Kali Linux

How to Use Ettercap to Intercept and Sniff Passwords

For man-in-the-middle attacks, Ettercap is a complete suite. It includes live connection sniffing, real-time content filtering, and other intriguing techniques.

It has many network and host analysis features and supports active and passive protocol dissection.

For the attack, we need two machines. The first one is Kali Linux, the other one is Windows, and the Wireshark tool.

In this attack, we’ll see the traffic moving through a Windows computer and a user entering a username and password on a non-secure website. 

  • Firstly, check the IP address of the attacker’s machine using the command ifconfig in the terminal and the IP address of the victim’s machine using the command ipconfig in the command prompt.
  • In my case, the IP address of my Windows (victim’s) machine is 192.168.148.29.
  • Now we will open Ettercap on the attacker’s machine and set the primary interface to eth0.
  • After clicking the checkbox, unified sniffing starts on its own, and by selecting the opting host list on the top of the interface, we can see all the hosts connected with us. We can also see the IP address of the victim’s machine. i.e, 192.168.148.29.
  • We have to set the IP address of the victim machine as Target 1 and the IP address of the server machine as Target 2.
  • Using the option Targets, then Current Target, we can see both Targets.
  • Now on the terminal in the attacker’s machine, we type the command cat /proc/sys/net/ipv4/ip_forward. If it shows 0 as a result, then we have to change it with a 1 using the echo command because, On a Linux system, IP forwarding is enabled when the file /proc/sys/net/ipv4/ip_forward contains a 1 and disabled when it contains a 0.
  • Now we will open Wireshark on the attacker’s machine with the capture interface eth0
  • Now in the ettercap, we have to select the MITM menu after that, Arp Poisoning, and choose the option of Sniff remote connections.
  • After enabling Sniff Remote Connections, we can see the arp requests in the wireshark.
  • We log in on the victim’s machine using the username and password. I am using a testing site, i.e, vulnweb.
  • Here we will enter the username and password; I entered “ethical empire” as a username and “youtube channel” as a password.
  • Now on the attacker’s machine in ettercap, we can see the username and password we entered on that testing website on the victim’s machine.
  • As I pressed the login button twice on the victim’s machine login page, it showed two responses here.

Please consider following and supporting us to stay updated with the latest info

Aman Mishra

Aman Mishra is a eJPT certified and always keen to learn new concepts and methodologies regarding cybersecurity.he is also a cyber security content writer and have passion for sharing my knowledge about the latest threads and trends in the industry.

Recent Posts

SpyAI : Intelligent Malware With Advanced Capabilities

SpyAI is a sophisticated form of malware that leverages advanced technologies to capture and analyze…

3 days ago

Proxmark3 : The Ultimate Tool For RFID Security And Analysis

The Proxmark3 is a versatile, open-source tool designed for radio-frequency identification (RFID) security analysis, research,…

3 days ago

Awesome Solana Security : Enhancing Program Development

The "Awesome Solana Security" collection is a comprehensive resource designed to help developers build more…

3 days ago

IngressNightmare-POCs : Understanding The Vulnerability Exploitation Flow

The "IngressNightmare" vulnerabilities, disclosed in March 2025, represent a critical set of security issues affecting…

3 days ago

AdaptixC2 : Enhancing Penetration Testing With Advanced Framework Capabilities

AdaptixC2 is an advanced post-exploitation and adversarial emulation framework designed specifically for penetration testers. It…

3 days ago

Bincrypter : Enhancing Linux Binary Security through Runtime Encryption And Obfuscation

Bincrypter is a powerful Linux binary runtime crypter written in BASH. It is designed to…

3 days ago