Now here’s where some fun stuff starts!
I hope many of you have followed my installing Backtrack 5 guide and read up on what ARP is as well as basic Linux commands so you can follow along easily; if not, go read those now!
What you’ll need for this tutorial:
Backtrack 5 or Linux on your computer.
SSLStrip installed (to bypass HTTPS connections)
Ettercap installed.
Arpspoof installed (comes on Backtrack 5 by default).
If you don’t have any of these, follow the links and set up your system before continuing.
Okay, so what we’re doing today is using a few programs to sniff passwords over a network and redirect secure HTTPS connections to non-secure HTTP connections to help us get even more passwords.
I’ve successfully gotten passwords and user names from Gmail, Facebook, Ureddit, Reddit, and Youtube; but all sites should work.