Sometime back I asked a similiar question but since then I have still to accomplish what I am asking. So I have to keep trying and asking and learning

I have Yamas installed on my N900 maemo 5 (ver 20.2010.36-2 ). Yamas has all the dependencies installed and working with success. Yet when I try to do Mitm attack on my own network,the password terminal page stays empty. On the victim pc I log into http and https sites (which I can see the packet exchange connections whenever I open Wireshark). I have tried command 'yamas' *ARP spoofing and 'yamas -e' ettercap. I use deault yama settings, port 8080, 80 and router ip 192.168.0.1.
My NIC, when I do the mitm attck is wlan0. I have a virgin media superhub(can not remember router brand). Why is my attack not successful. Any little hint would be of great help.


Thanks community

Quick reply...
Bumping. I would like to help you, but I don't know much about networks, routers, Wireshark, et cetera.
Best wishes.

Thanks for the bumb, Wikiwide ^^

Hmmm which ettercap do you have? And can you manually perform an MITM with ettercap only? I will skip https / ssl for now

Please if you didn't install ettercap-gtk, please do. It's easier via GUI
Open it in terminal by issuing ettercap -G
Then a windows should popup with ettercap..

Sniff -> Unified Sniffing
Hosts -> Scan for Hosts
Let it finish and open host list
Host -> Host List
Add the router to target one
Add the victim to target two

mitm -> Arp poisoning and check sniff remote connections
at last
Start -> Start Sniffing

And passwords (NON-secure) should show up in the console of ettercap

Then start

Thanks for replying Mr_Pingu.

I have Ettercap 0.7.4.1 and I did manage to get HTTP login from a controlled enviroment ettercap -G GUI. However, I was wondering how to get HTTPS logins either with Yamas or indeed Ettercap. I have tried with Yamas but as I first mentioned, the password terminal stays blank. How would I go with getting ettercap to sniff secure socket layers? Do I need to edit the etter file?

Thanks

AFAIK ettercap don't do that.

So, any idea why command 'Yamas -e' is not showing SSL logins?

You need to use yamas without -e flag because, AFAIK, Ettercap don't handle with https. So, you need arpspoof that is the default option of YAMAS.

AFAIK arpspoof is not going to get you anywhere if you want to see SSL logins, arpspoof will, as its name implies, spoof the ARP cache on a target machine, not remove SSL. The simplest way to achieve SSL passwords on a MITM attack is using a tool such as sslstrip (python script) that will relay the connection to the page as HTTP to the client, so they don't get the HTTPS page, they get it on HTTP instead.

You could spoof your own certificate but that will spit a huge warning on their screen that is a little more suspicious than non-HTTPS where most users (i.e. my father) might not realize.

Saponga is right, Ettercap can't do SSL unless you compile the 0.7.5 version for maemo. I could ask colin.stephane again

I don't have the time to write a detailed guide now, but generally ettercap is only used to arp poison the network you are targetting. From there you use sslstrip to sniff secured connection.

It should work with both -e option and normal, as ettercap is only used to ARP poison and rest is done by sslstrip. Anyway somehow it's impossible to sniff maemo.org passwords and login (easily).

Edit: while I was typing this Pablocrossa sneaked between but it's essentially the same story

Right I sort of get it now. I will give up ettercap unless I am only after http. I want to stick to Yamas but need to understand a bit further.I have sslstrip installed and as I know of it, it automatically runs when Yamas is executed and yet I see no passwords in Yamas? Why is Yamas not displaying any secure and non-secure login sites?