Re: Sniffing SSH and HTTPS
My buddy and I have been playing with this on our BSD boxes and it's a "cool"
little tool. It's made for purposes of good, but we know everyone won't.
It's does the monkey in the middle attack. As pointed out earlier, it does
arp poisoning in cases like this. Once you fire up ettercap you can tell it
what you want to do. In this case you can choose the ssh sniffing. Ettercap
will offer out a new key to the hosts, Normally the computer will complain
(as noted in another email) and most users will say ok, let's accept the new
key, when we played with it at school with our friends, they said something
about the key changing but they all clicked ok to accept the new key. So
the users are using ettercap's key, you accept the key from the server and
you now act as a relay between the two. All info bound for the server goes
thorugh you.
So it's not as much of an insecurity in the connections, it's mostly a user
issue. Watch your keys, especially when they change unexpectedly (school
changes thiers every 6 months).
Hope this clears things up a little
Rob
On Tuesday 28 August 2001 11:12, Jan-Hendrik Palic wrote:
> Hi all...
>
> I have a small question.
>
> I found on SF a small tool, which may sniffing SSH and HTTPS (not
> tested).
>
> The Url is :
>
> http://ettercap.sourceforge.net/
>
> Is it possible? Are SSH und HTTPS connections unsecure and how do we
> make is secure than?
>
> Greetings
> Jan
----------------------------------------
Content-Type: application/pgp-signature; charset="us-ascii";
name="Attachment: 1"
Content-Transfer-Encoding: 7bit
Content-Description:
----------------------------------------
Reply to: