Re: about sniffing
Nikolay Hristov wrote:
> I've found some utilities that claims that can sniff ssh1 and https
> (man-in-the-middle attack) - http://ettercap.sourceforge.net
> Is it true? And why are these certificates and SSL support for web
> Can someone explain why it is possible or why it isn't? Or give some
> links to read about this problems.
> Nikolay Hristov
Yes, ettercap works quiet well. I tried 0.4.2 with ssh1 several times
and it was really easy to sniff the connection. I suppose it works
because all the traffic between the two communicating hosts is routed
over the sniffing guy.
The programm first divides the connection in 2 ssh sessions.
One from the initiator to the sniffer, and a new one from the sniffer to
the originial destination person. So the programm gets the session key
and can retreat, because now it can sniff passively the connection.
The programm files includes a very good readme with a technical paper
providing details about the different features.
I didn't find any information about the https feature nor i have used it
myself so far.
I would suggest for further informations you use their tech-forum or ask
one of the coders, they are extraordinary helpful.
my bad english.