1. Let’s assume your neighbour uses linux to crack your wep key. After cracking it, he installs ettercap (http://ettercap.sourceforge.net/) on his linux system. If you want to do this at home, I would recommend you to download BackTrack because it already has everything installed. If you want to install it on your own linux distribution, download the source and install it with the following commands:
$ tar -xzvf ettercap-version.tar.gz
$ make
$ make install
To install in Ubuntu simply click here within firefox or:
sudo apt-get install ettercap-gtk
2. After installing, you need to uncomment some code to enable SSL dissection. Open up a terminal window and type “nano /usr/local/etc/etter.conf”, without the quotes. Scroll down using your arrow keys until you find this piece of code:
if you use iptables:
* # redir_command_on = “iptables -t nat -A PREROUTING -i %iface -p tcp -dport %port -j REDIRECT -to-port %rport”
* # redir_command_off = “iptables -t nat -D PREROUTING -i %iface -p tcp -dport %port -j REDIRECT -to-port %rport”
You need to uncomment the last two lines.
* redir_command_on = “iptables -t nat -A PREROUTING -i %iface -p tcp -dport %port -j REDIRECT -to-port %rport”
* redir_command_off = “iptables -t nat -D PREROUTING -i %iface -p tcp -dport %port -j REDIRECT -to-port %rport”
3. Press CTRL+O, press enter to safe the file and then press CTRL+X.
4. Start Ettercap and click on Sniff > Unified Sniffing > type in your wireless interface and press ok.
5. Press CTRL+S to scan for hosts
6. Go to MITM > ARP poisoning, select sniff remote connections and press ok.
7. Now you (and your neighbour!) can start sniffing! Press start > start sniffing. Walk to another computer on your network and open up paypal or any other site where you need to type in an username/password (gmail, hotmail, digg.com, etc.). All credentials will appear on the computer running Ettercap!
8. When you’re done, don’t just close Ettercap, but go to Start > Stop Sniffing, and then go to MITM > Stop mitm attack(s).
But how does all this stuff work?
Look at the following scheme:
Normally when you type in a password, host 1 (your computer) directly connects to host 2 (your modem or router). But if someone launced Ettercap on your network, host 1 isn’t sending it’s passwords to host 2, but to the Attacking host, the host that’s running Ettercap! The attacking host sends everything to Host 2. This means that host 1 isn’t noticing anything! Exactly the same happens with everything that host 2 is sending. Host 2 doesn’t send packets directly to host 1, but forst to the attacking host.
