A multipurpose sniffer/interceptor/logger for switched LAN.
It supports active and passive dissection of many protocols (even ciphered ones) and includes many feature for network and host analysis.
Ettercap is a suite for man in the middle attacks on LAN. It features sniffing of live connections, content filtering on the fly and many other interesting tricks.
Features
==== Character injection ==== in an established connection : you can inject character to server (emulating commands) or to client (emulating replies) maintaining the connection alive !!
==== SSH1 support ==== you can sniff User and Pass, and even the data of an SSH1 connection. ettercap is the first software capable to sniff an SSH connection in FULL-DUPLEX
==== HTTPS support ==== you can sniff http SSL secured data... and even if the connection is made through a PROXY
==== Remote traffic through GRE tunnel ==== you can sniff remote traffic through a GRE tunnel from a remote cisco router and make mitm attack on it
=== Plug-ins support === You can create your own plugin using the ettercap's API. List of available plugins
=== Password collector === for [Telnet|TELNET]], FTP, POP, RLOGIN, SSH1, ICQ, SMB, MySQL, HTTP, NNTP, X11, NAPSTER, IRC, RIP, BGP, SOCKS 5, IMAP 4, VNC, LDAP, NFS, SNMP, HALF LIFE, QUAKE 3, MSN, YMSG (other protocols coming soon...)
=== Packet filtering/dropping === You can set up a filter that search for a particular string (even hex) in the TCP or UDP payload and replace it with yours or drop the entire packet.
=== OS fingerprint === you can fingerprint the OS of the victim host and even its network adapter
==== Kill a connection ==== from the connections list you can kill all the connections you want
==== Passive scanning of the LAN ==== you can retrive infos about: hosts in the lan, open ports, services version, type of the host (gateway, router or simple host) and extimated distance in hop.
==== Check for other ARP poisoners ==== ettercap has the ability to actively or passively find other poisoners on the LAN
==== Bind sniffed data to a local port ==== you can connect to that port with a client and decode unknown portocols or inject data to it (only in arp based mode)
=== Interface === Ettercap NG includes a ncurses, text and GTK+ interface.
Platforms
Linux 2.0.x Linux 2.2.x Linux 2.4.x FreeBSD 4.x OpenBSD 2.[789] 3.0 NetBSD 1.5 [[Mac OS X (darwin 1.3 1.4 5.1) Windows 9x/NT/2000/XP (port in progress) Solaris 2.x
Required libraries
Recent versions of libpcap and libnet are required now. The interface libraries like ncurses and GTK+ are optional.
If you want SSH1 and/or HTTPS support, ettercap requires OpenSSL libraries.
Latest release
NG-0.7.3 RELEASED !!