imported>Finn mNo edit summary |
imported>mutante m (multi-multi live end) |
||
Line 8: | Line 8: | ||
Short Description: |
Short Description: |
||
Ettercap is a multipurpose sniffer/interceptor/logger for |
Ettercap is a multipurpose sniffer/interceptor/logger for [[switch]]ed [[LAN]]. |
||
It supports active and passive dissection of many |
It supports active and passive dissection of many [[protocol]]s (even [[cipher]]ed ones) and includes many feature for [[network]] and host analysis. |
||
Cool Features: Characters injection in an established connection : you can inject character to server (emulating commands) or to client (emulating replies) maintaining the connection alive !! |
Cool Features: Characters injection in an established connection : you can inject character to [[server]] (emulating commands) or to [[client]] (emulating replies) maintaining the connection alive !! |
||
SSH1 support : you can sniff User and Pass, and even the data of an SSH1 connection. ettercap is the first software capable to sniff an SSH connection in FULL-DUPLEX |
SSH1 support : you can sniff User and Pass, and even the data of an SSH1 connection. ettercap is the first software capable to sniff an [[SSH]] connection in FULL-DUPLEX |
||
HTTPS support : you can sniff http SSL secured data... and even if the connection is made through a PROXY |
HTTPS support : you can sniff http [[SSL]] secured data... and even if the connection is made through a [[Proxy|PROXY]] |
||
Remote traffic through GRE tunnel: you can sniff remote traffic through a GRE tunnel from a remote cisco router and make mitm attack on it |
Remote traffic through [[GRE tunnel]]: you can sniff remote traffic through a GRE tunnel from a remote [[cisco]] [[router]] and make mitm attack on it |
||
Plug-ins support : You can create your own plugin using the ettercap's API. |
Plug-ins support : You can create your own plugin using the ettercap's API. |
||
Line 24: | Line 24: | ||
Password collector for : |
Password collector for : |
||
TELNET, FTP, POP, RLOGIN, |
[[Telnet|TELNET]], [[FTP]], [[POP3|POP]], RLOGIN, [[SSH]]1, [[ICQ]], [[SMB]], [[MySQL]], [[HTTP]], NNTP, [[X11]], NAPSTER, |
||
IRC, RIP, BGP, SOCKS 5, IMAP 4, VNC, LDAP, NFS, SNMP, HALF LIFE, QUAKE 3, |
[[IRC]], RIP, BGP, [[SOCKS]] 5, [[IMAP]] 4, [[VNC]], [[LDAP]], [[NFS]], [[SNMP]], HALF LIFE, [[Q3|QUAKE 3]], |
||
MSN, YMSG |
[[MSN]], YMSG |
||
(other |
(other [[protocol]]s coming soon...) |
||
Packet filtering/dropping: You can set up a filter that search for a particular string (even hex) in the [[TCP]] or [[UDP]] [[payload]] and replace it with yours or drop the entire packet. |
|||
OS fingerprint: you can fingerprint the OS of the victim host and even its network adapter |
OS fingerprint: you can fingerprint the [[OS]] of the victim [[host]] and even its [[network]] adapter |
||
Kill a connection: from the connections list you can kill all the connections you want |
Kill a connection: from the connections list you can kill all the connections you want |
||
Passive scanning of the LAN: you can retrive infos about: hosts in the lan, open ports, services version, type of the host (gateway, router or simple host) and extimated distance in hop. |
Passive scanning of the [[LAN]]: you can retrive infos about: hosts in the lan, open [[ports]], services version, type of the host ([[gateway]], [[router]] or simple host) and extimated distance in hop. |
||
Check for other poisoners: ettercap has the ability to actively or passively find other poisoners on the LAN |
Check for other poisoners: ettercap has the ability to actively or passively find other poisoners on the [[LAN]] |
||
Bind sniffed data to a local port: you can connect to that port with a client and decode unknown portocols or inject data to it (only in arp based mode) |
