Sniffing usernames and passwords with ettercap

Data that travels over the air and how to protect (or decipher) it

Sniffing usernames and passwords with ettercap

Post by ampakine on Sat Aug 13, 2011 7:49 pm
([msg=60863]see Sniffing usernames and passwords with ettercap[/msg])

I'm playing around with ettercap at the moment so I can learn how to use it. I have a 2nd laptop right next to me to practice on. I can successfully pull off an arp poisoning MITM and sniff plaintext HTTP traffic (including usernames and passwords) with wireshark but for some reason nothing comes up in ettercaps text box (the place that sniffed usernames and passwords are supposed to show up). I ARP poisoned the victim comp and my router and ticked the "Sniff remote connections" box. What am I doing wrong?

EDIT: I enabled SSL dissection and tried sniffing HTTPS login info and it worked:
Image
ampakine
Experienced User
Experienced User
 
Posts: 65
Joined: Tue May 31, 2011 5:21 pm
Blog: View Blog (0)


Re: Sniffing usernames and passwords with ettercap

Post by tremor77 on Tue Sep 20, 2011 2:39 pm
([msg=61681]see Re: Sniffing usernames and passwords with ettercap[/msg])

wait, so you were able to sniff SSL but not http traffic? No sense that makes.. probably just had some settings derped up.
Image
User avatar
tremor77
Contributor
Contributor
 
Posts: 862
Joined: Wed Mar 31, 2010 12:00 pm
Location: New York
Blog: View Blog (0)



Return to Networking

Who is online

Users browsing this forum: No registered users and 0 guests