@ExON00: are you trying to sniff packets from a network you aren't on? If so, I think you may want to look at Kismet. But, if you are not on the network, and the network is encrypted, you wouldn't be able to decrypt it with out a key.
If you are already on a network and using ettercap, bssid isn't going to help you out.
@sebster3gmail: I'm betting those are the line that enable iptable. That is why you are getting those messages. That is the only way to intercept encrypted passwords, but any modern browser will warn the end user. If you comment out those lines again you shouldn't get those message anymore and you can still sniff unencrypted traffic.
When ever i sniff my network, on my target machine i use firefox and if i try to log into a secure site i get a page blocking me. saying that it is unsafe to acsess that page.
Ex. it wont le me go to my google account, it also tells me that the certificate is fake or someting like that.
@sebster3gmail: This should only happen if you are trying to do a "man in the middle" to retrieve passwords. This requires making changes to you iptable. If you made changes to your IPtables, undo them. If you didn't then maybe the distro you are using automatically does this. What Distro are you running?
If you are trying to sniff passwords this will happen. It means your browser is doing what it is suppose to.
@CalmOne13: First off, when you say it's not working, are you getting an error message? If not, then it's probably working, your just giving it the wrong info.
You say you tried "to put -i insted of -a". Those are two completely different things. One does not replace the other. Since you are working with a binary files you need to use "-a". The "-i" just means you want the search to be case insensitive.
Are you sure what you are searching for is in the file?
When you use "// //" or "// /192.168.1.1/" it says "all the hosts in the list". However, if a new host were to add itself to the network AFTER you have started ettercap, will it be added to the list of hosts or will ettercap not be scanning anything that that computer does?
@Rypervenche: I've wondered the same thing myself,but never checked. A simple way to check would be, start up ettercap. once it is running, press "l" and it will list all hosts. Then connect to the network with another computer and press "l" again. See if the new computer is listed.
@AmericanSD: Not using Konsole, I'm using Gnome-Terminal. But either way the high lighting is in the grep settings. It's that way by default on my Distro. I'm sure that depending on your version of grep you should be able to set it up in a config file. I haven't done it myself, so I couldn't tell you off the top of my head how to do it.
@AmericanSD: Did you mean that your not getting any readings? What is the exact command you typed? are you getting Error messages? while Ettercap is running press "l" and it will give you a list of computers you are sniffing from. I really can't help you if you don't give me information.
@metalx1000 Thank you very much for the quick reply. Just to be clear, I would say that I am reading traffic, but not the one I want. I am running: [ ettercap -T -i eth1 -q -p -M ARP // // ], hopping to sniff for password in an unencrypted network, so I can prove to my boss that encryption is necessary (duhhh, I know... :) )
after running the command, it starts listening but never returns anything after I perform log-ins on the browser.
@AmericanSD: Also, I would add -w and save the output to a file. Then you can use Wireshark to view the data later on. with the -q you may or may not see password while it's capturing depending on how they are being sent.
Also, there is a way for ettercap to sniff encrypted password, but it takes some iptables setup as well. I haven't played with that feature in a long time, but I'm guessing it still works (maybe), it is something to look into.
@AmericanSD: I hear great things about it all the time. I've never used it myself. Basically any LiveCD will work. I just guess Backtrack has a lot of tools installed on it by default.
@AmericanSD: You can use it on those networks id you are logged into them with the key. you can use Kismet to capture packets from wifi you are not logged onto, but you can't read any of it with out the encryption key. This is exactly why encryption is necessary. Although there are some things you can do to get around encryption. MITM and things like the PineApple.
I hope you know ettercap is backdoored.
weedpls 1 week ago
Good stuff friend.
wwwyoutubecom/theoriginalfatdonkley
theoriginalfatdonkey 2 weeks ago
This has been flagged as spam show
207.126.115.193
this IP for bad website to voilence kids ... plzzzz attack and ddos this IP 207.126.115.193
57373732 1 month ago
do you have to use IP, or could you use bssid?
ExON00 2 months ago
@ExON00: are you trying to sniff packets from a network you aren't on? If so, I think you may want to look at Kismet. But, if you are not on the network, and the network is encrypted, you wouldn't be able to decrypt it with out a key.
If you are already on a network and using ettercap, bssid isn't going to help you out.
metalx1000 1 month ago
@metalx1000 Thank you for answering, and keep up the good work :)
ExON00 1 month ago
Tx for the reply.
I am using BT5 or CrunchBang. The only change i recall is the one on line 167-168 of etter.conf .
Removing the #.
Ps: i like your videos.
You explains things verywell.
sebster3gmail 4 months ago
@sebster3gmail: I'm betting those are the line that enable iptable. That is why you are getting those messages. That is the only way to intercept encrypted passwords, but any modern browser will warn the end user. If you comment out those lines again you shouldn't get those message anymore and you can still sniff unencrypted traffic.
metalx1000 4 months ago
can you please tell me,
When ever i sniff my network, on my target machine i use firefox and if i try to log into a secure site i get a page blocking me. saying that it is unsafe to acsess that page.
