[Support] Ettercap

[Whistle Master]

Features

- Ettercap options selection
- Filter building
- History

Edited December 24, 2013 by Whistle Master

[zoro25]

Hi , I'm trying to use this infusion.

I'm running a Win machine (doubt that matters in this case).

My Version is ettercap - v1.1

I get the message about it taking a few minutes to install all dependacies however once I click install I get "loading" for about 5 seconds and then nothing.

I've left the tab open for a out 30mins but still no go.

any ideas , not sure if I'm missing something obvious?.

By the way I'm running on Firmware Version: 1.0.4

[nthoms]

Let me start by saying I'm new to all this. I recognize that most of you are way beyond this ... but I'm hoping someone is willing to give me some help. I'm struggling to understand how to utilize the pineapple and I've been taking little steps.

I'm having a problem with losing internet connection through my MKV pineapple while trying to run ettercap. My setup is that my pineapple is connected to my laptop via the Ethernet port, and my laptop is connected to my WPA2 wifi home network and has ICS configured. The pineapple can connect to the internet just fine. I have connected my tablet (via wifi) to the pineapple and everything is fine. Tablet has internet connection and Pineapple has internet connection.

Now ... I am trying to run ettercap. I open the large tile infusion for ettercap and click on the start. I believe I have ettercap correctly connected to eth0. Ettercap starts up and appears to be running. I navigate my tablet to Google.com and all is working fine. However, once I try to navigate my tablet to an SSL page the browser on my tablet just hangs and can't connect.

Can someone explain to me what I am doing wrong ... and/or point me in a direction to help me understand how to fix this.

Any help or guidance is greatly appreciated.

[m40295]

try running ettercap on br-lan

[nthoms]

try running ettercap on br-lan

thanks ... it worked. I appreciate the response/help. thank you.

[Geoff0ne]

Guys I'm having a bit of trouble getting this to run. It always comes up with "ettercap is not running..." after executing various commands.

This is my current setup.

wlan1 is connected to network 10.1.1.0 in client mode with DHCP address of 10.1.1.8.

I want to ARP poison 10.1.1.6 which is on the client network.

The gateway on the client network is 10.1.1.1

The pineapple is running on the default 172.16.42.0 network.

Can someone please confirm the correct settings / command to ARP traffic from a client on the client network.

Or is it simply not possible to ARP clients on the network configured as client mode?

thanks

Edited May 17, 2014 by tone

[DrDinosaur]

Guys I'm having a bit of trouble getting this to run. It always comes up with "ettercap is not running..." after executing various commands.

This is my current setup.

wlan1 is connected to network 10.1.1.0 in client mode with DHCP address of 10.1.1.8.

I want to ARP poison 10.1.1.6 which is on the client network.

The gateway on the client network is 10.1.1.1

The pineapple is running on the default 172.16.42.0 network.

Can someone please confirm the correct settings / command to ARP traffic from a client on the client network.

Or is it simply not possible to ARP clients on the network configured as client mode?

thanks

I believe you should still be able to do this. Just set the correct interface and IPs in Ettercap and see if that works.

[koolkarnt]

Edit~ Much later on..

I have managed to successfully create a rouge AP Honeypot...

1: connected to PA via broadcasted ssid - login to port 1471
2: start wlan1 - client mode - connect to hotspot on phone (used my iphone - yay) 
3: installed infusions wifi manger,ettercap & sslstrip
4: enabled ISC from wlan1 to wlan0 in wifi manager
5: tested networking, can access sites and such. - next step
6: ettercap - set to scan br-lan with arp poisions enabled for all hosts -unified sniffing started
7: sslstrip started 
8: TESTING!

Tested with ipad and mac air. Regualr social media and mail sites such as yahoo, wordpress, google, facebook, etc captured 100% all manually entered authentication
--- no success with app's like FB or skype or any other app that auto logs in on the ipad - andriod testing pending
--- could not connect to app store, OWA webmail host, gmail host, or authenticate windows LDAP connections nor capture those attempts

**UPDATE:
Having some minor success with Ettercap/ssl on a connected as a client on target network and see probe requests and such - but no rock solid success as you get with honey pot mode.

**Email Creds Stripped from IDevices**
Discovered on ipad, when connecting to the honey pot, a warning box appears regarding the mail providers, saying "cant determine if http://XXXX.XX.X is real or not" contine, cancel or view. if the user presses "continue" it is at this point the devices will happily provide the PA the packets containing the ever elusive email passwords etc. Seems Certificate spoofing could be something worth looking at.

Edited June 26, 2014 by koolkarnt

[Geoff0ne]

Koolkarnt,

ive followed your steps with little success.

