"No exceptional circumstances whatsoever, whether a state of war or a threat of war, internal political instability, or any other public emergency, may be invoked as a justification of torture." -- U.N. Convention Against Torture
For those of you who do not know, Ettercap is a network security tool. It can be used for testing and educational purposes, and it can also be used for quite a few illegal and possibly unethical things. In this guide, I will describe how to sniff passwords over a wi-fi network with this program. It involves using Ettercap to perform ARP-Poisoning. Please understand that this is an educational article. I am not responsible for how you use this information, and neither is HackThisSite.org responsible for any actions you take.
I will be using Linux (Backtrack 4 Beta) for this guide. However, it is nearly the same for all Linux Distros, and probably similar for the Windows version of this program.
Installing and Configuring Ettercap
This is simple enough. If you are on a Debian based system, just open up a terminal and type
sudo apt-get install ettercap
sudo apt-get install ettercap-gtk
If you are not on Debian, try looking for a package from whatever your distribution is. If you are unable to, head over to
and download the source files and compile them. I'm not sure if they come with the gtk built in, since I've never had to compile them from source before.
Once your installation completes, you need to edit the ettercap's configuration file. It should /etc/etter.conf , however, it may also be in /usr/local/etc/etter.conf.
Find the following lines and uncomment them (Delete the #'s at the start of the line)
# if you use iptables:
redir_command_on = “iptables -t nat -A PREROUTING -i %iface -p tcp –dport %port -j REDIRECT –to-port %rport”
redir_command_off = “iptables -t nat -D PREROUTING -i %iface -p tcp –dport %port -j REDIRECT –to-port %rport”
--Don't uncomment the hash I left in the text--
That's it for configuration and installation. Lets get to the fun part!
Sniffing Passwords with Ettercap
Open up a terminal and type:
You should get something that looks like this:
Now, click on Sniff>Unified Sniffing. A Dialog box will pop open, asking for the wireless interface. Select the one you are using.
You will notice that there are many more options on the top menu bar, for now however, click on hosts>Scan For Hosts. Wait for it to finish.
Now, click on Mitm (Man in the Middle), and select Arp Poisoning, and check the box that says "sniff remote connections". Click ok.
Alright, now, all you need to do is click on start>start sniffing. Go to another computer on your network and head over to some website where credentials are needed (Email, Forums, Facebook,Myspace etc). Log in and you should see your details come up in Ettercap. To stop sniffing, simple click on Start>Stop Sniffing, and Mitm>Stop Mitm attacks.
Please note that there are ways to secure a network against this, and it isn't 100% guaranteed to work 100% of the time. I did this on an unsecured network using the BackTrack 4 Beta, Ettercap, and an Ipod Touch.
For some reason, after I end sniffing,my wireless connection is almost always lost. I'm blaming this on the buggy rtl8187 driver, which despite reports of flawless functioning, is continuing to give me grief in certain situations.
Cast your vote on this article 10 - Highest, 1 - Lowest
Comments: Published: 16 comments.
HackThisSite is is the collective work of the HackThisSite staff, licensed under a CC BY-NC license.
We ask that you inform us upon sharing or distributing.