Ex. it wont le me go to my google account, it also tells me that the certificate is fake or someting like that.
Is there a way to get around that? Tx
sebster3gmail 4 months ago
@sebster3gmail: This should only happen if you are trying to do a "man in the middle" to retrieve passwords. This requires making changes to you iptable. If you made changes to your IPtables, undo them. If you didn't then maybe the distro you are using automatically does this. What Distro are you running?
If you are trying to sniff passwords this will happen. It means your browser is doing what it is suppose to.
metalx1000 4 months ago
my grep is not working...don't know why. I tryed to put -i insted of -a, still nothing.
CalmOne13 10 months ago
@CalmOne13: First off, when you say it's not working, are you getting an error message? If not, then it's probably working, your just giving it the wrong info.
You say you tried "to put -i insted of -a". Those are two completely different things. One does not replace the other. Since you are working with a binary files you need to use "-a". The "-i" just means you want the search to be case insensitive.
Are you sure what you are searching for is in the file?
metalx1000 10 months ago
When you use "// //" or "// /192.168.1.1/" it says "all the hosts in the list". However, if a new host were to add itself to the network AFTER you have started ettercap, will it be added to the list of hosts or will ettercap not be scanning anything that that computer does?
Rypervenche 11 months ago
@Rypervenche: I've wondered the same thing myself,but never checked. A simple way to check would be, start up ettercap. once it is running, press "l" and it will list all hosts. Then connect to the network with another computer and press "l" again. See if the new computer is listed.
metalx1000 11 months ago
will you decipher the ...::: OnyxCode :::...
OnyxCode 11 months ago
Subscribed. After few minutes I started to get used thanks to your guide. Keep up with them.
Polenowski 1 year ago
USELESS USE OF CAT
013108today 1 year ago
@GwWoYA: The command to get information on your network card, such as ip address, is 'ifconfig'
There are a number of ways to find out what other computers are on your network.
on way is :
arp-scan -l -I wlan0
"wlan0" being your network card. Change accordingly.
another is if you already have ettercap running press "L" for a list of ips you are monitoring.
metalx1000 1 year ago
Very neat display. Where in the Konsole did you customize search results to be in red?
AmericanSD 1 year ago
@AmericanSD: Not using Konsole, I'm using Gnome-Terminal. But either way the high lighting is in the grep settings. It's that way by default on my Distro. I'm sure that depending on your version of grep you should be able to set it up in a config file. I haven't done it myself, so I couldn't tell you off the top of my head how to do it.
metalx1000 1 year ago
FOr some reason, I am getting any reading on traffic even though I am running bt4 as root. help! :)
AmericanSD 1 year ago
@AmericanSD: Did you mean that your not getting any readings? What is the exact command you typed? are you getting Error messages? while Ettercap is running press "l" and it will give you a list of computers you are sniffing from. I really can't help you if you don't give me information.
metalx1000 1 year ago
@metalx1000 Thank you very much for the quick reply. Just to be clear, I would say that I am reading traffic, but not the one I want. I am running: [ ettercap -T -i eth1 -q -p -M ARP // // ], hopping to sniff for password in an unencrypted network, so I can prove to my boss that encryption is necessary (duhhh, I know... :) )
after running the command, it starts listening but never returns anything after I perform log-ins on the browser.
Thank you again
AmericanSD 1 year ago
@AmericanSD: Also, I would add -w and save the output to a file. Then you can use Wireshark to view the data later on. with the -q you may or may not see password while it's capturing depending on how they are being sent.
Also, there is a way for ettercap to sniff encrypted password, but it takes some iptables setup as well. I haven't played with that feature in a long time, but I'm guessing it still works (maybe), it is something to look into.
metalx1000 1 year ago
@metalx1000 Great! I should definitely look into that. Do you think that Backtrack 4 is the best Penetration testing tool?
AmericanSD 1 year ago
@AmericanSD: I hear great things about it all the time. I've never used it myself. Basically any LiveCD will work. I just guess Backtrack has a lot of tools installed on it by default.
metalx1000 1 year ago
@metalx1000 Thank you for following up. :)
AmericanSD 1 year ago
Can you use ettercap on wireless networks that are encrypted with WEP, WPA, or application-layer encryption h t t p s
AmericanSD 1 year ago
@AmericanSD: You can use it on those networks id you are logged into them with the key. you can use Kismet to capture packets from wifi you are not logged onto, but you can't read any of it with out the encryption key. This is exactly why encryption is necessary. Although there are some things you can do to get around encryption. MITM and things like the PineApple.
metalx1000 1 year ago
test
AmericanSD 1 year ago
I'd be grateful If you made a video about installing linux iso images from hard drive.
I have an old PC without usb boot support and i don't want to burn a CD.
basem1393 2 years ago
all I can say is...wooooooooow.... thanks for this shit man,
dilibau 2 years ago
I've got a lest 4 more ettercap videos coming over the next week or two, so keep watching.
metalx1000 2 years ago
using ettercap and driftnet side by side may be also helpful .
virtualdefense 2 years ago
I have actually already made a video about that, just don't want to post everything at once.
metalx1000 2 years ago