Monday, December 19, 2011

-:Password Sniffing with Ettercap:-

Introduction

 For those of you who do not know, Ettercap is a network security tool!. It can be used for testing and educational purposes, and it can also be used for quite a few illegal and possibly unethical things. In this guide, I will describe how to sniff passwords over a wi-fi network with this program. It involves using Ettercap to perform ARP-Poisoning. Please understand that this is an educational article. we are not responsible for how you use this information, for any actions you take.

I will be using Linux (Backtrack 4 Beta) for this guide. However, it is nearly the same for all Linux Distros, and probably similar for the Windows version of this program.

Installing and Configuring Ettercap

This is simple enough. If you are on a Debian based system, just open up a terminal and type

CODE :
sudo apt-get install ettercap

CODE :
sudo apt-get install ettercap-gtk


If you are not on Debian, try looking for a package from whatever your distribution is. If you are unable to, head over to and download the source files and compile them. I'm not sure if they come with the gtk built in, since I've never had to compile them from source before.

Once your installation completes, you need to edit the ettercap's configuration file. It should /etc/etter.conf , however, it may also be in /usr/local/etc/etter.conf.

Find the following lines and uncomment them (Delete the #'s at the start of the line)

# if you use iptables:
redir_command_on = “iptables -t nat -A PREROUTING -i %iface -p tcp –dport %port -j REDIRECT –to-port %rport”
redir_command_off = “iptables -t nat -D PREROUTING -i %iface -p tcp –dport %port -j REDIRECT –to-port %rport”


--Don't uncomment the hash I left in the text--

That's it for configuration and installation. Lets get to the fun part!

Download here (mirror)

Sniffing Passwords with Ettercap

Open up a terminal and type:
CODE :
ettercap -G


Now, click on Sniff>Unified Sniffing. A Dialog box will pop open, asking for the wireless interface. Select the one you are using.

You will notice that there are many more options on the top menu bar, for now however, click on hosts>Scan For Hosts. Wait for it to finish.

Now, click on Mitm (Man in the Middle), and select Arp Poisoning, and check the box that says "sniff remote connections". Click ok.

Alright, now, all you need to do is click on start>start sniffing. Go to another computer on your network and head over to some website where credentials are needed (Email, Forums, Facebook,Myspace etc). Log in and you should see your details come up in Ettercap. To stop sniffing, simple click on Start>Stop Sniffing, and Mitm>Stop Mitm attacks.


Please note that there are ways to secure a network against this, and it isn't 100% guaranteed to work 100% of the time. I did this on an unsecured network using the BackTrack 4 Beta, Ettercap, and an Ipod Touch.

Afterword/notes

For some reason, after I end sniffing,my wireless connection is almost always lost. I'm blaming this on the buggy rtl8187 driver, which despite reports of flawless functioning, is continuing to give me grief in certain situations.

Happy Sniffing!!!

No comments:

Post a Comment