1: connected to PA via broadcasted ssid - login to port 1471
2: start wlan1 - client mode - connect to hotspot
3: installed infusions wifi manger,ettercap urlsnarf and dnsspoof
4: enabled ICS from wlan1 to wlan0 in wifi manager
5: tested networking, can access sites and such. - next step
6: ettercap -i br-lan -M arp:oneway,remote // //
7: Urlsnarf and dnsspoof running on br-lan
8: Test from a client machine connected to broadcasted SSID from wlan0 - no internet

9. Test from client machine connected directly to hotspot that wlan1 is connected to in client mode - no internet from client machine.

wrong ettercap command?

I have also tried running ettercap on the wlan1 interface - with the same outcome as step 8 & 9.

edit:

Tried disabling wlan1 and setting up a USB alfa to connect in client mode the hotspot on wlan2. Then do a ettercap -i wlan2 -M arp:oneway,remote // //

Still no go - both directly connected client machines to wlan0 AP and exisiting clients on network attached to wlan2 in client mode - no internet.

Edited July 31, 2014 by tone

[Bl4ckc00k1e]

Hi, in Firmware 2.0.0 and high, i see like this this infusion:

http://www.subirimagenes.com/imagedata.php?url=http://s2.subirimagenes.com/imagen/9027890pineapeettercap.png

And In the Principal Menu of mark5, when i install ettercap always show me isnt intalled, i reboot the pineapple, and see install it

[Whistle Master]

All infusions with tabs have the same issue with firmware 2.0. Fixes are on their way.

[TeCHemically]

I am having the same issue with ettercap. It starts but once I hit refresh it immediately changes to "ettercap not running". Tried running it on br-lan & eth0.

[koolkarnt]

All infusions with tabs have the same issue with firmware 2.0. Fixes are on their way.

Any updates on the above?

Cheers

[Whistle Master]

It's already fixed since a while

[koolkarnt]

It's already fixed since a while

Confirmed...

[daniboy92]

I am having many bugs with this infusion:

Bug 1) I can't scroll down and can't see the log file.

a) Before turn on the infusion

b) After run it, when i get my victim's credentials. I can see it partially on home.

c) At this point when i go to inside the infusion, I can't scroll down and see the log with details and even I can't activate the refresh button.

Bug 2) After start and stop the infusion i need to type this: echo 1 > /proc/sys/net/ipv4/ip_forward, if not i lose my internet connection.

Bug(?) 3) Need to change and uncomment the ip_tables rules in /etc/etter.conf. Also change the owner from 65 534 to 0 and i think this will be automatically, not manual. All this changes are to prevent the error: SSL dissection needs a valid ‘redir_command_on’ script in the file etter.conf

Bug 4) When i run sslstrip i can navigate without problems, a little bit slower but fine. Can get credentials on facebook, gmail, twitter, ebay... But when i run ettercap at same time with sslstrip this infusions make the connection very very slow.

My browser it's completely clean (cookies, cache...) and my pineapple it's recently restored.

I think you can help me.

Edited October 15, 2014 by daniboy92

[Whistle Master]

Thanks for the report ! Last firmware changes on css broke many infusions and I have not find the time to go all of my infusions. I will fix point 1 and 3. Points 2 and 4 are not related to the infusion itself.

For your point 2, ettercap will automatically start and stop IP forwarding. I will include a fix to that in the infusion. But you will have the same issue if you try to run ettercap from the command line.

Edited October 16, 2014 by Whistle Master

[daniboy92]

Than you very much Whistle Master.

I know you don't have many time but maybe you can see why with the new firmware ettercap (command and infusion) doesn't work properly... I think new firmware it's the cause. Or maybe you can make a guide for get a good function for infusion.

Edited October 16, 2014 by daniboy92

[p28312]

Im on 2.0.4 firmware with 1.5 infusion of Ettercap. I see inconsistencies where it give you the option to stop - but then says ettercap is not running

in order to get it to work - i have to wrap the target ip addresses with "/".

i still have to manually flip the ip_forwarding after I start ettercap.

[anonymailbelgium]

Hi guys,

I have somes issues with this

Ettercap always top running.

I push on start, it says ettercap is running, show the log and directly stop running.

I tried all interfaces and most of the options with and without target.

Can you advice me please?

Thanks

[WallE]

Ettercap will be discontinued with the new firmware.

[anonymailbelgium]

ok

next

thanks

[DataHead]

So better download and back it up while you can. The only thing I've noticed I had to do with the infusion to make it work is change / add proper command switch's. Otherwise it still works great via cli

[Sebkinne]

Ettercap will be discontinued with the new firmware.

Who said that?