[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Sniffing SSH and HTTPS

My buddy and I have been playing with this on our BSD boxes and it's a "cool" 
 little tool.   It's made for purposes of good, but we know everyone won't.  
It's does the monkey in the middle attack.   As pointed out earlier, it does 
arp poisoning in cases like this.   Once you fire up ettercap you can tell it 
what you want to do.  In this case you can choose the ssh sniffing.  Ettercap 
will offer out a new key to the hosts,  Normally the computer will complain 
(as noted in another email) and most users will say ok, let's accept the new 
key, when we played with it at school with our friends, they said something 
about the key changing but they all clicked ok to accept the new key.   So 
the users are using ettercap's key, you accept the key from the server and 
you now act as a relay between the two.  All info bound for the server goes 
thorugh you.  

So it's not as much of an insecurity in the connections, it's mostly a user 
issue.  Watch your keys, especially when they change unexpectedly (school 
changes thiers every 6 months).  

Hope this clears things up a little


On Tuesday 28 August 2001 11:12, Jan-Hendrik Palic wrote:
> Hi all...
> I have a small question.
> I found on SF a small tool, which may sniffing SSH and HTTPS (not
> tested).
> The Url is :
> http://ettercap.sourceforge.net/
> Is it possible? Are SSH und HTTPS connections unsecure and how do we
> make is secure than?
> 		Greetings
> 					Jan

Content-Type: application/pgp-signature; charset="us-ascii"; 
name="Attachment: 1"
Content-Transfer-Encoding: 7bit

Reply to: