Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

Ettercap SSL Decryption
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
ElSenorPantelone
n00b
n00b


Joined: 24 Jan 2006
Posts: 72
PostPosted: Mon Apr 16, 2007 5:21 am    Post subject: Ettercap SSL Decryption Reply with quote
Hey, I run the computers in my family's household, and I have been concerned with the ease and severity of SSL mitm (man-in-the-middle) attacks against users behind a LAN. The reason why I am concerned is because they need to use WEP (some of their hardware is not compatible with WPA) and since cracking WEP is trivial, it does not provide them with any protection.

I have used ettercap to successfully poison the ARP cache of two PCs, and have successfully gotten passwords for simple sites, for example, hotmail and gmail.

Below is the ettercap command I used to get into curses and write the dump file.
Code:

ettercap -i eth0 -C -w /home/user/data


What I am worried about is our financial data. Basic SSL mitm was unable to to retrieve the data when connecting to my Capital One bank account, but I am not sure if they hash the password before being transferred or if the password is sent, and is simply ignored by ettercap.

I wrote a dump file containing all of the packets, however, while ettercap decrypts the SSL data to display on the terminal, it does not decrypt and save the data in the packet capture file. So, when I sniff my gmail account information, I see the password in ettercap, but when I search the resulting capture file in wireshark, the password is not in plaintext.

How do I tell ettercap to decrypt all data for which it has the private key before writing the capture file. I need to do more research to determine if my they should just bite the bullet and upgrade the equipment to WPA, or if the bank employs more advanced forms of encryption beyond that of SSL to obfuscate the password.
Back to top
View user's profile Send private message
ElSenorPantelone
n00b
n00b


Joined: 24 Jan 2006
Posts: 72
PostPosted: Mon Apr 16, 2007 7:06 pm    Post subject: Reply with quote
bump
Back to top
View user's profile Send private message
ElSenorPantelone
n00b
n00b


Joined: 24 Jan 2006
Posts: 72
PostPosted: Wed Apr 18, 2007 2:20 pm    Post subject: Reply with quote
Of course I understand that I will no longer be able to decrypt the data from my computer to the server because I only have the public key. However since ettercap generated, on the fly, the certificate to present to the other pc, I have the private key, and then should be able to decrypt it.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy