Ettercap

http://ettercap.sourceforge.net/images/ettercap.gif

http://ettercap.sourceforge.net

0.6.9 RELEASED !!

Short Description:

Ettercap is a multipurpose sniffer/interceptor/logger for switched LAN. It supports active and passive dissection of many protocols (even ciphered ones) and includes many feature for network and host analysis.

Cool Features: Characters injection in an established connection : you can inject character to server (emulating commands) or to client (emulating replies) maintaining the connection alive !!

SSH1 support : you can sniff User and Pass, and even the data of an SSH1 connection. ettercap is the first software capable to sniff an SSH connection in FULL-DUPLEX

HTTPS support : you can sniff http SSL secured data... and even if the connection is made through a PROXY

Remote traffic through GRE tunnel: you can sniff remote traffic through a GRE tunnel from a remote cisco router and make mitm attack on it

Plug-ins support : You can create your own plugin using the ettercap's API. List of available plugins

Password collector for : TELNET, FTP, POP, RLOGIN, SSH1, ICQ, SMB, MySQL, HTTP, NNTP, X11, NAPSTER, IRC, RIP, BGP, SOCKS 5, IMAP 4, VNC, LDAP, NFS, SNMP, HALF LIFE, QUAKE 3, MSN, YMSG (other protocols coming soon...)

Paket filtering/dropping: You can set up a filter that search for a particular string (even hex) in the TCP or UDP payload and replace it with yours or drop the entire packet.

OS fingerprint: you can fingerprint the OS of the victim host and even its network adapter

Kill a connection: from the connections list you can kill all the connections you want

Passive scanning of the LAN: you can retrive infos about: hosts in the lan, open ports, services version, type of the host (gateway, router or simple host) and extimated distance in hop.

Check for other poisoners: ettercap has the ability to actively or passively find other poisoners on the LAN

Bind sniffed data to a local port: you can connect to that port with a client and decode unknown portocols or inject data to it (only in arp based mode) Interface: All this feature are integrated with a easy-to-use and pleasureful ncurses interface. (see screenshots) Platform: Linux 2.0.x Linux 2.2.x Linux 2.4.x FreeBSD 4.x OpenBSD 2.[789] 3.0 NetBSD 1.5 Mac OS X (darwin 1.3 1.4 5.1) Windows 9x/NT/2000/XP Solaris 2.x Required Library: It doesn't require any lib such as libpcap, libnet or libnids, even ncurses is not necessary, but strongly recommended ;)

If you want SSH1 and/or HTTPS support, ettercap requires OpenSSL libraries