Network Sniffing with ETTERCAP (GUI) fully explained(part-1)

Anonymous-g33k · 09-20-2012, 05:47 PM

Sniffing With Ettercap
1. What is Sniffing
Ans. Sniffing is a data interception technology. Sniffer is a program that monitor or reading all network traffic passing in and out over a network. Telnet, Relogin, FTP, NNTP, SMTP, HTTP, IMAP that all protocol are vulnerable for sniffing because it send data and password in clear text. Sniffing can be use both the ways legally or illegally like for monitor network traffic, network security and for stealing information like password, files from the network. Sniffing can be done both way one is from command line utility and other is from GUI interface. Sniffing is Used In LAN OR WAN Network. In sniffing we can do
• MITM(man in the middle ATTACK)
• DNS Poisoning
• HTTP and HTTPS Sniffing
• Fake Authentication

So LET’s start With MITM
To intercept Information coming, or going to the router by spoofing your physical and logical Addresses is called MITM.
Now What we want.
1. Backtrack operating System.
2. Ettercap tool
3. Company Network LAN or WAN

So let’s start
• Start Backtrack Machine
• Open Terminal

[Image: arp.png]

• Type -“ettercap-G”
• Click “sniff”
• Click “unified Sniffing”

[Image: arp2.png]

• Under hosts tab click “scan for hosts”

[Image: arp4.png]

• After hosts is scaned click on “hosts list”

[Image: arp6.png]

• Then click on router ip Eg.192.168.1.1 and click on “add to target 2”

[Image: arp6.png]

• Then click victim eg.192.168.1.10 which you want to poison click on “add to target 1”

[Image: arp7.png]

• Under MITM tab click “arp poisoning”

[Image: arp8.png]

• Then Click “sniff remote connections”

[Image: arp9.png]

• Then under the start tab Click on “start sniffing”

[Image: arp10.png]

• Now On victim Machine When User open any non https website and login there username password is sniffed.
• Eg.When user Open non-https site

[Image: arp12.png]

• Types username and password

[Image: arp13.png]

• We Got the user name And Password Here.

[Image: arp14.png]

So That is Called Man in the middle attack we can do same thing in HTTPS service. Next part on HTTPS wait for my next part..

Enjoy The ARP Poisoning..........:headbash: Wink

:dance::wub::bye:

Shining White · 09-20-2012, 05:53 PM

Nice and Smart thread , definetly wait for next part !!

elipsses12 · 09-21-2012, 04:39 AM

nice one bro waiting to the next step and hope u can send me the link thank you

kaptaan · 10-07-2012, 11:38 AM

wowoow....perfect ....thnx for sharing

loonatic · 11-24-2012, 02:25 AM

i installed ettercap 7.4.1 in windows 7 , however everytime i do this step
"• Click “sniff”
• Click “unified Sniffing”"

eth0 dont appear and oly this appear: http://prntscr.com/kfos2

then i click OK and ettercap always stop working :/ what is the main problem ? ....

thank you ,
loonatic

LightX · 11-24-2012, 02:29 AM

Nice tutorial. very detailed! Smile

Faner · 11-24-2012, 03:24 PM

http://www.youtube.com/watch?v=n9Ouc5Wsr08

Good video about arp poisoning: first explains what exactly is and then shows it in practice.

By the way, some time ago I was trying this on bt5. Both computers were connected via cable, and on the router there were only those 2 pc -> mine and victim's (also mine).
Whenever I tried to poison arp, it showed "Arp poisoning successfull.", but when I checked it with plugin "Check_poison" or smth like that, it returns "No arp poison were found."
And of course sniffing also wasn't successful, only thing I got were a bunch of errors. Any idea why it happened?

hunt3r972 · 11-24-2012, 06:31 PM

I just want to say that if the network has a good secured gateway and if the victim has a good antivirus, the MITM attack will not work. I don't know yet how to bypass this problem but I think that the best way to do a successfull MITM attack is to bypass the antivirus with an exploit with metaploit to avoid any blocking from the antivirus then try the MITM attack (more chance to work)

I tried MITM attack on a friend computer on the university network and it didn't work so ... ^^

But I have a question: how to do a host scan with command line only ?

Anonymous-g33k · 11-25-2012, 05:04 PM

(11-24-2012, 03:24 PM)Faner Wrote: http://www.youtube.com/watch?v=n9Ouc5Wsr08

Good video about arp poisoning: first explains what exactly is and then shows it in practice.

By the way, some time ago I was trying this on bt5. Both computers were connected via cable, and on the router there were only those 2 pc -> mine and victim's (also mine).
Whenever I tried to poison arp, it showed "Arp poisoning successfull.", but when I checked it with plugin "Check_poison" or smth like that, it returns "No arp poison were found."
And of course sniffing also wasn't successful, only thing I got were a bunch of errors. Any idea why it happened?

you don't have any gateway or router connected in physical machine.
use this in vmware and use NAT network.. it have virtual router..

Asuna_mybb_import7736 · 11-25-2012, 05:54 PM

Cain&Abel is much easier to use! Much noob-friendly gui. Works on pretty much everything! Smile