How to Use Ettercap to Intercept and Sniff Passwords
For man-in-the-middle attacks, Ettercap is a complete suite. It includes live connection sniffing, real-time content filtering, and other intriguing techniques.
It has many network and host analysis features and supports active and passive protocol dissection.
For the attack, we need two machines. The first one is Kali Linux, the other one is Windows, and the Wireshark tool.
In this attack, we’ll see the traffic moving through a Windows computer and a user entering a username and password on a non-secure website.
Firstly, check the IP address of the attacker’s machine using the command ifconfig in the terminal and the IP address of the victim’s machine using the command ipconfig in the command prompt.
In my case, the IP address of my Windows (victim’s) machine is 192.168.148.29.
Now we will open Ettercap on the attacker’s machine and set the primary interface to eth0.
After clicking the checkbox, unified sniffing starts on its own, and by selecting the opting host list on the top of the interface, we can see all the hosts connected with us. We can also see the IP address of the victim’s machine. i.e, 192.168.148.29.
We have to set the IP address of the victim machine as Target 1 and the IP address of the server machine as Target 2.
Using the option Targets, then Current Target, we can see both Targets.
Now on the terminal in the attacker’s machine, we type the command cat /proc/sys/net/ipv4/ip_forward. If it shows 0 as a result, then we have to change it with a 1 using the echo command because, On a Linux system, IP forwarding is enabled when the file /proc/sys/net/ipv4/ip_forward contains a 1 and disabled when it contains a 0.
Now we will open Wireshark on the attacker’s machine with the capture interface eth0
Now in the ettercap, we have to select the MITM menu after that, Arp Poisoning, and choose the option of Sniff remote connections.
After enabling Sniff Remote Connections, we can see the arp requests in the wireshark.
We log in on the victim’s machine using the username and password. I am using a testing site, i.e, vulnweb.
Here we will enter the username and password; I entered “ethical empire” as a username and “youtube channel” as a password.
Now on the attacker’s machine in ettercap, we can see the username and password we entered on that testing website on the victim’s machine.
As I pressed the login button twice on the victim’s machine login page, it showed two responses here.
Aman Mishra is a eJPT certified and always keen to learn new concepts and methodologies regarding cybersecurity.he is also a cyber security content writer and have passion for sharing my knowledge about the latest threads and trends in the industry.