Jump to content

[Support] Ettercap


Whistle Master

Recommended Posts

  • 1 month later...

Hi , I'm trying to use this infusion.

I'm running a Win machine (doubt that matters in this case).

My Version is ettercap - v1.1

I get the message about it taking a few minutes to install all dependacies however once I click install I get "loading" for about 5 seconds and then nothing.

I've left the tab open for a out 30mins but still no go.

any ideas , not sure if I'm missing something obvious?.

By the way I'm running on Firmware Version: 1.0.4

Link to comment
Share on other sites

  • 1 month later...
Let me start by saying I'm new to all this. I recognize that most of you are way beyond this ... but I'm hoping someone is willing to give me some help. I'm struggling to understand how to utilize the pineapple and I've been taking little steps.


I'm having a problem with losing internet connection through my MKV pineapple while trying to run ettercap. My setup is that my pineapple is connected to my laptop via the Ethernet port, and my laptop is connected to my WPA2 wifi home network and has ICS configured. The pineapple can connect to the internet just fine. I have connected my tablet (via wifi) to the pineapple and everything is fine. Tablet has internet connection and Pineapple has internet connection.


Now ... I am trying to run ettercap. I open the large tile infusion for ettercap and click on the start. I believe I have ettercap correctly connected to eth0. Ettercap starts up and appears to be running. I navigate my tablet to Google.com and all is working fine. However, once I try to navigate my tablet to an SSL page the browser on my tablet just hangs and can't connect.


Can someone explain to me what I am doing wrong ... and/or point me in a direction to help me understand how to fix this.


Any help or guidance is greatly appreciated.

Link to comment
Share on other sites

  • 2 weeks later...
  • 3 months later...

Guys I'm having a bit of trouble getting this to run. It always comes up with "ettercap is not running..." after executing various commands.

This is my current setup.

wlan1 is connected to network 10.1.1.0 in client mode with DHCP address of 10.1.1.8.

I want to ARP poison 10.1.1.6 which is on the client network.

The gateway on the client network is 10.1.1.1

The pineapple is running on the default 172.16.42.0 network.

Can someone please confirm the correct settings / command to ARP traffic from a client on the client network.

Or is it simply not possible to ARP clients on the network configured as client mode?

Edited by Geoff0ne
Link to comment
Share on other sites

Guys I'm having a bit of trouble getting this to run. It always comes up with "ettercap is not running..." after executing various commands.

This is my current setup.

wlan1 is connected to network 10.1.1.0 in client mode with DHCP address of 10.1.1.8.

I want to ARP poison 10.1.1.6 which is on the client network.

The gateway on the client network is 10.1.1.1

The pineapple is running on the default 172.16.42.0 network.

Can someone please confirm the correct settings / command to ARP traffic from a client on the client network.

Or is it simply not possible to ARP clients on the network configured as client mode?

thanks

I believe you should still be able to do this. Just set the correct interface and IPs in Ettercap and see if that works.

Link to comment
Share on other sites

  • 4 weeks later...

Edit~ Much later on..

I have managed to successfully create a rouge AP Honeypot...

1: connected to PA via broadcasted ssid - login to port 1471
2: start wlan1 - client mode - connect to hotspot on phone (used my iphone - yay) 
3: installed infusions wifi manger,ettercap & sslstrip
4: enabled ISC from wlan1 to wlan0 in wifi manager
5: tested networking, can access sites and such. - next step
6: ettercap - set to scan br-lan with arp poisions enabled for all hosts -unified sniffing started
7: sslstrip started 
8: TESTING!

Tested with ipad and mac air. Regualr social media and mail sites such as yahoo, wordpress, google, facebook, etc captured 100% all manually entered authentication
--- no success with app's like FB or skype or any other app that auto logs in on the ipad - andriod testing pending
--- could not connect to app store, OWA webmail host, gmail host, or authenticate windows LDAP connections nor capture those attempts

**UPDATE:
Having some minor success with Ettercap/ssl on a connected as a client on target network and see probe requests and such - but no rock solid success as you get with honey pot mode.

