Sunday, October 30, 2016

Errata guide to Ettercap GUI through trial error experience


Ettercap is one of the best sniffing tools available to day, but when it comes to using it on non-security-distros on Noobs guide to Ettercap GUI - through trial, error & experience. - theprohack.com which it is not pre-configured to use with like Fedora , you might land into some problems like me. It all started on a sunny day when I actually thought to try it on Fedora Linux.

PS : I wont be covering ncurses as its quite easy & offers little to no hassles in operations, gave me no errors in operation strangely.

Anyways..I installed ettercap it by typing -

[root@zion xero]#su
Password:
[root@zion xero]# yum install ettercap

or

[root@zion xero]# yum install ettercap-gui

( I actually had problems with this one..)

Yum resolved dependencies & installed it, I ran it on my local lan network assuming to run it on default configuration.

[root@zion xero]# ettercap -T -Q -M ARP //192.168.1.3

It successfully captured all the packets & I was able to get details about capturing.   The real problems started when I started to run it on GUI mode.

[root@zion xero]# ettercap –G

Ettercap - looks promising - theprohack.com

well, the gtk gui popped up & prompted me to the stuff. I quickly pressed shift + U to choose network interface ( in this case my local lan network hooked up to my roommates laptops ), & chose eth0 the default Ethernet interface. I went ahead by scanning for hosts by pressing "ctrl + s" & bam..it crashed.

ettercap NG-0.7.3 copyright 2001-2004 ALoR & NaGA

Ooops ! This shouldnt happen...

Segmentation Fault...

Please recompile in debug mode, reproduce the bug and send a bugreport

Bam..segmentation fault - theprohack.com

okay..I got it..it might need to be crashing cause it has not been updated since a long time. Ah well, I compromised it by scanning partially for hosts & then running it. Again, I chose the host, added it to my target,mitm & started ARP poisoning (using the menu) & then started with unified sniffing.

I got nothing.

Realizing it was not backtrack, I sensibly closed it ( rearping the network..not by deliberately closing it like windows users do by abusing the [X] button) & opened etter.conf

[root@zion xero]# vi /etc/etter.conf

& uncommented the iptables option to look like this

# if you use iptables:
redir_command_on = "iptables -t nat -A PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"
redir_command_off = "iptables -t nat -D PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"

saved it, ran it again.

Again, the same drill, partial hosts scanning,target selection,mitm,arping,sniffing.

bang, I got nothing..again.
I looked at the console output & found -

[root@zion xero]#
ettercap NG-0.7.3 copyright 2001-2004 ALoR & NaGA

iptables v1.3.3: cant initialize iptables table `nat: Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.

wow..I am running the program as root , edited the read only file as root & all i got was to upgrade my kernel ? bullshit! Anyways..back to etter.conf , this time I changed the privileges to 0

[privs]
ec_uid = 0                # nobody is the default
ec_gid = 0                # nobody is the default

The program ran & the error went away :)

but still..i was unable to capture anything in the GUI mode, guess the more user friendly you make it, the more hassles you add with it...sheesh. I was into new stuff like after 10 minutes of waiting I got this -

SEND L3 ERROR: 44 byte packet (0800:06) destined to 192.168.xxx.xxx was not forwarded (libnet_write_raw_ipv4(): -1 bytes written (Operation not permitted)

great...now this was what I was talking about. Now this really got me moving. Its not like everyday when you can target a network in CUI using one command of a program but using a GUI has a lot of strings attached.

Now I did everything very carefully, although I was still not able to figure out the real reason of "Segmentation Fault problem" , but I guess everything works fine if you do it like this -

Configure etter.conf like I stated above, set uid to 0 & uncomment iptables section.

run ettercap using kdesu, yep ran it with elevated privileges in kde environment to avoid "cant initialize iptables error".

[root@zion xero]# kdesu ettercap -G

give your password , & choose network interface (shift + U).

Once done, please be patient, open a new terminal window, change to root & type this command (forwards packets, avoids error :P ) -

[root@zion xero]# echo "1" > /proc/sys/net/ipv4/ip_forward

ettercap now works - theprohack.com

it will avoid the "SEND L3 ERROR" . Once done, do your drill & you will be "finally" able to capture data using GUI. For the rest of elites out there, I guess

[root@zion xero]# ettercap -T -Q -M arp:remote -i eth0 /192.168.1.3/ //

final

seems to work :) man..what a trip.. I would choose wireshark over it anyday..

Happy new year once again..

Untitled-2

 

Like This post ?  You can buy me a Beer :)

Posted by XERO. ALL RIGHTS RESERVED.

Thanks for your readership. Be a Pro,Visit Prohack. RD


Available link for download

Posted by at
Labels: , , , , , , , ,