for dns spoofing in my local network (one laptop and a router switched), but that does not work. An access to a specified site does not redirect.If you need any details, The command I use is:
Code:
#ettercap -T -q -i eth0 -P dns_spoof -M arp // //
I have been playing with Ettercap on my home network, learning about packet forwarding and all such things. Recently, after doing some certificate stuff, Ettercap is performing the SSL attack where it sucks out the password of a user after it issues a fake certificate. How do I turn off the SSL attack in ettercap when I'm not interested in SSL information?
View 1 Replies View RelatedI goggled a lot on how to get ettercap working on ubuntu, but unfortunately wasn't able to find anything good.
So, i decided to make a new post about it.
1. The GUI mode crashes after scanning for hosts.[ Fixed by downloading the version by timothy]
2. After Scanning, When you start Sniffing, and run the chk_poison plugin it says no poisoning at all . Why, i am not able to poison it at all?
3. Running the original ettercap in text mode(-T), also gives the error , if you uncomment the two lines required for SSL sniffing, then you are met with error saying that you don't have enough permission to and suggest that i should either upgrade iptables or my kernel[I am sudo]. O.o?
Can anyone explain me the subtle difference between arp spoofing & arp poisoning ?
View 1 Replies View RelatedHow to detect a wireless LAN MAC address spoofing?
I am in an institution where we've got a wired and a wireless network, and almost every day i found a new and a strange MAC addresses in my network.
I know that because i've recorded all the MAC addresses which belongs to my network. More over, all the boxes have a fixed IP address.
So, how to detect the spoofing BOX(s) ?
I used to have ettercap on backtrack 4 and everything was ok...But on ubuntu 10.04 I'm having this issue; it is not showing passwords (if i log in for example in a forum with a http link )and not sending false certificate (if i try to log in in https links, after uncommenting the redir ip tables in etter.conf).Other features seems to work alright (such as dns spoofing) and the arp poisonning is succesful. Besides, Wireshark gets the passwords.
View 9 Replies View RelatedMy Host Lists of Ettercap is empty when I try to sniff my Lan. I modified /etc/etter.con, obtaining this:
Code:
# if you use iptables:
redir_command_on = "iptables -t nat -A PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"
redir_command_off = "iptables -t nat -D PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"
and the error is this:
Code: iptables v1.4.6: can't initialize iptables table `nat': Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded. I lunch ettercap as root.
I keep most of my files on my server, but fiddle with them using NFS from one or another of my laptops - so they all have static IPs assigned by my router. If I want extra speed I plug in an Ethernet cable. My old DI524 wireless G router seems quite happy to have two MAC addresses (Ethernet and wireless) assigned to the same static IP, so long as I don't try using both simultaneously. However three Wireless N routers I've tried won't allow this, nor will dd-wrt.
I really don't want to have to set up every laptop as two separate hosts on my network. 'orrible complications.
Best solution I can think of is to get the Ethernet card to spoof the wireless MAC address with e.g. macchanger, as per this excellent page here: [URL] ....
I don't mind running a script manually to do that on each occasion.
This works perfectly on my old R50 Thinkpad running Debian Squeeze, but on my R60 (running Wheezy) and T400 (running Jessie), macchanger works initially, BUT as soon as I hit 'enable networking' in the Network Manager applet, the ethernet card reverts to its original setting. So of course then my router allocates a random IP and so NFS won't work.
Exactly the same goes for the iproute method 'ip link set dev eth0 address [fakemac]' - ifconfig shows it's worked, but it reverts as soon as NetworkManager goes back up.
I don't know where Network Manager (if it is that) is getting the Ethernet card's original MAC from, it seems to be listed in /etc/udev/rules.d/70-persistent-net.rules, so on the T400 (Jessie) I've even tried creating a file in /etc/udev/rules.d/75-mac-spoof.rules along the lines suggested in that archlinux page I mentioned -
ACTION=="add", SUBSYSTEM=="net", ATTR{address}=="[original MAC]", RUN+="usr/bin/ip link set dev %k address [fake MAC]"
but it seems to have no effect.
