ettercap and ssl
Hi,
I really don't understand the redirect_command_on directive from etter.conf.
Why do I need it in order to sniff ssl traffic?
In my scenario, there are 3 hosts: source, destination and mitm host where I sniff ssl traffic between source and destination.
I want to arp poisen in order that all the ssl traffic between source and destination gets observed my mitm host. Mitm host has only one Ethernet interface which sniffs and then forwards the traffic to the real destination.
etter.conf:
redir_command_on = "iptables -t nat -A PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"
redir_command_off = "iptables -t nat -D PREROUTING -i eth0 -p tcp --dport %port -j REDIRECT --to-port %rport"
I really don't understand the need for this kind of redirection and what %port and %rport are (based on my scenario).
Thank you for your help
|