I am really sorry for posting tutorials after so many days.. Here I am with brand new hacking secret which I enjoy many times with ettercap.. A URL sniffer for Linux.
Ettercap is a suite for man in the middle attacks on LAN. It features sniffing of live connections, content filtering on the fly and many other interesting tricks. It supports active and passive dissection of many protocols (even ciphered ones) and includes many feature for network and host analysis.
Ettercap is available in the Ubuntu 8.10 repositories, and can be added either via Synaptic or through the
$ sudo apt-get install ettercap
Once installed, it can be accessed from the Applications menu. Please note you will need administrative access to run this program.
ARP stands for Address Resolution Protocol and it allows the network to translate IP addresses into MAC addresses. A MITM attack is one where a hijacker’s machine is placed in the logical way between two machines connected together.
Once positioned in the middle the hijacker can listen to and bypass all traffic between the two machines.
1. Open a terminal and start ettercap as root : sudo ettercap -G
2. Click Sniff > Unified, select the NIC you want to use.
3. Click Hosts > Scan for hosts
4. Click Host, Hosts List (or just press H)
5. In the hosts list, highlight the victim host and click the button “Add to Target1”.
6. Click Start > Start sniffing
7. Click Mitm > Arp poisoning. Select the “Sniff Remote Connections” option.
You should now see the list of connections and passwords scrolling in the space below.
8. To stop the attacks, click Mitm > Stop Mitm attacks.
9. Click Sniff > Stop Sniffing > Exit.
Note: If you see an error about SSL dissection, you need to uncomment some code in the etter.conf file to enable SSL dissection.
Open up a terminal window and type “sudo nano /usr/local/etc/etter.conf”, without the quotes. Scroll down using your arrow keys until you find this piece of code.
if you use iptables:
# redir_command_on = “iptables -t nat -A PREROUTING -i %iface -p tcp -dport %port -j REDIRECT -to-port %rport” # redir_command_off = “iptables -t nat -D PREROUTING -i %iface -p tcp -dport %port -j REDIRECT -to-port %rport”
Just uncomment the above two lines and you will stop receiving the error.