Quoted from ettercap documentation:
gre_relay
This plugin can be used to sniff GRE-redirected remote traffic. The
basic idea is to create a GRE tunnel that sends all the traffic on a
router interface to the ettercap machine. The plugin will send back
the GRE packets to the router, after ettercap "manipulation" (you
can use "active" plugins such as smb_down, ssh decryption, filters,
etc... on redirected traffic) It needs a "fake" host where the
traffic has to be redirected to (to avoid kernel's responses). The
"fake" IP will be the tunnel endpoint. Gre_relay plugin will
impersonate the "fake" host. To find an unused IP address for the
"fake" host you can use find_ip plugin. Based on the original
Tunnelx technique by Anthony C. Zboralski published in
http://www.phrack.org/show.php?p=56&a=10 by HERT.
When you create a GRE tunnel , you can redirect specific traffic. So,
your problem is solved.
Terry Vernon wrote:
> We have a client who wants to intercept ssh and ssl transmissions and
> sniff them going across their routers on their WAN. I've looked at
> ettercap, sshmitm, and ssharp and neither are suitable for this job.
> Is there anything out there that proxies these encrypted protocols and
> does a mitm without arp poisoning?
>
> Terry Vernon
> CTO
> Sprite Technologies
--
Andrés Riancho
http://www.securearg.net/
Secure from the Source
Received on Jul 25 2005
Intro
