Linux and Open Source Blog

  • Home
  • WordPress Plugins
  • About
  • Contact

How to sniff or hack someone’s username and password even if it is over an SSL encrypted connection

Posted on November 28, 2007 by Linewbie.com Posted in applications/software, guides, how to, security .

Introduction

Do you think you’re safe if you type https :// before paypal.com? I hope you’ll think twice before you login from a computer connected to a wireless network after reading this guide. Let’s start at the beginning. Let’s say you have an evil neighbour who wants your paypal credentials. He buys himself a nice laptop with a wireless card and, if you are using a wep encryption, he cracks your wep code (click here to see how). After cracking the key he logs into your network. Maybe you always allowed him to use your network because you thought it can’t do any harm to your computer. You aren’t sharing any folders so what’s the problem? Well, in the next few steps I’m going to describe the problem.

The guide

1. Let’s assume your neighbour uses linux to crack your wep key. After cracking it, he installs ettercap (http://ettercap.sourceforge.net/) on his linux system. If you want to do this at home, I would recommend you to download BackTrack because it already has everything installed. Look at the WEP cracking guide I mentioned above for more info about BackTrack. If you want to install it on your own linux distribution, download the source and install it with the following commands:

$ tar -xzvf ettercap-version.tar.gz
$ make
$ make install

2. After installing, you need to uncomment some code to enable SSL dissection. Open up a terminal window and type “nano /usr/local/etc/etter.conf”, without the quotes. Scroll down using your arrow keys until you find this piece of code:

# if you use iptables:
# redir_command_on = “iptables -t nat -A PREROUTING -i %iface -p tcp –dport %port -j REDIRECT –to-port %rport”
# redir_command_off = “iptables -t nat -D PREROUTING -i %iface -p tcp –dport %port -j REDIRECT –to-port %rport”

You need to uncomment the last two lines.

# if you use iptables:
redir_command_on = “iptables -t nat -A PREROUTING -i %iface -p tcp –dport %port -j REDIRECT –to-port %rport”
redir_command_off = “iptables -t nat -D PREROUTING -i %iface -p tcp –dport %port -j REDIRECT –to-port %rport”

3. Press CTRL+O, press enter to safe the file and then press CTRL+X.

4. Boot Ettercap and click on Sniff > Unified Sniffing > type in your wireless interface and press ok.

5. Press CTRL+S to scan for hosts

6. Go to MITM > ARP poisoning, select sniff remote connections and press ok.

7. Now you (and your neighbour!) can start sniffing! Press start > start sniffing. Walk to another computer on your network and open up paypal or any other site where you need to type in an username/password (gmail, hotmail, digg.com, etc.). All credentials will appear on the computer running Ettercap!

8. When you’re done, don’t just close Ettercap, but go to Start > Stop Sniffing, and then go to MITM > Stop mitm attack(s).

But how does all this stuff work?

Look at the following scheme:

Normally when you type in a password, host 1 (your computer) directly connects to host 2 (your modem or router). But if someone launced Ettercap on your network, host 1 isn’t sending it’s passwords to host 2, but to the Attacking host, the host that’s running Ettercap! The attacking host sends everything to Host 2. This means that host 1 isn’t noticing anything! Exactly the same happens with everything that host 2 is sending. Host 2 doesn’t send packets directly to host 1, but forst to the attacking host.

28 Comments
Tags: ettercap, hack, hacking password, password, sniffing, sniffing username, ssl cracking, ssl hacking, ssl security, ssl sniffing, username .
« Remove the dotted border around hyper links with CSS
How To Install VMware Server 1.0.4 On Ubuntu 7.10 (Gutsy Gibbon) »

28 Responses

  1. Pingback: How to sniff or hack someone??s username and password even if it is over an SSL encrypted connection | Linux and Open Source Blog | Prosumer News

  2. Pingback: My Blog Title

  3. mico says
    April 3, 2012 at 3:05 pm

    dude can you help me register on retourware24.de thay are requesting a 66 euros of payment to register

    Reply
    • someguy says
      May 5, 2014 at 9:10 pm

      can anyone show me how to hack usernames only much easier.for example like cheat engine or something that isnt hard to do.

      Reply
  4. anwar says
    June 9, 2012 at 7:29 am

    Afqshamel Hacking Username Password Isp?

    Reply
  5. anwar says
    June 9, 2012 at 7:29 am

    Afqshamel Hacking Username Password Isp?

    Reply
  6. Eqbal says
    June 10, 2012 at 7:15 pm

    How am I supposed to make this work with Mac OSX , uncommenting

    #redir_command_on = “ipfw add fwd 127.0.0.1,%rport tcp from any to any %port in via %iface”
    #redir_command_off = “ipfw -q flush”

    doesn’t work at all , any help would be highly appreciated .

    Cheers

    Reply
  7. Adfly Surfer says
    June 25, 2012 at 8:40 am

    It is perfect time to make some plans for the long run and it’s time to be happy. I’ve learn this post and if I could I want to suggest you some fascinating things or advice. Perhaps you could write next articles regarding this article. I want to read even more things approximately it!

