Jump to content

Ettercap And Ssl


gandaran

Recommended Posts

Hi,

I'm trying ettercap on my network and I can capture uncrypted username and passwords, I have followed a lot of video tutorials claiming they can capture SSL encrypted username and passwords but it doesn't work here using Ubuntu 11.04, so whats the secret? how do you do it?

thanks

Link to comment
Share on other sites

what tutorials?

For https you need sslstrip.

so sslstrip is the only way?

tried installing sslstrip from http://www.thoughtcrime.org/software/sslstrip/ on ubuntu 11.04 but shows errors running the commands

sudo echo "1" > /proc/sys/net/ipv4/ip_forward
bash: /proc/sys/net/ipv4/ip_forward: Permission denied

mfp@PC:~$ sudo iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port <listenPort>
bash: syntax error near unexpected token `newline'

any way to fix this for 11.04?

Link to comment
Share on other sites

for the first line try

sudo bash -c 'echo "1" > /proc/sys/net/ipv4/ip_forward'

for the second line try replacing <listenPort> with the port that sslstrip is listening on.

Link to comment
Share on other sites

for the first line try

sudo bash -c 'echo "1" &gt; /proc/sys/net/ipv4/ip_forward'

for the second line try replacing <listenPort> with the port that sslstrip is listening on.

the first code worked, no errors at least.

and for the port, sorry I don't understand, what is the port number sslstrip listens?

also do I have to enter these code lines every-time to run sslstrip?

thanks

Link to comment
Share on other sites

First read up on the following areas

  • bash (specifically redirection and piping streams)
  • networking (specifically ports and listening services).
  • iptables and redirecting ports

then when you understand what port sslstrip is listening on and why you need to redirect port 80 to that port on your local machine you can try

sudo iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000

Link to comment
Share on other sites

./sslstrip.py -l 10000

starting sslstrip with the above command outputs these errors

Traceback (most recent call last):
  File "./sslstrip.py", line 108, in &lt;module&gt;
    main(sys.argv[1:])
  File "./sslstrip.py", line 101, in main
    reactor.listenTCP(int(listenPort), strippingFactory)
  File "/usr/lib/python2.7/dist-packages/twisted/internet/posixbase.py", line 419, in listenTCP
    p.startListening()
  File "/usr/lib/python2.7/dist-packages/twisted/internet/tcp.py", line 857, in startListening
    raise CannotListenError, (self.interface, self.port, le)
twisted.internet.error.CannotListenError: Couldn't listen on any:10000: [Errno 98] Address already in use.

what am I missing?

edit:

ettercap is freezing now while scanning for hosts, I'm thinking of giving up, how do I undo the two sslstrip code commands?

Edited by gandaran
Link to comment
Share on other sites

First use netstat to see what is currently using port 10000 (do you already have netstat running?)

netstat -lp

Once you have figured that out then you can either stop the process that is using port 10000 or ask sslstrip to use a port that isn't in use already.

If you want to give up then neither of the commands that you have done are permanent so you can restart the machine to clear them out. If you don't want to restart the machine then you can remove the ip_forward option with

sudo bash -c 'echo "0" &gt; /proc/sys/net/ipv4/ip_forward'

to remove the forwarding rule you can list iptables rules for the nat table with

sudo iptables --line-numbers --list PREROUTING --table nat

then find the number of the rule you want to remove and use

sudo iptables --table nat --delete PREROUTING &lt;ruleNumber&gt;

Note: replace <ruleNumber> with the number of the rule you want to delete.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...