No, you are incorrect. Google is smart about security it would be the end user that would be the fault of this attack. In this case the user was presented with a warning about self signed certificate and possible security risk, but chose to ignore it as most people would. SSL3/TLS1 is employed on the google server.. Websites using SSL2 and users can be victimzed in a more silent way by focing weak encryption... That is a security issue with the company not the end user.
@dfrojas The whole point of arp cache poisioning with switches is to get the packets from the other host that a switch normally prevents you from seeing. Hubs will broadcast to all the data to all the ports all the time, and a switch will not.
Hey Why this video is not rated yet?! it great! =] However when I try I mine MITM attack using ettercap, it is not using fake etherecap's ssl, don't know why :/
Cheers. For SSL support make sure you set in the etter.conf file both ec_uid and ec_gid to 0 (root) and uncomment the appropriate redir_command_on and redir_command_off for your system. (my distro was shipped with iptables)
I'd rather use sslstrip, because you have to accept the SSL Certificate on the victims machine. Which makes it look suspect to those who knows wtf's going on. ;o)
I used Slackware for both boxes in this video. With that said I don't recommend Slackware as a security OS (or in general) due to the paranoia of stability and lack of support for proprietary software. Debian or FreeBSD would be my first picks :)
This has been flagged as spam show
207.126.115.193
this IP for bad website to voilence kids ... plzzzz attack and ddos this IP 207.126.115.193
57373732 1 month ago
NOT WORKING..............THOUGH I HAVE TRIED ON MY OWN COMPUTER
ranitcd 9 months ago 2
Or 3.
Oweboy1960 11 months ago
Nice vid. What distro is this?
blacksiddis 1 year ago
@blacksiddis
Backtrack 4.
Oweboy1960 11 months ago
post a link to your etter.conf file plz. and nice vid
felipealvarez1982 1 year ago
This only works if the victim accepts the fake ssl cert.
talaxian1 1 year ago
need a novelty? gruber@email.ru
grubernovs 1 year ago
dosent work for me after i logged in nothing happen have tried the attack against several other computers and im using wlan0 plz help me
ToxicFear1336 1 year ago
to arppoison an entire wlan into thinking you're the router you can use: "ettercap -TqM arp:remote // //" just found that out.
ross817 1 year ago
hah, i wouldn't call the user an unsuspecting user.
totheloveilove 2 years ago
Hi, i was wondering if someone could help me in solving this problem i have with SSLstrip
When i run the SSLstrip script it gives me the following error:
ImportError: No module named StrippingProxy
I'm using Linux Ubuntu
thanks in adavance
RYNGOLADLR 2 years ago
what is the song ?? GROUP ? title ?? thanks ;) VERY GOOD post !
84silverman 2 years ago
Cheers. Song is Fuck Authority by Pennywise
xplagu3 2 years ago
Damn. Thanks :)
I thought google was smart about security, and you just jacked your own password.
millergimp 2 years ago
No, you are incorrect. Google is smart about security it would be the end user that would be the fault of this attack. In this case the user was presented with a warning about self signed certificate and possible security risk, but chose to ignore it as most people would. SSL3/TLS1 is employed on the google server.. Websites using SSL2 and users can be victimzed in a more silent way by focing weak encryption... That is a security issue with the company not the end user.
nathangl 2 years ago 2
Never tried this with ettercap. I've used arpspoof for my local network, with tcpdump / and ssl strip.
Will give it a crack now.
SeanOBriain 2 years ago
ETTERCAP 4TW ! and this guy/girl's using backtrack 3.0 Upwards =)
RobLutken 2 years ago
I wonder if being on a switched network it works or you must be connected using a hub.
dfrojas 2 years ago
Should work on switched networks and hubbed ones afaik
xplagu3 2 years ago
@xplagu3 Will it work on computers on the same switch?
It shouldnt matter if its running a in a VM?
adamh3212 1 year ago
no :) to say in an easy way.... ettercap says hello iam a switch and the whole traffic is reachable!!! nice prog :)
daslama07 2 years ago
@dfrojas The whole point of arp cache poisioning with switches is to get the packets from the other host that a switch normally prevents you from seeing. Hubs will broadcast to all the data to all the ports all the time, and a switch will not.
AskHack 1 year ago
crazy how simple this is...kind of scary in fact
mdawg414 2 years ago
Hey Why this video is not rated yet?! it great! =] However when I try I mine MITM attack using ettercap, it is not using fake etherecap's ssl, don't know why :/
kudresov 2 years ago
Cheers. For SSL support make sure you set in the etter.conf file both ec_uid and ec_gid to 0 (root) and uncomment the appropriate redir_command_on and redir_command_off for your system. (my distro was shipped with iptables)
Hope this helps
xplagu3 2 years ago
I'd rather use sslstrip, because you have to accept the SSL Certificate on the victims machine. Which makes it look suspect to those who knows wtf's going on. ;o)
dellthinker 2 years ago
which distro are you using?
nowayiwill 2 years ago
I used Slackware for both boxes in this video. With that said I don't recommend Slackware as a security OS (or in general) due to the paranoia of stability and lack of support for proprietary software. Debian or FreeBSD would be my first picks :)
xplagu3 2 years ago
thank you for the answer ..:)
nowayiwill 2 years ago