PDA

View Full Version : ettercap problem using 0.7.6 and 0.7.3



johnjohnsp1
2013-05-25, 08:56
Hello,
not sure this is the correct area to post it and feel free to move it, but here i go with the trouble i had:

i been used the git above to update the version i had in my backtrack distro, KALI LINUX at the moment, using the virutal machine VMFusion on a OSXMountain Lion.
Installation did make it fine with all the deps required, edited the etter.conf file where i changed the lines:
ec_uid = 0 # nobody is the default
ec_gid = 0 # nobody is the default
and the lines:
#redir_command_on = "ipchains -A input -i %iface -p tcp -s 0/0 -d 0/0 %port -j REDIRECT %rport"
#redir_command_off = "ipchains -D input -i %iface -p tcp -s 0/0 -d 0/0 %port -j REDIRECT %rport"
# if you use iptables:
redir_command_on = "iptables -t nat -A PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"
redir_command_off = "iptables -t nat -D PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"

Then i fire it up with this command:
ettercap -Tqi eth0 -M ARP:REMOTE // //
programs do all the things > scan the lan for hosts > and put the tag ANY / ANY inside the both groups.

I then start browsing, for example, https://gmail.com and the only thing i get is as output:

DHCP:[xx:xx:xx:xx:xx:xx] REQUEST:[xx:xx:xx:xx:xx:xx]

I checked the file /proc/sys/net/ipv4/ip_forward and is show as value 0, i then tried to put it ad 1 and noticed that when i launch ettercap that value will go back at 0.
I then tried to see the value of /etc/sysctl.conf at the line net.ipv4.ip_forward=1 and is enabled.
Just as last try i did the same test with the old version of ettercap like the 0.7.3 with another virtual machine like backtrack3 .. ( old times back i know.. ) and the try been looking good,
it captured all the traffic like:
IMAP: 74.xxx.xxx.xxx:993 -> User: .... Password: ....

Then i tried to look the conf files and both were the same, i also make a copy of the same etter.conf file for both the VM's but looks like 0.7.3 is working and 0.7.6 not working.
Tried with different physical PC like desktop,notebook running Windows7,8 OSX.. nothin the version that just working is the 0.7.3

Probably something at kernel side ? since backtrack3 is 2.6 and kali linux is 3.7 ?
Someone else got the same problem ?
Anyone able show me the difference between the both screenshot ? Would be awesome to solve this

cant upload any screenshots..