    Reply
  8. reynold tinoso says
    October 28, 2012 at 6:59 pm

    .

    Reply
  9. Thorsten says
    February 4, 2013 at 8:34 am

    This article presents clear idea for the new users of blogging, that in fact how to do blogging.

    My web site Thorsten

    Reply
  10. web site says
    May 10, 2013 at 3:43 am

    I was wondering if you ever thought of changing
    the page layout of your website? Its very well written; I love what youve got
    to say. But maybe you could a little more in the way of content so people could connect
    with it better. Youve got an awful lot of text for only having 1 or 2 pictures.
    Maybe you could space it out better?

    Reply
  11. Password Sniffer says
    May 17, 2013 at 6:59 pm

    Thank you very much for this post. Getting a good Password Sniffer is really tough this days. Better make it yourself though !

    Reply
  12. Cityville Hack Tool says
    June 17, 2013 at 4:51 am

    It is not my first time to visit this website,
    i am visiting this website dailly and obtain fastidious
    data from here daily.

    Reply
  13. amazon gift card generator 2013 no survey no password says
    June 28, 2013 at 9:54 pm

    Just want to say your article is as surprising.
    The clearness in your post is just spectacular and i can assume you’re an expert on this subject. Fine with your permission allow me to grab your feed to keep updated with forthcoming post. Thanks a million and please carry on the enjoyable work.

    Reply
  14. amazon gift card generator (update july 2013) says
    July 11, 2013 at 1:11 am

    So if you love freebies or just want to win some free prizes go to Swag – Bucks.

    In the past year and a half, I estimate I have earned $500 or more by doing surveys online.
    The Samsung Galaxy Note II is one of the few times that we can
    say that this is a sequel worth looking into. Obviously I do it
    all, but the following are a bit different as they actually require you to work.
    For minor repairs, folks are hurting to pay a plumber or other
    professional $75 – $100 an hour.

    Reply
  15. Free PSN Codes Facebook says
    August 1, 2013 at 1:35 pm

    It’s appropriate time to make a few plans for the long run and it is time to be happy. I have read this submit and if I may just I wish to suggest you few interesting issues or suggestions. Perhaps you can write subsequent articles regarding this article. I want to learn more issues approximately it!

    Reply
  16. home renovation costs says
    May 16, 2014 at 3:29 pm

    I’m not that much off a online reader to be honest but your
    sites really nice, keep it up! I’ll go ahead and bookmark your site tto
    cme back later. Cheers

    Reply
  17. mac service melbourne says
    July 11, 2014 at 6:41 am

    Thankfulness to my father who shared with me regarding this webpage, this web site is
    really awesome.

    Reply
  18. aboriginal paintings sale says
    August 5, 2014 at 4:53 am

    Very great post. I simply stumbled upon your weblog and wished to mention that I have
    really loved surfing around your blog posts.
    After all I will be subscribing on your feed and I am hoping you write once more very soon!

    Reply
  19. boating holidays in france with dogs says
    August 13, 2014 at 12:17 am

    You are so awesome! I don’t believe I’ve truly read through something like that before.
    So nice to discover someone with unique thoughts on this subject.

    Seriously.. thank you for starting this up. This web site is something that is required on the internet, someone with a little originality!

    Reply
  20. sneaking(a) says
    September 25, 2014 at 1:10 am

    Patience, attentiveness, persistence and renunciation are vital qualities that a photographer should
    possess in order to handle every type of photography project.
    Photojournalists interact less with the married couple throughout the day
    and will usually take less time. After you have undergone the stress
    of this momentous occasion then finding someone to do your wedding photos should really be a doddle and is extremely important as part of the
    overall celebration.

    Reply
  21. el libro troll says
    September 25, 2014 at 8:49 pm

    I know this site provides quality dependent posts and additional material, is there any other web
    site which gives these information in quality?

    Reply
  22. beta.slashdot.org says
    October 2, 2014 at 9:39 am

    There’s definately a great deal to know about this issue.
    I like all of the points you have made.

    Reply
  23. Jarred says
    October 2, 2014 at 9:12 pm

    You could definitely see your enthusiasm in the article you
    write. The world hopes for even more passionate writers like you
    who aren’t afraid to mention how they believe. At all times follow your heart.

    Reply
  24. lipitor claims says
    October 17, 2014 at 2:46 am

    I’ve been exploring for a bit for any high-quality
    articles or blog posts on this sort of house . Exploring in Yahoo I eventually stumbled upon this site.
    Reading this information So i’m satisfied to exhibit that I have
    an incredibly just right uncanny feeling I came upon exactly what I needed.
    I so much indisputably will make sure to do
    not put out of your mind this website and give it a glance regularly.

