(NG-0.7.3 RELEASED) |
imported>mutante m (NG-0.7.3 RELEASED !!) |
||
Line 1:
▲Ettercap is a multipurpose sniffer/interceptor/logger for [[switch]]ed [[LAN]].
It supports active and passive dissection of many [[protocol]]s (even [[cipher]]ed ones) and includes many feature for [[network]] and host analysis.
Ettercap is a suite for man in the middle attacks on LAN. It features sniffing of live connections, content filtering on the fly and many other interesting tricks.
Cool Features: Characters injection in an established connection : you can inject character to [[server]] (emulating commands) or to [[client]] (emulating replies) maintaining the connection alive !!▼
SSH1 support : you can sniff User and Pass, and even the data of an SSH1 connection. ettercap is the first software capable to sniff an [[SSH]] connection in FULL-DUPLEX▼
▲
HTTPS support : you can sniff http [[SSL]] secured data... and even if the connection is made through a [[Proxy|PROXY]]▼
▲
Remote traffic through [[GRE tunnel]]: you can sniff remote traffic through a GRE tunnel from a remote [[cisco]] [[router]] and make mitm attack on it▼
▲==== [[HTTPS]] support
Plug-ins support : You can create your own plugin using the ettercap's API.▼
▲==== Remote traffic through [[GRE tunnel]]
List of available plugins
=== Password collector === for
▲ [[Telnet|TELNET]], [[FTP]], [[POP3|POP]], RLOGIN, [[SSH]]1, [[ICQ]], [[SMB]], [[MySQL]], [[HTTP]], NNTP, [[X11]], NAPSTER,
=== Packet filtering/dropping
=== [[OS]] fingerprint
==== Kill a connection
==== Passive scanning of the [[LAN]]
==== Check for other [[ARP]] poisoners
==== Bind sniffed data to a local [[port]]
=== Interface
=== Platforms ===
[[Linux]] 2.2.x
[[Linux]] 2.4.x [[FreeBSD]] 4.x
Line 44 ⟶ 43:
[[Solaris]] 2.x
=== Required libraries ===
Required Library: Recent versions of libpcap and libnet are required now. The interface libraries like ncurses and [[GTK]]+ are optional.▼
▲
If you want [[SSH]]1 and/or [[HTTPS]] support, ettercap requires [[OpenSSL]] libraries▼
▲If you want [[SSH]]1 and/or [[HTTPS]] support, ettercap requires [[OpenSSL]] libraries.
▲=== Links ===
=== Latest release ===
http://ettercap.sourceforge.net/images/ettercap.png▼
NG-0.7.3 RELEASED !!
=== Links ===
[[Category:Linux]]
|
Revision as of 14:11, 29 December 2005
A multipurpose sniffer/interceptor/logger for switched LAN.
It supports active and passive dissection of many protocols (even ciphered ones) and includes many feature for network and host analysis.
Ettercap is a suite for man in the middle attacks on LAN. It features sniffing of live connections, content filtering on the fly and many other interesting tricks.
Features
==== Character injection ==== in an established connection : you can inject character to server (emulating commands) or to client (emulating replies) maintaining the connection alive !!
==== SSH1 support ==== you can sniff User and Pass, and even the data of an SSH1 connection. ettercap is the first software capable to sniff an SSH connection in FULL-DUPLEX
==== HTTPS support ==== you can sniff http SSL secured data... and even if the connection is made through a PROXY
==== Remote traffic through GRE tunnel ==== you can sniff remote traffic through a GRE tunnel from a remote cisco router and make mitm attack on it
=== Plug-ins support === You can create your own plugin using the ettercap's API. List of available plugins
=== Password collector === for [Telnet|TELNET]], FTP, POP, RLOGIN, SSH1, ICQ, SMB, MySQL, HTTP, NNTP, X11, NAPSTER, IRC, RIP, BGP, SOCKS 5, IMAP 4, VNC, LDAP, NFS, SNMP, HALF LIFE, QUAKE 3, MSN, YMSG (other protocols coming soon...)
=== Packet filtering/dropping === You can set up a filter that search for a particular string (even hex) in the TCP or UDP payload and replace it with yours or drop the entire packet.
=== OS fingerprint === you can fingerprint the OS of the victim host and even its network adapter
==== Kill a connection ==== from the connections list you can kill all the connections you want
==== Passive scanning of the LAN ==== you can retrive infos about: hosts in the lan, open ports, services version, type of the host (gateway, router or simple host) and extimated distance in hop.
==== Check for other ARP poisoners ==== ettercap has the ability to actively or passively find other poisoners on the LAN
==== Bind sniffed data to a local port ==== you can connect to that port with a client and decode unknown portocols or inject data to it (only in arp based mode)
=== Interface === Ettercap NG includes a ncurses, text and GTK+ interface.
Platforms
Linux 2.0.x Linux 2.2.x Linux 2.4.x FreeBSD 4.x OpenBSD 2.[789] 3.0 NetBSD 1.5 [[Mac OS X (darwin 1.3 1.4 5.1) Windows 9x/NT/2000/XP (port in progress) Solaris 2.x
Required libraries
Recent versions of libpcap and libnet are required now. The interface libraries like ncurses and GTK+ are optional.
If you want SSH1 and/or HTTPS support, ettercap requires OpenSSL libraries.
Latest release
NG-0.7.3 RELEASED !!