Hardware Reference
In-Depth Information
Traffic logging
For our next example, we will capture and log all communications between the
router and one specific computer on your network. Use the following command but
replace [Router IP] with the IP address of your router and [PC IP] with the IP
address of one particular computer on your network:
pi@raspberrypi ~ $ sudo ettercap -q -T -i wlan0 -M arp:remote -d -L
mycapture /[Router IP]/ /[PC IP]/
Here, we're still in interactive mode and can use the key commands, but we've
also specified the -q flag for quiet mode. This prevents packets from flooding our
screen, but we will still receive notices about captured log in credentials. The -L
mycapture argument enables the logging mechanism and will produce two log files:
mycapture.eci , containing only information and captured log in credentials and
mycapture.ecp , containing all the raw network packets.
The log files can then be filtered and analyzed in different ways with the etterlog
command. For example, to print out all HTTP communications with Google, use the
following command:
pi@raspberrypi ~ $ sudo etterlog -e "google.com" mycapture.ecp
Use etterlog --help to get a list of all the different options to manipulate the
log files.
Shoulder surfing in Elinks
Ettercap offers additional functionality in the form of plugins that can be loaded
from the interactive mode with the P key or directly on the command line using the
-P argument. We'll be looking at the sneaky remote_browser plugin that allows
us to create a shadow browser that mimics the surfing session of the browser on a
remote computer. When the remote computer surfs to a site, the plugin will instruct
your elinks to also go to that site.
To try this out, you need to start elinks first in one terminal session, as root:
pi@raspberrypi ~ $ sudo elinks
Then we start Ettercap with -P remote_browser in another terminal session:
pi@raspberrypi ~ $ sudo ettercap -q -T -i wlan0 -M arp:remote -P remote_
browser /[Router IP]/ /[PC IP]/
As soon as Ettercap picks up a URL request from the sniffed PC, it will report this on
the Ettercap console and your Elinks browser should follow along. Press the H key in
elinks to access the history manager and Q to quit elinks .
 
Search WWH ::




Custom Search