Your SlideShare is downloading. ×
The magic of ettercap
The magic of ettercap
The magic of ettercap
The magic of ettercap
The magic of ettercap
The magic of ettercap
The magic of ettercap
The magic of ettercap
The magic of ettercap
The magic of ettercap
The magic of ettercap
The magic of ettercap
The magic of ettercap
The magic of ettercap
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

The magic of ettercap

2,209

Published on

null Pune December'11 Meet

null Pune December'11 Meet

Published in: Education, Technology
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
2,209
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
0
Comments
0
Likes
2
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. By Pankit Dubal
  • 2. Ettercap Intercepts traffic Alters traffic Does lots of scary things Has powerful (and easy to use) filtering language that allows for custom scripting Can be “unified” or “bridged”
  • 3. Unified and Bridged
  • 4. Password Sniffer Ettercap has a powerful password sniffer, and can find and display passwords in following protocols: TELNET, FTP, POP, IMAP, rlogin, SSH1, ICQ, SMB, MySQL, HTTP, NNTP, X11, Napster, IRC, RIP, BGP, SOCKS 5, IMAP 4, VNC, LDAP, NFS, SNMP, Half-Life, Quake 3, MSN, YMSG
  • 5. (show demo)
  • 6. Dns Tampering Ettercap can intercept DNS requests, check against its own configuration, and reply back with an illegitimate IP Fake response occurs before the real response can reach the target, so the victim computer ignores it Can be done easily in “unified” mode, no bridging required
  • 7. Dns Tampering • So what does this look like?Victim: where is youtube.com?Ettercap: do I have a record for this? If so, reply with an illegitimate IP addressVictim: I received an answer to my request for www.youtube.com, so all is wellLegit DNS Server: I know this record, replying with legit IPVictim: I just got another response for my request, but it’s already been fulfilled, so I’m ignoring this response
  • 8. Dns Tampering• This attack is perfect for situations wherebridging isn‟t possible • (perhaps the attacker doesn‟t have physical access that high up in the network)• Isn‟t foolproof though • SSL-protected websites will present certificate errors • If the line is fast enough, the legitimate DNS server can reply before Ettercap has had time to process and submit its own res
  • 9. SSL Sniffing• Ettercap can sniff and modify SSL packetsby sending an unsigned certificate to thevictim
  • 10. Carnegie Mellon Study (2010) In an online study conducted among 409 participants, the researchers found that the majority of respondents would ignore warnings about an expired Secure Sockets Layer (SSL) certificate. The more tech-savvy the user, the more likely they would be to ignore it, the study found. 50 percent of Firefox 2 users polled who could identify the term "expired security certificate," 71 percent said they would ignore the warning. Of the 59 percent of Firefox 2 users who understood the significance of a "domain mismatch" warning, 19 percent said they would ignore the hazard. The Carnegie Mellon team conducted a second study, with 100 participants and under lab conditions. The participants were shown an invalid certificate warning when they navigated to a bank Web site. 69 percent of technologically savvy Firefox 2 users ignored an expired certificate warning from their bank. * Taken from http://news.cnet.com/8301-1009_3-10297264-83.html
  • 11. ISU WebCT Case StudyInyear 2009, the certificate for WebCT was notrenewed before its expirationITS was immediately inundated with calls andrequests for support; employees walked usersthrough how to ignore the certificate error The certificate remained invalid for two daysSuch problems train the average user to simplyignore these types of warnings “I‟ve seen this before, and they just told me to click ignore last time.”
  • 12. SSL Sniffing What’s the take-away? • It’s easy to sniff SSL with an invalid certificate • People ignore SSL warnings • Most will continue onwards anyway Remember: if you encounter an invalid certificate, be careful and use your head!
  • 13. Ways to stop it. To keep a static arp for the gateway To use tools like Arpwatch in the background To use arp_cop plugin of the ettercap.
  • 14. Thank you andhave fun with ettercap

×