I'm conducting penetration testing on an API and trying to use Ettercap to capture requests made by Postman. However, I'm encountering difficulties in capturing the traffic. I've tried several steps, i want to performing MITM attack with Ettercap for my API that i tested, but haven't been successful.
Additional Information:
- I'm using ettercap 0.8.3.1 version
- Operating system I'm using is kali
- My network configuration in postman is 127.0.0.1:8080
Can anyone help me troubleshoot this issue?
Use Burp Suite Community or Burp Suite Professional instead of Ettercap. Ettercap is an old tool most commonly used for ARP table poisoning and Man-in-the-Middle attacks. You don't need it since you are using Postman and are able to directly configure your proxy settings.
https://portswigger.net/burp
Burp Suite is the most commonly used HTTP proxy and should solve your problems. Just continue to point your Postman deployment at 127.0.0.1:8080 and then open Burp Suite up, create a new project, and it should automatically have a listener open up on port 8080 on the localhost. From there you just need to call the API using Postman and the traffic will show up inside of Burp Suite.