Ettercap NG 0.7 Manual
Contents
Installation by Setup ettercap
sources for the proper use of SSL
Case Study, stealing the password of an email from Gmail. [/ B]
Installation by
sources to install it must be installed first the library "libpcre" if we have not installed using the source code need to install by our package manager sources if you use debian or derivatives would be something like
Code:
# apt-get install libpcre3-dev libpcap0. 8-dev libnet0 libnet1-dev libssl-dev ncurses-bin-dev ncurses5
sure you have the version libpcap developers> 0.8. libnet> 1.1.2, libpthread, and zlib.
now download the ettercap 0.7.3 of http://ettercap.sourceforge.net/
and unzip it Hey, why not do a apt-get install ettercap and ready?
could be installed as well, and there would be no problem but usually precompiled versions of ettercap do not have all the options and plugins that we use so it is better to download the package from the official website and compile by hand.
Vercion complete compiled http://antraxactive.com/ettercap-ng-0.7.3_0.7.3-1_i386.deb
Okay, okay, more ... Well
once unzipped open console in the folder where everything is, in my case ~ / ettercap-NG-0.7.3
and run the command:
Code:
. / configure - enable-plugins - enable-debug
This will prepare the code to be compiled with all plugins and a troubleshooter. We may lack some dependency error, no problem, installed and ready.
strongly recommend that if we had a fault with the agencies before we delete the folder (no make clean) completely and we will do the. / Configure - enable-plugins - enable-debug since it is not very well that gave me an error if not erase the folder to do a "make" if not to all right the first time, computer stuff xD.
Once we have the. / Configure "right first time" we get something like this:
=======================
=========================== Install directory: / usr / local
Libraries:
LibPcap ........ ........ LIBNET
................. default libssl
................. default ncurses
default ................
default GTK + ................... yes
functionalities: Debug mode
.............
yes Plugin support ......... Passive DNS
yes ............
yes Perl regex in filters ..
yes Iconv UTF-8 support .... yes
================================================ ==
Then follow with a make, make install or checkinstall, as you want.
Well, we already have installed ettercap properly and ready to run, we have several ways to run, me and more me clarify that is running it in console mode, do as ROOT to do the following:
Code:
ettercap -C
Set for ettercap the correct use of SSL
Now let's enable ettercap to intervene in the SSL connections to a broker so you can see the encrypted information when we start to sniff, so we provide with your favorite editor the file / usr / local / etc and If we use iptables (almost certainly) have to go to the line where it says
Code:
# redir_command_on = "iptables-t nat-A PREROUTING-i% iface-p tcp - dport% port -j REDIRECT - to-port% rport "
and replace
Code:
redir_command_on =" iptables-t nat-A PREROUTING-i% iface-p tcp - dport % Port-j REDIRECT - to-port% rport " In this way we will make ettercap intercept SSL connections correctly
;-) Hell, because if this preparation leading
xD Yeah but worth it you'll see ;-) Now I'll put a case study to see as official.
Case Study, stealing the password of an email from Gmail
know this to steal passwords post may seem lameril, but it's just to give you an idea of \u200b\u200bhow you can use ettercap to perform a sniff under Swich or Router.
The first thing is to open up ettercap, my favorite way to do it in console and I am used to being forced to work on computers without interfaces to run it as ROOT as follows:
Code:
ettercap-C
see something like this:
menu Now let Sniff and select Unified sniffing or press U.
will see that fundamentally change the whole menu of options, well, for now let us tell ettercap to search for all computers on the network right now, for this we Hosts Menu> Scan for hosts, or by pressing Control + s, we will see a screen like this that will disappear after several seconds:
Well, once it has finished searching the computers connected to the network is choosing between two teams that want to connect, in this case from the victim machine (192.168.1.201) and the router (192.168.1.1), for it we Hosts> Host List or press the "h" and choose the first team and press the 1 key, then select the second team (in this case a router) and press the 2 key.
say now proceed to make an attack ettercap Man In The Middle by ARP Poisoning, for this we will MITM menu and select "ARP Poisoning" and write parameters "remote" and press enter, from the time we placed between the victim machine and the Router, we only need to start scanning, for this go to Start menu> Start Sniffing, or press Control + w. The ettercap start scanning the connections made between the victim machine and the router, we can see these connections by going to View> conections, but now let's get to the point, imagine that the victim comes gmail team, either in the field as "User Messages" will leave us a message and we will see some information from the user name and password to use to enter. A screenshot is worth a thousand words.
Once Sniffeo want to finish and the Man In The Middle have to go to Start> Stop Sniffing or press Control + e, then go to MITM> Stop MITM atack (s) and to properly exit press Control + X
"Knowledge liberates us" 
0 comments:
Post a Comment