Friday, 17 July 2015

Home / ettercap / Linux / Security / sniffing / Tips and Tricks / tricks / tutorial / Ettercap: A cap that makes you smarter!

Ettercap: A cap that makes you smarter!

by on in , , , , , ,
Ettercap stands for Ethernet Capture. It is a sniffing tool that is used to "Sniff" packets from other devices. This means that you can perform a Man in The Middle Attack using this tool and see what packets are being sent to a device which is connected to the same network (or connected to internet through the same router) as your machine. Simply speaking, it can be used to see which websites are being visited on a phone or PC, and also to find the Usernames and Passwords entered by the user of that device.
NOTE:This tutorial is for Educational Purposes Only. It is intended to be tested on your own network and test it's vulnerability. We will NOT be responsible for any wrong usage.

Ettercap Tutorial ==>


=>Firstly, install Ettercap. In Linux Terminal, type:
sudo apt-get install ettercap-graphical

=>To open it, type:
sudo ettercap -G

=>The GUI(Graphical User Interface) Window of Ettercap shows up. Click on Sniff->Unified Sniffing. If you are connected via wifi, select wlan0 in the Network Interface drop-down menu. Your device may be wlan1 or something else too, but probably it is wlan0. If you are connected to a network through cable, select eth0.

Screenshot from 2015-07-17 21:33:21

=>The Menu Bar shows up more options. We will be doing an attack called "ARP Poisoning". ARP stands for Address Resolution Protocol. In our example, the attacking computer fools the router by telling it that "Hey,I am the victim machine!", and fools the victim machine by telling it that "Hey, I am the router!". In this way, all the data goes to and from our attacking machine, which can then read the packets and forward them to the router or victim machine. So, theoretically, the victim does not come to know that something is wrong. But, in practice, the browser may show security certificate issues, even with websites like google.com, and the internet connection may slow down a litle bit. If you experience any of these symptoms when you are near a super geek, beware! You may be the victim!

=>Click on Hosts->Scan for Hosts. Then, click on Hosts->Hosts list. In my case, 192.168.1.1 is the router and 192.168.1.6 is the victim android phone. Click on the router's ip address and click on Add to Target 1. Click on victim's ip address and click on Add to Target 2.

Screenshot from 2015-07-17 21:44:29

 

 

=>Click on Mitm->ARP Poisoning. In the dialog box that shows up, select Sniff remote connections and click on ok.

Screenshot from 2015-07-17 21:47:19

=>Click on Start->Start Sniffing and you are done!

Screenshot from 2015-07-17 21:48:18

=>As an example, i opened up gmail.com on the victim phone and entered the username and password, which was shown by ettercap:

Screenshot from 2015-07-17 21:49:52

=>To know about the websites visited by the victim, click on Logging->Log all packets and infos. In the dialog box, specify the file name and click ok.

Screenshot from 2015-07-17 21:55:07

=>To open the log file, type:
sudo etterlog name_of_file.eci
In our case, it is:
sudo etterlog EttercapLogFile.eci

It will show you all the pages visited, and also the usernames and passwords entered.

=>To stop sniffing, click on Start->Stop sniffing.Then click on Mitm->Stop Mitm attacks.

Screenshot from 2015-07-17 21:57:15
Author Image

About Unknown
Soratemplates is a blogger resources site is a provider of high quality blogger template with premium looking layout and robust design. The main mission of templatesyard is to provide the best quality blogger templates.

Related Posts:
By at
Labels: , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)