i ve been looking at tutorials for ettercap. i ve been trying to sniff out passwords with arp injection on my  network, but im not having too much luck. a little help please. here is what i have been doing:

in shell: ettercap -G

goes into graphic mode:

sniff > unified sniffing > network interface (i chose wlan0) im pretty sure that this is the correct one for me.

start > start sniffing

hosts > scan for hosts

when done scanning:

hosts > host list

then i set the user as taget1 and the AP as target2

mitm > arp poisoning > sniff remote conections

the tutorial said it should just start printing passwords in plain text. but its not working for me. i went to all kinds of login sites on my other computer, but still nothing. im thinking that i didnt configure something. (even though the tutorial didnt mention it) or it has something to do with the vista security. (even though my anti-virus didnt say anything) apprechiate the help.

are you saying that the steps that i took are correct? and the tutorial that i watched showed them going to google,hotmail,ebay,etc... and it worked on the video. and i thought that ettercap turns the packets that it captures into plain text. no idea why it isnt working for me?

Ha, I learned something new    I knew that you could use ettercap with sslstrip, but I had no idea that ettercap had a built-in filter for dealing with SSL.  It also doesn't strip the SSL, instead it presents the user with a fake certificate.    Do you get any CA trust warnings with the fake cert? I am going to have to test this.

It will warn the user, or at a minimum, prompt the user to accept a new certificate, so a truly 'watchful' end-user would likely catch it.  (Thus I prefer sslstrip, myself, as it's much more stealthy.)  But for spur of the moment needs, ettercap is, at least, a workable / usable solution.  

Edit:  Incidentally, I missed the proper section when I gave steps above.  You don't want the 'SSH downgrade attack.'  But there IS an ssl plugin for attacking ssl, as well.  (Sorry if I confused anyone)  Here's one sample video, where they do some https stuff (later in the video):

http://www.milw0rm.com/video/watch.php?id=49

Cheers!

While I never actually setup Tom's lab, 'specifically' per the book (in virtualbox, or otherwise,) assuming you can put the box on a physical (or logical / virtual) network segment which allows ARP injection (which I'm guessing it should,) then this should be perfectly doable in the lab.  I've honestly never used virtualbox, but rather VMWare.  However, from anything I've read quickly tonight, arp spoofing should be perfectly workable with virtualbox.

Case in point, an ARP spoofing tutorial (non-ssl specific) at:

http://hack2live.blogspot.com/2008/07/ip-takeover-attack-with-arping.html

So assumption is that it's perfectly doable in virtualbox.

I appreciate your concern and time. Since i am new to the security world, i lack the experience for it. Hence why i am here. haha. Im looking forward to toms book. At least with that i will have a foot in the door. From there i will use the backtrack labs/tutorials i got from my professor.  Im glad that virtual box will do what i need it to do and thank you for researching that for me. I didnt know where to start. The only issue i have is i cant really use VB to do security with routers and switches or firewalls. But luckily for me i have a CCNP cisco lab in my dang room. haha.

hey, first you'll have turn ssl dissection on. Does your ettercap window say valid redir command need for ssl dissection. Browse to the file /etc/etter.conf..
Get it into editing mode and find iptables.. There are two lines of code below iptables, uncomment those lines.. i.e. remove the '#' from front of those lines.
Your edited code should look like this as in the image below. Save and exit.