Cain no longer working for MITM
the_hutch
Banned Posts: 827
Its been a while, so I decided to simulate a MITM attack with Cain. Everything seems to be working, and I get confirmation that both sides have been successfully poisoned. But then when I try to access a HTTPS site from the victim system, I receive an error on the Cain interface indicating "Couldn't accept SSL certificate from the client." I investigated the problem on the oxid.it forums and apparently nearly everybody is having this problem recently. Unfortunately, nobody on there had a good answer as to why this is happening. Any thoughts?
Also, curious if anyone has used Ettercap recently for MITM. Wondering if its now having similar problems as well. I'll prolly test tomorrow. Its already too late tonight.
Here's the discussion if anyone is interested: oxid.it forum - View topic - Anyone else having HTTPS sniffing issues?
Also, curious if anyone has used Ettercap recently for MITM. Wondering if its now having similar problems as well. I'll prolly test tomorrow. Its already too late tonight.
Here's the discussion if anyone is interested: oxid.it forum - View topic - Anyone else having HTTPS sniffing issues?
Comments
-
JDMurray Admin Posts: 13,101 AdminSo this worked before, but now doesn't? Was there a new patch or release of Cain that might have broken something? Can you try it with an earlier release?
-
the_hutch Banned Posts: 827So this worked before, but now doesn't? Was there a new patch or release of Cain that might have broken something? Can you try it with an earlier release?
No...that's the weird thing...is its the same release that I've always used, installed right off of my EC-Council toolkit. At first I thought maybe something changed with my client-system browser to prevent this attack. But then I tried all of my browsers (Chrome, FireFox, Safari and even IE). No success on any of them. I have no idea why its not working anymore.
I've never actually used Ettercap before...but time to learn I suppose. -
JDMurray Admin Posts: 13,101 AdminIf its the same in all Web browsers then the answer is at a lower level. Maybe something was patched in Windows itself. Have a look through the listing of the updates for the past several Patch Tuesdays and see what might have changed that could account for the behavior. If you have a machine or VM with just Windows XP SP3 and no recent updates, HIDS, A/V, etc. installed, you might check if it works on that.
-
the_hutch Banned Posts: 827Alright yeah...I'll give that a shot. I'll let you know if i have any success.