Jump to content

Ettercap w/ SSL on Windows XP

pseudobreed

By pseudobreed
in Questions

 Share

Recommended Posts

pseudobreed Newbie

pseudobreed

Posted
Posted

I have bashed my head agaisnt the desk trying to get this to work. I have installed OpenSSL and edited the etter.conf file and when I start ettercap it errors out.

Searching all over google and forums came up with nothing. I would just run backtrack however it does not support my wifi card. And frankly, Im not that savvy with linux to be able to know what I want to do when the situation presents itself.

My last hope is trying to install backtrack on vmware and to try it that way.

All other features work in ettercap and it sniffs correctly, just can not get the SSL part of it to work.

Thanks in advance.

Also, I know Cain has SSL sniffing also, has anyone got that to work on Windows?

Link to comment
Share on other sites
cooper Newbie

cooper

Posted
Posted

Here's a hint: Include the error message in your post.

Now it's just a "It doesn't work, help!" message. Those tend to be poorly received by the public at large.

Link to comment
Share on other sites
pseudobreed Newbie

pseudobreed

Posted
  • Author
Posted

I assumed anyone who got it working would have ran into the error. This is considering that Ettercap does not sniff SSL out of the box, you have to configure it to do so. So, if someone here had it working, they could share what they did...

However, because it's you Cooper, Ill post a error report:

etter_error-full.jpg

The fatal error is towards the bottom, about the firewall. The thing is, I dont have a software firewall, just a hardware one. When I take that out of the question, it still errors out. If I take SSL out of the etter.conf, ettercap works beautifully.

==============================================================



-> ${prefix}        X:/PenTools/EttercapNG

-> ${exec_prefix}   X:/PenTools/EttercapNG

-> ${bindir}        X:/PenTools/EttercapNG

-> ${libdir}        /lib

-> ${sysconfdir}    X:/PenTools/EttercapNG

-> ${datadir}       /share



-> ettercap NG-0.7.3



-> compiled with gcc 3.2 (MingW)

-> WinPcap version 3.1 (packet.dll version 3, 1, 0, 27), based on libpcap version 0.9[.x]

-> libnet version 1.1.2

-> libz version 1.2.1

-> lib     OpenSSL 0.9.7c 30 Sep 2003

-> headers OpenSSL 0.9.7c 30 Sep 2003

-> gtk+ 2.4.13





DEVICE OPENED FOR ettercap DEBUGGING



[NR_THREAD]    main -- here we go !!

[NR_THREAD]    ec_thread_register -- [13676040] init

[     init]    signal_handler activated

[     init]    parse_options -- [0] [ettercap]

[     init]    parse_options -- [1] [-G]

[     init]    select_gtk_interface

[     init]    parse_options: options parsed

[     init]    compile_target TARGET: //

[     init]    MAC  : []

[     init]    IP   : []

[     init]    PORT : []

[     init]    compile_target TARGET: //

[     init]    MAC  : []

[     init]    IP   : []

[     init]    PORT : []

[     init]    parse_options: targets parsed

[     init]    set_unified_sniff

[     init]    parse_options: options combination looks good

[     init]    init_structures

[     init]    load_conf

[     init]    get_full_path -- [etc] X:/EttercapNG/etter.conf

[     init]    open_data (X:/EttercapNG/etter.conf)

[     init]    get_local_path -- X:/EttercapNG/share/etter.conf

[     init]    open_data dropping to X:/EttercapNG/share/etter.conf

[     init]    load_conf: SECTION: privs

[     init]    load_conf:     ENTRY: ec_uid  65534

[     init]    load_conf:     ENTRY: ec_gid  65534

[     init]    load_conf: SECTION: mitm

[     init]    load_conf:     ENTRY: arp_storm_delay  10

[     init]    load_conf:     ENTRY: arp_poison_warm_up  1

[     init]    load_conf:     ENTRY: arp_poison_delay  10

[     init]    load_conf:     ENTRY: arp_poison_icmp  1

[     init]    load_conf:     ENTRY: arp_poison_reply  1

[     init]    load_conf:     ENTRY: arp_poison_request  0

[     init]    load_conf:     ENTRY: arp_poison_equal_mac  1

[     init]    load_conf:     ENTRY: dhcp_lease_time  1800

[     init]    load_conf:     ENTRY: port_steal_delay  10

[     init]    load_conf:     ENTRY: port_steal_send_delay  2000

[     init]    load_conf: SECTION: connections

[     init]    load_conf:     ENTRY: connection_timeout  300

[     init]    load_conf:     ENTRY: connection_idle  5

[     init]    load_conf:     ENTRY: connection_buffer  10000

[     init]    load_conf:     ENTRY: connect_timeout  5

[     init]    load_conf: SECTION: stats

[     init]    load_conf:     ENTRY: sampling_rate  50

[     init]    load_conf: SECTION: misc

[     init]    load_conf:     ENTRY: close_on_eof  1

[     init]    load_conf:     ENTRY: store_profiles  1

[     init]    load_conf:     ENTRY: aggressive_dissectors  1

[     init]    load_conf:     ENTRY: skip_forwarded_pcks  1

[     init]    load_conf:     ENTRY: checksum_check  0

[     init]    load_conf:     ENTRY: checksum_warning  0

[     init]    load_conf: SECTION: dissectors

[     init]    dissect_modify: ftp replaced to 21

[     init]    dissect_modify: ssh replaced to 22

[     init]    dissect_modify: telnet replaced to 23

[     init]    dissect_modify: smtp replaced to 25

[     init]    dissect_modify: dns replaced to 53

[     init]    dissect_modify: dhcp replaced to 67

[     init]    dissect_modify: http replaced to 80

[     init]    dissect_modify: ospf replaced to 89

[     init]    dissect_modify: pop3 replaced to 110

[     init]    dissect_modify: vrrp replaced to 112

[     init]    dissect_modify: nntp replaced to 119

[     init]    dissect_modify: smb replaced to 139

[     init]    dissect_modify: smb added on 445

[     init]    dissect_modify: imap replaced to 143

[     init]    dissect_modify: imap added on 220

[     init]    dissect_modify: snmp replaced to 161

[     init]    dissect_modify: bgp replaced to 179

[     init]    dissect_modify: ldap replaced to 389

[     init]    sslw_dissect_move: https [443]

[     init]    dissect_modify: https replaced to 443

[     init]    sslw_dissect_move: ssmtp [465]

[     init]    dissect_modify: ssmtp replaced to 465

[     init]    dissect_modify: rlogin replaced to 512

[     init]    dissect_modify: rlogin added on 513

[     init]    dissect_modify: rip replaced to 520

[     init]    sslw_dissect_move: nntps [563]

[     init]    dissect_modify: nntps replaced to 563

[     init]    sslw_dissect_move: ldaps [636]

[     init]    dissect_modify: ldaps replaced to 636

[     init]    sslw_dissect_move: telnets [992]

[     init]    dissect_modify: telnets replaced to 992

[     init]    sslw_dissect_move: imaps [993]

[     init]    dissect_modify: imaps replaced to 993

[     init]    sslw_dissect_move: ircs [994]

[     init]    dissect_modify: ircs replaced to 994

[     init]    sslw_dissect_move: pop3s [995]

[     init]    dissect_modify: pop3s replaced to 995

[     init]    dissect_modify: socks replaced to 1080

[     init]    dissect_modify: msn replaced to 1863

[     init]    dissect_modify: cvs replaced to 2401

[     init]    dissect_modify: mysql replaced to 3306

[     init]    dissect_modify: icq replaced to 5190

[     init]    dissect_modify: ymsg replaced to 5050

[     init]    dissect_modify: vnc replaced to 5900

[     init]    dissect_modify: vnc added on 5901

[     init]    dissect_modify: vnc added on 5902

[     init]    dissect_modify: vnc added on 5903

[     init]    dissect_modify: x11 replaced to 6000

[     init]    dissect_modify: x11 added on 6001

[     init]    dissect_modify: x11 added on 6002

[     init]    dissect_modify: x11 added on 6003

[     init]    dissect_modify: irc replaced to 6666

[     init]    dissect_modify: irc added on 6667

[     init]    dissect_modify: irc added on 6668

[     init]    dissect_modify: irc added on 6669

[     init]    dissect_modify: napster replaced to 7777

[     init]    dissect_modify: napster added on 8888

[     init]    sslw_dissect_move: proxy [8080]

