SSL dump not dumping password
Results 1 to 5 of 5

Thread: SSL dump not dumping password

  1. #1
    Junior Member
    Join Date
    Aug 2006
    Posts
    5

    Post SSL dump not dumping password

    Hi I'm not sure if this is the right place for this, so forgive me if it si wrong and place it in the correct place.

    Ok so I have my own network at home humming nicely along for me to conduct my experiments on whilst watching all those nice videos from Irongeeek.com.

    My issue is the MITM attack with ettercap and ssldump.

    basically i can capture the data from my gmail login but when i look for the password
    using

    cat out.txt | grep pass

    it finds nothing.....so i opened it with kwrte and did a few more searches in the file and typed in my email addy and that was in there, but nothing that even came close ot my password

    am I a)doing something wrong????
    or
    b)are they encrypting it further and i might need a script or something?

    it was the same story for my bank login as well
    bu i couldn't even find my memeber number in this file

    I appreciate any info on this

  2. #2
    Leftie Linux Lover the_JinX's Avatar
    Join Date
    Nov 2001
    Location
    Beverwijk Netherlands
    Posts
    2,535
    They might use some hashing on the password..
    I don't know about this..

    Could you paste part of the file (perhaps with faked hashes for your own safety.. or setup a test gmail account with a password you don't mind publishing)..

    That might help us look at it.. I'm kinda interrested to check it out.. Just don't feel like testing it myself atm.. as I have loads of stuff to do..
    ASCII stupid question, get a stupid ANSI.
    When in Russia, pet a PETSCII.

    Get your ass over to SLAYRadio the best station for C64 Remixes !

  3. #3
    Junior Member
    Join Date
    Aug 2006
    Posts
    5
    Jinx, Sir, Mr etc

    I set up an account at gmail specifically for this purpose so feel free to do what must be done...


    joe.bloggs47@gmail.com
    clean 23

    Again i really apreciate the help

    but right now i'm going to search up hashing and ssl

    Cheers for the lead

  4. #4
    Junior Member
    Join Date
    Aug 2006
    Posts
    5

    Lightbulb SSL Dump Gmail hashing now?

    sorry to bum this but I really wanted to know why I couldn't find the user name and password after performing a MITM with the email and password for Gmail

    any help is appreciated

  5. #5
    Junior Member
    Join Date
    Aug 2006
    Posts
    5

    SSL ettercap clear passwords on some sites

    O.k it's been a few days and I have been doing heaps of reading heapssssssssss
    My question is

    Gmail now works and ettercap does a fine job of finding the username and password
    this is because of the modifications to my
    etter.conf file

    I understand that it must be done now.

    What i don't understand is why when i log into my bank or into my server which are using port 443(bank) and port 445 for my ipcops server Ettercap isn't picking it up????

    when i view the profiles the traffic registers and obviously i am set for a MITM attack so this is good

    but i can't work out for the life of me why ettercap won't pick up this session between me and my server and me and my bank even though the traffic is clearly registered

    please please please help this miserable newbie out

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides