Jump to content

Cannot sniff HTTPS in Firefox with Ettercap


Recommended Posts

I've set up a hacking lab by virtualbox with Kail linux, Ubuntu, Win7 SP1, and WinXP SP3. There is no problem to capture username and password from HTTPS traffic in IE with the command:

ettercap -Tqi eth0 -M arp:remote /gateway/ /target/

When I use the same way to try on firefox, the username and password can never be captured but the arp spoofing is working in the meantime. Not sure about the problem from which portion.

Link to comment
Share on other sites

If im not mistaken IE doesn't support HSTS unlike Firefox and Google Chrome so that's likely gonna fail. You would need to use something like dns2proxy and sslstrip2 and even then im not sure if that still works.

Personally i don't make much of a habit of sniffing that kinda information on my own network and im not into doing that on networks in which i don't own.

Link to comment
Share on other sites

IE 10 and later use HSTS, so if you're using IE 9 and older, will probably still work to strip things(as well as older browsers of other brands), but not sure if Microsoft has or has not back ported this. Chrome, Opera, Safari and FF should all be doing HSTS these days if on the latest, and some browsers do DNS pre-fetching which you may not be able to override without doing DNS attacks on top of normal MITM attacks. Combine your ARP attack with a DNS attack, and a forged certificate tha tpoints to a local server(although, the user will probably get prompted on the self signed certificate unless you can force them to HTTP) be sure to strip any pre-fetch code from the results of what they search for, and you should be able to get them to load your clone of the site. Note, trying to intercept will probably not work, as with a cloned page served, with everything pointing to "local" copies of files, should work. You basically have to make yourself a face web server to impersonate the real ones if HSTS is in use.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...