Ettercap makes Man in the Middle (MITM) Attack easier which provides crackers a lot of login information and confidential information, from MAC addresses to different login ports. The easiest and efficient way to launch an MITM attack is through Address Resolution Protocol (ARP) Poisoning. The question is how?
Alright then let’s take ettercap for a spin then shall we? First find the etter.conf file and edit this, to do this type sudo nano /etc/etter.conf, then remove the # under in front of these two lines:
redir_command_on = “iptables -t nat -A PREROUTING -i %iface -p tcp –dport %port -j REDIRECT –to-port %rport”
redir_command_off = “iptables -t nat -D PREROUTING -i %iface -p tcp –dport %port -j REDIRECT –to-port %rport”
Launch the ettercap GUI by typing in the console or terminal sudo ettercap -G.
Click on Sniff > Unified Sniffing then choose your network interface. If you are connecting through LAN, choose eth0 and if your connected to a wireless network choose wlan0.
Click on Hosts > Scan For Hosts then after the scanning has finished, click on Host List. Add the default gateway to Target 1 and the other IP Addresses to Target 2. Then click on Mitm > Arp Poisoning. Choose Sniff remote connections then click on Start > Start sniffing.
After that you should be able to see some fun stuffs like FTP, HTTP, etc. logins. =)
Disclaimer: This is for educational purposes only. The author is not liable of what you want to do with this information. My goal here is to demystify this kind of attack which some people are not aware of.