0

I have a question: What is the difference between sniffing and forwarding.

I mean that when I am in the MITM position (the gateway of a client), I can access to all the HTTPS website with this client browser. In addition, I can check the generated traffic on the gateway side (including HTTPS requests/answers - encrypted of course!).

But as soon as I am using tools called "sniffers" (ettercap for instance) on the gateway side I am getting certificate errors and cannot even acces those HTTPS websites on the client side.

I am thus wondering what is the difference between sniffing and forwarding the traffic, in both cases we have access to the exact same information on the gateway side (generated traffic).

Finally, when sending HTTPS requests, those request has to go throw numerous routers to reach the server destination, a router is not a sniffer I suppose that is why we don't get the SSL certificate errors, right?

aress31
  • 340
  • 5
  • 20

1 Answers1

0

Sniffing is passive, whereas forwarding (MITM) is active.

When forwarding (MITM), you are part of the route. The traffic goes from the client to your IP address, then on to the server.

When sniffing, you're simply on the same physical network as the client and are able to receive a copy of the packets that the client is sending to the server.

If sniffing is causing HTTPS to fail, then there's something wrong. Perhaps you have mixed up the two terms?

Marcus Adams
  • 53,009
  • 9
  • 91
  • 143
  • For my thesis I am setting up a rogue AP, when the rogue AP is created and that I connect to it with my phone I have access to internet... But as soon as I start ettercap to sniff the traffic the ssl certification fails... – aress31 Apr 08 '15 at 22:37
  • It appears that ettercap is more than just a sniffer--it's a MITM tool. It uses ARP poisoning to redirect the victim's traffic to you. Perhaps there is a way to make ettercap sniff only passively. I don't know. Perhaps you mean to use something like wireshark + pcap for sniffing? – Marcus Adams Apr 09 '15 at 12:57
  • Yeah I know but I use it in a unoffensive mode and sniffing only since I am already in a MITM position. I think the problem comes from ettercap I will try to dig this track. Thanks :) – aress31 Apr 09 '15 at 15:23