Home 0P3N Blog Cain And Abel
Ready to Start Your Career?
Create Free Account
authors profile image
January 1, 2016

Cain And Abel

January 1, 2016
authors profile image
January 1, 2016
How can i use Cain and Abel ?? Cain and abel is a great tool but it doesn't work with wireless interfaces. Try ettercap instead. You can find an example on how to do a basic MITM attack via cain and abel here: https://www.youtube.com/watch?v=dbxG1sT3MSI i see a lot of bad comments about the video I don't know why there are bad comments. I've tried the same like the dude in the video on my test network and everything went ok. What I mostley see in comments on youtube tuts is that someone thinks that hacking goes like in the movies. You just tab on the keyboard and everything goes by itself, 70% on youtube comments are from people who don't understand the tool, don't understand how a network works/how the protocols work, people who don't do research on the things that they want to do. The most stupid comment that I ever read was a video about a dictionary attack on a wireless WPA network when someone asked about if aircrack could find the password if it wasen't in the word list, or that the tut was bogus because it failed that they couldn't recover the password. Simply because they don't know that the passwords that they use are different or they use another word list/... Because of that a video can get negative comments just because some people don't take time and effort to do some research. Cain And Abel is good, but it is abandoned long-long time ago, and didn't work with newest os properly. So, probably it will work, but no one will guarantee that. I always have bad luck with it when I'm sniffing for other devices on my network. I'd prefer to use nmap. sniffing within the same network can also be done with this in kali linux: install xplico: apt-get install xplico run apache server: service apache2 start run ettercap gui go to Sniff > then click Unified Sniffing > then select your interface go to Hosts > the click scan for hosts go to Hosts > click on hostslist then select your target gateway for add to target 1 target for add to target 2 go to Mitm > click for ARP poisoning check on sniff remote connections then OK go to Start > click on Start Sniffing open your browser, then go to localhost:9876 login to xplico username: xplico password: xplico click on create new case should check live acquisition then put any case name, then click create click on the name that you have just created click on new session put any session name, then click create again, click on the newly created session name on the right side of the WUI, click on interface, then select the interface to use open a terminal then type this: echo 1 > /proc/sys/net/ipv4/ip\_forward xxxxxxxxxxxx these are my ettercap settings for this: nano /etc/ettercap/etter.conf Change the value of ec\_uid and ec\_gid from 65534 to 0 as in zero \[privs\] ec\_uid = 0 # nobody is the default ec\_gid = 0 # nobody is the default then I uncomment this part: # Linux #--------------- # if you use ipchains: redir\_command\_on = "ipchains -A input -i %iface -p tcp -s 0/0 -d 0/0 %port -j REDIRECT %rport" redir\_command\_off = "ipchains -D input -i %iface -p tcp -s 0/0 -d 0/0 %port -j REDIRECT %rport" in the browser, you will see everything that the target is doing, if want to add more target simply add them to target 2, however, this is only applicable in an unencrypted traffic (http) enjoy, and hope this could help i forget to add this, change the status of etter.dns chmod +x /etc/ettercap/etter.dns A really great all in one tool is mitmf: https://github.com/byt3bl33d3r/MITMf It can be easly installed on kali using apt-get install mitmf Before you go haywire with this tool you should read how to use it. It's a very powerfull tool, also in combination with other tools like beef. It's the first tool that doesn't trigger an arp poisen waring on my firewall/virusscanner. Before posting this doesn't work for me, first learn what mitm is, if you get an error search it, probably other people had the same error. I'm playing with this tool for over 2 months now and it works really fine, I'm still learning new things every day about it.
Schedule Demo

Build your Cybersecurity or IT Career

Accelerate in your role, earn new certifications, and develop cutting-edge skills using the fastest growing catalog in the industry