Short of reverting to Debian Squeeze on all my laptops, I don't know what else to do. Or getting into my router and reassigning the IP / MAC address by hand every time (!).
(If there's a better way to swapping easily from wireless to Ethernet when required, I'd like to know.)
I have a problem as following: "using iptables to prevent IP spoofing".
View 4 Replies View RelatedThere's browser identification menu for spoofing for specific sites, but i need to change user agent for all sites. How do I do it?
View 1 Replies View RelatedI've set up an email server as per this howto: [url]
In a nutshell, it uses a combinatio of postfix, dovecot, amavis (ClamAV and SpamAssisan) and mysql.
However, with this setup, authenticated users are able to spoof outgoing message by simple changing the "from" tag.
Does anyone have any ideas on how I could implement some address mapping to users?
In this setup, postfix users are NOT system users, by are stored in the database.
I can not manage to get any passwords on my network with Ettercap.I have followed several tutorials but I still seem to have no luck in getting them.I have BT5/KDE/32bit installed and using an alfa network adapter (RTL8187).First I configured etter.conf script to look as below:
ec_uid = 0 # root is the default
ec_gid = 0 # root is the default
# the command used by the remote_browser plugin
[code]...
How can I create an ettercap log ?, how can I read it with etterlog command ?.
And how different new version of etterlog and etterlog v0.6.6 ?. How can I get ettercap v0.6.6 manual ?
I've been using ettercap for awhile now for testing the security of the websites I manage for others along with home network stability and I've recently come across this issue:
When running:
Code:
ettercap -G
I get an error in the terminal saying:
Code:
Dissector "dns" not supported (etter.conf line 70)
I proceed to select my interface and scan for all hosts, then ettercap crashes, exits and outputs the infamous message:
Code:
This shouldn't happen...
Segmentation Fault...
recompile in debug mode, reproduce the bug and send a bugreport I took a look at line 70 in my etter.conf file and it looks like this:
Code:
dns = 53 # udp 53
I've searched online and it seems like others have this issue as well, but I can't seem to resolve it.
I have Ubuntu 10 installed.
I have installed ettercap using:
Code:
sudo apt-get install ettercap
But I cannot see it in any of the Ubuntu Menus(Aplications-->Network etc).
If I type
Code:
ettercap
[Code]....
I am using fedora 13 and have installed ettercap from Add/Remove Software in Fedora. But when it is starting(Application->Internet->ettercap), it is not able to detect any interfaces ( i am using eth0 interface, wired lan ).
View 4 Replies View Relatedi downloaded ettercap and wireshark but when i ever i press scan for hosts after doing the things before it doesn't scan it just gives me
Randomizing 16777215 hosts for scanning...
I have installed ettercap using apt. But, when I scan for hosts, Ettercap crashes. I've found on the Web that there's a solution, but I don't manage to solve this problem.
View 3 Replies View RelatedI am using fedora 13 when i am starting ettercap, i get following warning and when i clicked "scan host" , the program quit after scanning hosts due to some segmentation fault...here is warning
Code:
[piyush@localhost ~]$ sudo ettercap-gtk
ettercap NG-0.7.3 copyright 2001-2004 ALoR & NaGA
(<unknown>:2315): GLib-GObject-WARNING **: gsignal.c:3079: signal name `depressed' is invalid for instance `0x9f9ee00'
[code]....
ettercap can see http request but not response
I'm trying to see regular http responses from my wireless ipad (victim) from my wired pc (attacker). Everything's working great but I can only see the http requests not the responses.
I've done much reading and googling and tried registering in more relevant forums but some forums were shutdown, so I've come here.
Code:
# setup ip forwarding
echo 1 | sudo tee /proc/sys/net/ipv4/ip_forward
# use ettercap to do the mitm using only mitm
sudo ettercap --iface eth0 --text --plugin autoadd --only-mitm --mitm arp:remote /192.168.0.1/ /192.168.0.155/
[Code]....
a client asked me to install ettercap on their linux gateway machine - two ethernet machine. I tried it in bridged mode, it but as soon as I start it, the traffic stops and no one can access anything. Did anyone ever succeed in running it on the gateway?
View 1 Replies View RelatedI am using unbuntu as root. I've made all the edits to my etter.conf file as follows:
[privs]
ec_uid = 0
ec_gid = 0
and:
remote-browser = "firefox -remote openurl (http://%host%url)"
I also turn on ipTables. I then start my attack as follows:
ettercap -T -Q -M arp:remote -i eth1 /client-ip/ // -P remote_browser
echo 1 > /proc/sys/net/ipv4/ip_forward
ettercap -T -Q -M arp:remote -i eth0 /target_ip/ /gateway_ip/ -P remote_browser
My problem is Firefox only shows https:// pages and not regular pages like google. I'm stumped. I have no clue why. I've tried other versions of linux. Different computers and still the same result. If I turn quiet off I see in my terminal all the traffic.
I am quite new to Linux. Just some basic information, I am using windows xp but have installed vmwork station and am running Red Hat enterprise linux 4.
When i run ./configure it gives me this error. "configure: error: libnet >=1.1.2.1 not found "
I have this annoying problem since day one.I am testing out Red Hat RHEL5, everything is fine except DNS look up.If I ping www.google.com, it doesn't work, ping ip address it all works;if I bring up browser, put www.google.com it doesn't work, can't find the name, however, simply put ip address there it works.My DNS seeting seems ok, and the DNS works from Windows box.
View 2 Replies View RelatedI am trying to set up an unused machine as a web server for my students.
I originaly tried with Redhat 9 and had the same problems. I am using an HP Pentium 4 system with 2 network cards.
1) The built in Realtek RTL8139 configured as eth0.
2) An add in Broadcom BCM5782 Gigabit card that was added I presume when the built in card failed (we have a number of machines like this around the school), configured as eth1.
I did not realize the second card was installed when I had Red hat 9 on the system, but I discovered it after installing centos 5.5. I have tried to configure the system to use DHCP with and without getting the DNS from the provider, and both ways the system complains that there is no connection, check the cable, so it will not activate the device.
When I configure the device to use a fixed IP, I can configure the device, but I can't ping anything on the network other than myself. I suppose it is possible that both network cards have failed, but I get green link lights with both cards, when I connect them to my router, so I am at a loss as to why neither board seems to work. I don't have a spare network card to slide in because the computer takes a special mini card. Is there an easy way to test the board to see if the board is a problem?
I just started having a problem with my 10.04 laptop a few days ago, maybe Thursday, last week. When the computer is plugged into my home network (standard 192.168.1.1 sort of IPs) it works fine, but when I try to connect to my work network (130.15.90.XX) I am unable to pick up an IP. The router in my office is working fine, all the windows boxes can connect.
I've also noticed that when the computer is plugged in at work the notification icon for the networking indicates it is looking for a wireless connection (rather than the normal up/down arrows), even if wireless is deactivated
I can set a static IP in /etc/network/interfaces and everything works, so it seems to be a DHCP problem?
I've been experiencing a problem with Fedora in which when I enable Wireless in Fedora, Wireless networking does not work in windows. HOwever, when disabled, it works correctly. Windows claims it is "not able to find any networks to connect to"
EDIT: It seems that when wireless is disabled manually on fedora before shutdown, there are no problems in windows.
Networking on Fedora 11 doesn't work for me on various machines. Fedora 10 does, but only if you don't do an update.Why does Fedora get worse the more you keep it up-to-date?
View 1 Replies View RelatedI have dial-up connection through mobile phone, using pppd. But dns does not work properly. When I ping IP address, it works, but Code: ping google.com or any symbolic host name, causes 'unknown host ...' error. How I can make dns work correctly with pppd?
View 4 Replies View RelatedI'm probably going to post bit by bit about each of my queries on DNS, to start with - when I register a domain name, I then have to tell the thing where my nameservers are, right? (the "NS" record). Why? Why can't the root server just have a line for the IP address of that domain name directly in *IT*?
View 12 Replies View Related