IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [ettercap]

a tool for performing man-in-the-middle attacks, redirecting traffic via ARP poisoning and DNS spoofing, detection of hosts on the LAN, detection of network traffic, as well as tools to inspect intercepted traffic.

a tool for performing man-in-the-middle attacks, redirecting traffic via ARP poisoning and DNS spoofing, detection of hosts on the LAN, detection of network traffic, as well as tools to inspect intercepted traffic.

20 questions
2
votes
0 answers

MitM Attack Fails on Home Wireless Router

I am currently trying to perform a MitM attack on my home wireless network to get a better understanding on how this attack works. I can successfully perform this attack on a NAT network on some virtual machines but it will not work on my home…
MrBixbite
  • 21
  • 2
2
votes
1 answer

ettercap filters - drop the packet and inject packet

if (ip.proto == TCP) { if (tcp.src == 2404 || tcp.dst == 2404) { if (DATA.data+6 == 0x64 && DATA.data+8 == 0x07) { msg(" pos activation - drop \n"); drop(); …
user2143063
  • 21
  • 2
2
votes
1 answer

How to "Scan for hosts" only using ettercap CLI?

I've been looking for a command to "Scan for hosts" in the terminal with ettercap CLI. How can I scan the local subnet from the ettercap terminal? The graphical ettercap has the options (see below):
Shuzheng
  • 1,097
  • 4
  • 22
  • 37
2
votes
2 answers

Ettercap error - 'ARP poisoning needs a non empty hosts list'

I use Kali linux VirtualBox VM with its network adapter attached to NAT. I checked that it is connected to the internet [made a simple apt-get update]. I run this command in a terminal: for ip in $(seq 1 254); do ping -c 1 192.168.2.$ip>/dev/null; […
Kostas Demiris
  • 121
  • 1
  • 1
  • 3
1
vote
1 answer

sslstrip gives error "exceptions.AttributeError: 'int' object has no attribute 'splitlines'" when used with ettercap

I have 3 VM's running in VirtualBox. All 3 VM's are connected to a virtual network created from VirtualBox with the IP 192.168.56.1/24 For all VM's are configured Host only Adapter 1 Linux web server that hosts the OWASP broken web applications :…
Enzio
  • 133
  • 6
1
vote
1 answer

DNS Hijack: Only spoofing sites listed in etter.dns

I'm trying to create a more practical DNS Hijack MITM attack. I do the traditional ARP poison with dns_spoof method. I don't have any issues getting it to work. The intended domain redirects exactly as expected. The only issue is that the current…
user21303
  • 151
  • 2
  • 4
  • 11
1
vote
0 answers

Bettercap/ettercap unable to detect HTTP packets

Basically, I am trying to sniff the network traffic from my other computer. So here's the situation: I am in a network, where: 192.168.1.1 - default gateway 192.168.1.24 - "victim" (my other computer) 192.168.1.20 - "attacker" I am using bettercap,…
minecraftplayer1234
  • 111
  • 1
1
vote
2 answers

Ettercap man in the middle - ARP poison

I am experimenting a bit with Ettercap in my local Wifi Lan. I have a router (R), my pc (P) with Ettercap running on it and my smarthphone (S). In particular am testing the ARP poison MIM attack and it seems to work, but I have some doubts. I have…
Edge7
  • 130
  • 11
1
vote
0 answers

Replacing HEX data with ettercap filters

I am trying to intercept TCP traffic and alter the data in the packet using an ettercap filter. I am man-in-the-middling communication and have set up the following filter for use with ettercap: if (search(DATA.data, "\x32\x30\x00\x00\x00\x04")) { …
user3046771
  • 165
  • 2
  • 11
1
vote
0 answers

How to steal a HTTP packet, change and re-send

I'm doing a project to my college and I have this scenario: Arduino (192.168.0.113): Receiving packets and send response My router (192.168.0.2): WPS from my gateway My gateway (192.168.0.1): Receive the internet and has DHCP Server My Attacker…
Gabriel Oraboni Carvalho
  • 11
  • 3
1
vote
0 answers

How to use Ettercap arp spoofing to log internet traffic (how to resolve ineffective arp spoofing)?

I want to capture all internet traffic on a small network, so I am experimenting with ARP spoofing of the default gateway but I don't see the spoofed ARP cache entries. I am using two Linux machines on the network, one - the attack machine - runs…
starfry
  • 291
  • 2
  • 7
0
votes
0 answers

How to redirect ettercap or arp poisoned traffic to burp suite or mitmproxy?

I have poisoned the target using Ettercap and redirected the traffic to my IP address. The question is, how to intercept and modify this traffic using burp suite or mitm proxy? The only condition is, I cannot do any client-side modification. The…
Kishore Mohanavelu
  • 101
  • 2
0
votes
1 answer

Change ettercap default port

Guys does anyone know how I can change the port that ettercap runs? I need it to run on port 8080. When I try to run sudo ettercap -G it presents me with this error: ERROR : 13, Permission…
Maria Eduarda
  • 111
  • 4
0
votes
0 answers

Man in the middle after evil twin

I've set up an Evil twin access point using the aircrack suite, what i'm missing is how to complete the man in the middle access point side like the picture shown below, I've been suggested ettercap but I'm not familiar with it. The goal is: …
user229412
  • 1
0
votes
0 answers

What is wrong with this ettercap dump file?

I am trying to read a dump file which is created with ettercap. But when I am trying to read it with ettercap it is saying: Error while capturing: bogus savefile header And I can't read the file with tcpdump or wireshark either. What is wrong with…
Sohan Arafat
  • 103
  • 4
1
2