[     init]    dissect_modify: proxy replaced to 8080

[     init]    dissect_modify: rcon replaced to 27015

[     init]    dissect_modify: rcon added on 27960

[     init]    dissect_modify: ppp replaced to 34827

[     init]    load_conf: SECTION: curses

[     init]    load_conf:     ENTRY: color_bg  0

[     init]    load_conf:     ENTRY: color_fg  7

[     init]    load_conf:     ENTRY: color_join1  2

[     init]    load_conf:     ENTRY: color_join2  4

[     init]    load_conf:     ENTRY: color_border  7

[     init]    load_conf:     ENTRY: color_title  3

[     init]    load_conf:     ENTRY: color_focus  6

[     init]    load_conf:     ENTRY: color_menu_bg  4

[     init]    load_conf:     ENTRY: color_menu_fg  6

[     init]    load_conf:     ENTRY: color_window_bg  4

[     init]    load_conf:     ENTRY: color_window_fg  7

[     init]    load_conf:     ENTRY: color_selection_bg  6

[     init]    load_conf:     ENTRY: color_selection_fg  6

[     init]    load_conf:     ENTRY: color_error_bg  1

[     init]    load_conf:     ENTRY: color_error_fg  3

[     init]    load_conf:     ENTRY: color_error_border  3

[     init]    load_conf: SECTION: strings

[     init]    load_conf:     ENTRY: utf8_encoding  [ISO-8859-1]

[     init]    load_conf:     ENTRY: remote_browser  [mozilla -remote openurl(http://%host%url)]

[     init]    load_conf:     ENTRY: redir_command_on  [iptables -t nat -A PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport]

[     init]    load_conf:     ENTRY: redir_command_off  [iptables -t nat -D PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport]

[     init]    capture_getifs

[     init]    capture_getifs: [DeviceNPF_GenericDialupAdapter] Generic dialup adapter

[     init]    capture_getifs: [DeviceNPF_{4D1D10C3-D6FF-45BD-9A34-BEFAC02C3410}] Broadcom 802.11g Network Adapter (Microsoft's Packet Scheduler) 

[     init]    capture_getifs: [DeviceNPF_{45116F49-0020-4DFC-910E-ACCD1572FF9B}] SiS NIC SISNIC (Microsoft's Packet Scheduler) 

[     init]    ui_init

[     init]    gtk_init

[     init]    gtkui_conf_read: C:/Documents and Settings/pseudobreed/Application Data.ettercap_gtk

[     init]    gtkui_conf_set: name=window_top value=104

[     init]    gtkui_conf_set: name=window_left value=329

[     init]    gtkui_conf_set: name=window_height value=440

[     init]    gtkui_conf_set: name=window_width value=600

[     init]    gtkui_setup

[     init]    gtkui_conf_get: name=window_width

[     init]    gtkui_conf_get: name=window_height

[     init]    gtkui_conf_get: name=window_left

[     init]    gtkui_conf_get: name=window_top

[     init]    gtk_setup: end

[     init]    gtk_unified_sniff

[     init]    capture_init DeviceNPF_{4D1D10C3-D6FF-45BD-9A34-BEFAC02C3410}

[     init]    requested snapshot: 65535 assigned: 65535

[     init]    capture_init: Ethernet [1]

[     init]    send_init DeviceNPF_{4D1D10C3-D6FF-45BD-9A34-BEFAC02C3410}

[     init]    get_hw_info

[     init]    get_interface_mtu(): mtu 1514, okay

[     init]    disable_ip_forward (no-op)



[     init]    ssl_wrap_init

[     init]    sslw -- SSL_CTX_use_PrivateKey_file -- trying ./share/etter.ssl.crt

[     init]    sslw - bind 8080 on 59263

[     init]    sslw_insert_redirect: [iptables -t nat -A PREROUTING -i DeviceNPF_{4D1D10C3-D6FF-45BD-9A34-BEFAC02C3410} -p tcp --dport 8080 -j REDIRECT --to-port 59263]

[     init]    FATAL: Can't insert firewall redirects

[     init]    gtkui_error: Can't insert firewall redirects

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...