[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: about sniffing

Nikolay Hristov wrote:

> I've found some utilities that claims that can sniff ssh1 and https traffic
>  (man-in-the-middle attack) - http://ettercap.sourceforge.net
> Is it true? And why are these certificates and SSL support for web servers?
>  Can someone explain why it is possible or why it isn't? Or give  some
>  links to read about this problems.
> Nikolay Hristov

Yes, ettercap works quiet well. I tried 0.4.2 with ssh1 several times
and it was really easy to sniff the connection. I suppose it works
because all the traffic between the two communicating hosts is routed
over the sniffing guy.
The programm first divides the connection in 2 ssh sessions.
One from the initiator to the sniffer, and a new one from the sniffer to
the originial destination person. So the programm gets the session key and can retreat, because now it can sniff passively the connection. The programm files includes a very good readme with a technical paper providing details about the different features. I didn't find any information about the https feature nor i have used it myself so far. I would suggest for further informations you use their tech-forum or ask one of the coders, they are extraordinary helpful.

Sorry for
 my bad english.

Reply to: