/ip_forward'

for the second line try replacing <listenPort> with the port that sslstrip is listening on.

the first code worked, no errors at least.

and for the port, sorry I don't understand, what is the port number sslstrip listens?

also do I have to enter these code lines every-time to run sslstrip?

thanks

[Jason Cooper]

First read up on the following areas

• bash (specifically redirection and piping streams)
  
• networking (specifically ports and listening services).
  
• iptables and redirecting ports
  

then when you understand what port sslstrip is listening on and why you need to redirect port 80 to that port on your local machine you can try

sudo iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000

[gandaran]

./sslstrip.py -l 10000

starting sslstrip with the above command outputs these errors

Traceback (most recent call last):
  File "./sslstrip.py", line 108, in <module>
    main(sys.argv[1:])
  File "./sslstrip.py", line 101, in main
    reactor.listenTCP(int(listenPort), strippingFactory)
  File "/usr/lib/python2.7/dist-packages/twisted/internet/posixbase.py", line 419, in listenTCP
    p.startListening()
  File "/usr/lib/python2.7/dist-packages/twisted/internet/tcp.py", line 857, in startListening
    raise CannotListenError, (self.interface, self.port, le)
twisted.internet.error.CannotListenError: Couldn't listen on any:10000: [Errno 98] Address already in use.

what am I missing?

edit:

ettercap is freezing now while scanning for hosts, I'm thinking of giving up, how do I undo the two sslstrip code commands?

Edited June 23, 2011 by gandaran

[Jason Cooper]

First use netstat to see what is currently using port 10000 (do you already have netstat running?)

netstat -lp

Once you have figured that out then you can either stop the process that is using port 10000 or ask sslstrip to use a port that isn't in use already.

If you want to give up then neither of the commands that you have done are permanent so you can restart the machine to clear them out. If you don't want to restart the machine then you can remove the ip_forward option with

sudo bash -c 'echo "0" > /proc/sys/net/ipv4/ip_forward'

to remove the forwarding rule you can list iptables rules for the nat table with

sudo iptables --line-numbers --list PREROUTING --table nat

then find the number of the rule you want to remove and use

sudo iptables --table nat --delete PREROUTING <ruleNumber>

Note: replace <ruleNumber> with the number of the rule you want to delete.