    Reply
  25. nataily says
    September 14, 2015 at 8:03 pm

    Give me your password

    Reply
    • lisa says
      April 1, 2017 at 2:40 pm

      my gmail password is actually really easy, it’s: happypuppy10

      Reply
  26. https://custompapersite.wordpress.com says
    May 26, 2017 at 1:48 am

    It’s difficult to find experienced people on this topic, however, you sound like you know
    what you’re talking about! Thanks

    Reply

Leave a comment

Leave a comment Cancel reply

Your email address will not be published. Required fields are marked *

Recent Posts

  • Does an un-confirmed Bitcoin transaction expire?
  • Looting of the Fox: The Story of Sabotage at ShapeShift
  • Decentralization, Scalability, and Fault Tolerance of Bitcoin
  • Stripe will soon accept Bitcoin payments
  • Zynga announces Bitcoin acceptance in game
  • How to import very large sql dump via phpmyadmin
  • How to compare the content of two folders automatically
  • Top 5 reasons to start experimenting with Linux
  • The day our mind became open sourced
  • Mark Shuttleworth wants to turn canonical (ubuntu) into the next Apple Inc.

Categories

  • applications/software (26)
    • browsers (2)
    • development (1)
    • information management (1)
    • Mobility (1)
    • multimedia (5)
    • office suites (2)
    • security (6)
    • servers (6)
    • system (2)
  • audio/video/pics (3)
  • Bitcoin (3)
  • books & literature (1)
  • cms/portals (1)
  • desktop environments (7)
    • gnome (2)
    • kde (5)
  • events/shows (3)
    • interviews (1)
    • people (1)
    • surveys (1)
  • games & gaming (2)
  • general topics (4)
  • guides (112)
    • how to (105)
    • tips (87)
    • tutorials (86)
  • hardware (8)
    • desktop & laptop pc (5)
    • gadgets & mobiles (2)
  • howtoforge (47)
  • internet/web (4)
    • design & development (2)
  • linux and open source blog (49)
  • linux.com (76)
  • linux/unix/os distros (113)
    • debian/ubuntu based (10)
    • mac/osx (2)
    • other distros (3)
  • news (217)
  • open source (8)
    • business & foss (2)
  • other (26)
    • uncategorized (26)
  • Programming (3)
    • PHP (2)
  • quotes & thoughts (10)
  • random stuff (4)
    • cool stuff (3)
    • funny stuff (1)
  • review/preview/tests (7)
  • wordpress/blogging (3)

Archives

  • July 2016
  • April 2016
  • January 2015
  • April 2014
  • January 2014
  • November 2013
  • February 2013
  • November 2012
  • April 2012
  • March 2012
  • January 2012
  • December 2011
  • August 2011
  • March 2008
  • February 2008
  • January 2008
  • December 2007
  • November 2007
  • October 2007
  • September 2007
  • August 2007
  • July 2007
  • June 2007
  • May 2007
  • April 2006

Recent Posts

  • Does an un-confirmed Bitcoin transaction expire?
  • Looting of the Fox: The Story of Sabotage at ShapeShift
  • Decentralization, Scalability, and Fault Tolerance of Bitcoin
  • Stripe will soon accept Bitcoin payments
  • Zynga announces Bitcoin acceptance in game
  • How to import very large sql dump via phpmyadmin
  • How to compare the content of two folders automatically
  • Top 5 reasons to start experimenting with Linux
  • The day our mind became open sourced
  • Mark Shuttleworth wants to turn canonical (ubuntu) into the next Apple Inc.

Categories

  • applications/software (26)
    • browsers (2)
    • development (1)
    • information management (1)
    • Mobility (1)
    • multimedia (5)
    • office suites (2)
    • security (6)
    • servers (6)
    • system (2)
  • audio/video/pics (3)
  • Bitcoin (3)
  • books & literature (1)
  • cms/portals (1)
  • desktop environments (7)
    • gnome (2)
    • kde (5)
  • events/shows (3)
    • interviews (1)
    • people (1)
    • surveys (1)
  • games & gaming (2)
  • general topics (4)
  • guides (112)
    • how to (105)
    • tips (87)
    • tutorials (86)
  • hardware (8)
    • desktop & laptop pc (5)
    • gadgets & mobiles (2)
  • howtoforge (47)
  • internet/web (4)
    • design & development (2)
  • linux and open source blog (49)
  • linux.com (76)
  • linux/unix/os distros (113)
    • debian/ubuntu based (10)
    • mac/osx (2)
    • other distros (3)
  • news (217)
  • open source (8)
    • business & foss (2)
  • other (26)
    • uncategorized (26)
  • Programming (3)
    • PHP (2)
  • quotes & thoughts (10)
  • random stuff (4)
    • cool stuff (3)
    • funny stuff (1)
  • review/preview/tests (7)
  • wordpress/blogging (3)

Archives

  • July 2016
  • April 2016
  • January 2015
  • April 2014
  • January 2014
  • November 2013
  • February 2013
  • November 2012
  • April 2012
  • March 2012
  • January 2012
  • December 2011
  • August 2011
  • March 2008
  • February 2008
  • January 2008
  • December 2007
  • November 2007
  • October 2007
  • September 2007
  • August 2007
  • July 2007
  • June 2007
  • May 2007
  • April 2006
Privacy Policy

Est. 2002

linewbie.com serving the linux and open source community since April 09, 2002

CyberChimps WordPress Themes

© Linux and Open Source Blog