**Email Creds Stripped from IDevices**
Discovered on ipad, when connecting to the honey pot, a warning box appears regarding the mail providers, saying "cant determine if http://XXXX.XX.X is real or not" contine, cancel or view. if the user presses "continue" it is at this point the devices will happily provide the PA the packets containing the ever elusive email passwords etc. Seems Certificate spoofing could be something worth looking at.

Edited by koolkarnt
Link to comment
Share on other sites

  • 1 month later...

Koolkarnt,

ive followed your steps with little success.

1: connected to PA via broadcasted ssid - login to port 1471
2: start wlan1 - client mode - connect to hotspot
3: installed infusions wifi manger,ettercap urlsnarf and dnsspoof
4: enabled ICS from wlan1 to wlan0 in wifi manager
5: tested networking, can access sites and such. - next step
6: ettercap -i br-lan -M arp:oneway,remote // //
7: Urlsnarf and dnsspoof running on br-lan
8: Test from a client machine connected to broadcasted SSID from wlan0 - no internet

9. Test from client machine connected directly to hotspot that wlan1 is connected to in client mode - no internet from client machine.

wrong ettercap command?

I have also tried running ettercap on the wlan1 interface - with the same outcome as step 8 & 9.

edit:

Tried disabling wlan1 and setting up a USB alfa to connect in client mode the hotspot on wlan2. Then do a ettercap -i wlan2 -M arp:oneway,remote // //

Still no go - both directly connected client machines to wlan0 AP and exisiting clients on network attached to wlan2 in client mode - no internet

Edited by Geoff0ne
Link to comment
Share on other sites

  • 2 weeks later...
  • 2 weeks later...
  • 1 month later...

I am having many bugs with this infusion:

Bug 1) I can't scroll down and can't see the log file.

a) Before turn on the infusion

OTPiBWC.jpg

b) After run it, when i get my victim's credentials. I can see it partially on home.

5lDa3qe.jpg

c) At this point when i go to inside the infusion, I can't scroll down and see the log with details and even I can't activate the refresh button.

DZTu4nC.jpg

Bug 2) After start and stop the infusion i need to type this: echo 1 > /proc/sys/net/ipv4/ip_forward, if not i lose my internet connection.

4EMiGpa.jpg

Bug(?) 3) Need to change and uncomment the ip_tables rules in /etc/etter.conf. Also change the owner from 65 534 to 0 and i think this will be automatically, not manual. All this changes are to prevent the error: SSL dissection needs a valid ‘redir_command_on’ script in the file etter.conf

Bug 4) When i run sslstrip i can navigate without problems, a little bit slower but fine. Can get credentials on facebook, gmail, twitter, ebay... But when i run ettercap at same time with sslstrip this infusions make the connection very very slow.

My browser it's completely clean (cookies, cache...) and my pineapple it's recently restored.

I think you can help me.

Edited by daniboy92
Link to comment
Share on other sites

Thanks for the report ! Last firmware changes on css broke many infusions and I have not find the time to go all of my infusions. I will fix point 1 and 3. Points 2 and 4 are not related to the infusion itself.

For your point 2, ettercap will automatically start and stop IP forwarding. I will include a fix to that in the infusion. But you will have the same issue if you try to run ettercap from the command line.

Edited by Whistle Master
Link to comment
Share on other sites

Than you very much Whistle Master.

I know you don't have many time but maybe you can see why with the new firmware ettercap (command and infusion) doesn't work properly... I think new firmware it's the cause. Or maybe you can make a guide for get a good function for infusion.

Edited by daniboy92
Link to comment
Share on other sites

  • 1 month later...

Im on 2.0.4 firmware with 1.5 infusion of Ettercap. I see inconsistencies where it give you the option to stop - but then says ettercap is not running

in order to get it to work - i have to wrap the target ip addresses with "/".

i still have to manually flip the ip_forwarding after I start ettercap.

Link to comment
Share on other sites

  • 4 months later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...