(NG-0.7.3 RELEASED) |
imported>mutante m (NG-0.7.3 RELEASED !!) |
||
Line 1: | Line 1: | ||
⚫ | |||
Short Description: |
|||
⚫ | |||
It supports active and passive dissection of many [[protocol]]s (even [[cipher]]ed ones) and includes many feature for [[network]] and host analysis. |
It supports active and passive dissection of many [[protocol]]s (even [[cipher]]ed ones) and includes many feature for [[network]] and host analysis. |
||
Ettercap is a suite for man in the middle attacks on LAN. It features sniffing of live connections, content filtering on the fly and many other interesting tricks. |
|||
⚫ | |||
⚫ | |||
⚫ | |||
⚫ | |||
⚫ | |||
⚫ | |||
⚫ | |||
⚫ | |||
⚫ | |||
⚫ | |||
⚫ | |||
List of available plugins |
List of available plugins |
||
⚫ | === Password collector === for [Telnet|TELNET]], [[FTP]], [[POP3|POP]], RLOGIN, [[SSH]]1, [[ICQ]], [[SMB]], [[MySQL]], [[HTTP]], NNTP, [[X11]], NAPSTER, [[IRC]], RIP, BGP, [[SOCKS]] 5, [[IMAP]] 4, [[VNC]], [[LDAP]], [[NFS]], [[SNMP]], HALF LIFE, [[Q3|QUAKE 3]], [[MSN]], YMSG (other [[protocol]]s coming soon...) |
||
Password collector for : |
|||
⚫ | |||
[[IRC]], RIP, BGP, [[SOCKS]] 5, [[IMAP]] 4, [[VNC]], [[LDAP]], [[NFS]], [[SNMP]], HALF LIFE, [[Q3|QUAKE 3]], |
|||
[[MSN]], YMSG |
|||
(other [[protocol]]s coming soon...) |
|||
Packet filtering/dropping |
=== Packet filtering/dropping === You can set up a filter that search for a particular string (even hex) in the [[TCP]] or [[UDP]] [[payload]] and replace it with yours or drop the entire packet. |
||
OS fingerprint |
=== [[OS]] fingerprint === you can fingerprint the [[OS]] of the victim [[host]] and even its [[network]] adapter |
||
Kill a connection |
==== Kill a connection ==== from the connections list you can kill all the connections you want |
||
Passive scanning of the [[LAN]] |
==== Passive scanning of the [[LAN]] ==== you can retrive infos about: hosts in the lan, open [[port]]s, services version, type of the host ([[gateway]], [[router]] or simple host) and extimated distance in hop. |
||
Check for other poisoners |
==== Check for other [[ARP]] poisoners ==== ettercap has the ability to actively or passively find other poisoners on the [[LAN]] |
||
Bind sniffed data to a local [[port]] |
==== Bind sniffed data to a local [[port]] ==== you can connect to that port with a client and decode unknown portocols or inject data to it (only in arp based mode) |
||
Interface |
=== Interface === Ettercap NG includes a [[ncurses]], text and [[GTK]]+ interface. |
||
=== Platforms === |
|||
[[Linux]] 2.0.x |
|||
[[Linux]] 2.2.x |
[[Linux]] 2.2.x |
||
[[Linux]] 2.4.x [[FreeBSD]] 4.x |
[[Linux]] 2.4.x [[FreeBSD]] 4.x |
||
Line 44: | Line 43: | ||
[[Solaris]] 2.x |
[[Solaris]] 2.x |
||
=== Required libraries === |
|||
⚫ | |||
⚫ | |||
⚫ | |||
⚫ | |||
⚫ | |||
=== Latest release === |
|||
⚫ | |||
http://ettercap.sourceforge.net |
|||
NG-0.7.3 RELEASED !! |
NG-0.7.3 RELEASED !! |
||
=== Links === |
|||
⚫ | |||
[[Category:Linux]] |
[[Category:Linux]] |
Revision as of 14:11, 29 December 2005
A multipurpose sniffer/interceptor/logger for switched LAN.
It supports active and passive dissection of many protocols (even ciphered ones) and includes many feature for network and host analysis.
Ettercap is a suite for man in the middle attacks on LAN. It features sniffing of live connections, content filtering on the fly and many other interesting tricks.
Features
==== Character injection ==== in an established connection : you can inject character to server (emulating commands) or to client (emulating replies) maintaining the connection alive !!
==== SSH1 support ==== you can sniff User and Pass, and even the data of an SSH1 connection. ettercap is the first software capable to sniff an SSH connection in FULL-DUPLEX
==== HTTPS support ==== you can sniff http SSL secured data... and even if the connection is made through a PROXY
==== Remote traffic through GRE tunnel ==== you can sniff remote traffic through a GRE tunnel from a remote cisco router and make mitm attack on it
=== Plug-ins support === You can create your own plugin using the ettercap's API. List of available plugins
=== Password collector === for [Telnet|TELNET]], FTP, POP, RLOGIN, SSH1, ICQ, SMB, MySQL, HTTP, NNTP, X11, NAPSTER, IRC, RIP, BGP, SOCKS 5, IMAP 4, VNC, LDAP, NFS, SNMP, HALF LIFE, QUAKE 3, MSN, YMSG (other protocols coming soon...)
=== Packet filtering/dropping === You can set up a filter that search for a particular string (even hex) in the TCP or UDP payload and replace it with yours or drop the entire packet.
=== OS fingerprint === you can fingerprint the OS of the victim host and even its network adapter
==== Kill a connection ==== from the connections list you can kill all the connections you want
==== Passive scanning of the LAN ==== you can retrive infos about: hosts in the lan, open ports, services version, type of the host (gateway, router or simple host) and extimated distance in hop.
==== Check for other ARP poisoners ==== ettercap has the ability to actively or passively find other poisoners on the LAN
==== Bind sniffed data to a local port ==== you can connect to that port with a client and decode unknown portocols or inject data to it (only in arp based mode)
=== Interface === Ettercap NG includes a ncurses, text and GTK+ interface.
Platforms
Linux 2.0.x Linux 2.2.x Linux 2.4.x FreeBSD 4.x OpenBSD 2.[789] 3.0 NetBSD 1.5 [[Mac OS X (darwin 1.3 1.4 5.1) Windows 9x/NT/2000/XP (port in progress) Solaris 2.x
Required libraries
Recent versions of libpcap and libnet are required now. The interface libraries like ncurses and GTK+ are optional.
If you want SSH1 and/or HTTPS support, ettercap requires OpenSSL libraries.
Latest release
NG-0.7.3 RELEASED !!