Bind sniffed data to a local [[port]]: you can connect to that port with a client and decode unknown portocols or inject data to it (only in arp based mode) |
||
Interface: Ettercap NG includes a ncurses, text and GTK+ interface. |
Interface: Ettercap NG includes a [[ncurses]], text and [[GTK]]+ interface. |
||
Platform: Linux 2.0.x |
Platform: [[Linux]] 2.0.x |
||
Linux 2.2.x |
[[Linux]] 2.2.x |
||
Linux 2.4.x FreeBSD 4.x |
[[Linux]] 2.4.x [[FreeBSD]] 4.x |
||
OpenBSD 2.[789] 3.0 |
[[OpenBSD]] 2.[789] 3.0 |
||
NetBSD 1.5 Mac OS X (darwin 1.3 1.4 5.1) |
[[NetBSD]] 1.5 [[Mac OS X (darwin 1.3 1.4 5.1) |
||
Windows 9x/NT/2000/XP (port in progress) |
[[Windows]] 9x/NT/2000/XP (port in progress) |
||
Solaris 2.x |
[[Solaris]] 2.x |
||
Required Library: Recent versions of libpcap and libnet are required now. The interface libraries like ncurses and GTK+ are optional. |
Required Library: Recent versions of libpcap and libnet are required now. The interface libraries like ncurses and [[GTK]]+ are optional. |
||
If you want |
If you want [[SSH]]1 and/or [[HTTPS]] support, ettercap requires [[OpenSSL]] libraries |
||
Revision as of 10:12, 12 March 2005
http://ettercap.sourceforge.net/images/ettercap.png
http://ettercap.sourceforge.net
NG-0.7.0_rc1 RELEASED !!
Short Description:
Ettercap is a multipurpose sniffer/interceptor/logger for switched LAN. It supports active and passive dissection of many protocols (even ciphered ones) and includes many feature for network and host analysis.
Cool Features: Characters injection in an established connection : you can inject character to server (emulating commands) or to client (emulating replies) maintaining the connection alive !!
SSH1 support : you can sniff User and Pass, and even the data of an SSH1 connection. ettercap is the first software capable to sniff an SSH connection in FULL-DUPLEX
HTTPS support : you can sniff http SSL secured data... and even if the connection is made through a PROXY
Remote traffic through GRE tunnel: you can sniff remote traffic through a GRE tunnel from a remote cisco router and make mitm attack on it
Plug-ins support : You can create your own plugin using the ettercap's API. List of available plugins
Password collector for :
TELNET, FTP, POP, RLOGIN, SSH1, ICQ, SMB, MySQL, HTTP, NNTP, X11, NAPSTER, IRC, RIP, BGP, SOCKS 5, IMAP 4, VNC, LDAP, NFS, SNMP, HALF LIFE, QUAKE 3, MSN, YMSG (other protocols coming soon...)
Packet filtering/dropping: You can set up a filter that search for a particular string (even hex) in the TCP or UDP payload and replace it with yours or drop the entire packet.
OS fingerprint: you can fingerprint the OS of the victim host and even its network adapter
Kill a connection: from the connections list you can kill all the connections you want
Passive scanning of the LAN: you can retrive infos about: hosts in the lan, open ports, services version, type of the host (gateway, router or simple host) and extimated distance in hop.
Check for other poisoners: ettercap has the ability to actively or passively find other poisoners on the LAN
Bind sniffed data to a local port: you can connect to that port with a client and decode unknown portocols or inject data to it (only in arp based mode)
Interface: Ettercap NG includes a ncurses, text and GTK+ interface.
Platform: Linux 2.0.x Linux 2.2.x Linux 2.4.x FreeBSD 4.x OpenBSD 2.[789] 3.0 NetBSD 1.5 [[Mac OS X (darwin 1.3 1.4 5.1) Windows 9x/NT/2000/XP (port in progress) Solaris 2.x
Required Library: Recent versions of libpcap and libnet are required now. The interface libraries like ncurses and GTK+ are optional.
If you want SSH1 and/or HTTPS support, ettercap requires OpenSSL libraries