 |
Ettercap 0.7.3 (Next Generation)
|
Section: Unix
|
|
|
|
| Added: Thu, Jan 25th 2001 15:45 UTC (7 years, 6 months ago) |
Updated: Sun, May 29th 2005 08:33 UTC (3 years, 2 months ago) |
|
|
About:
Ettercap is a network sniffer/interceptor/logger for ethernet LANs. It supports active and passive dissection of many protocols (even ciphered ones, like SSH and HTTPS). Data injection in an established connection and filtering on the fly is also possible, keeping the connection synchronized. Many sniffing modes were implemented to give you a powerful and complete sniffing suite. Plugins are supported. It has the ability to check whether you are in a switched LAN or not, and to use OS fingerprints (active or passive) to let you know the geometry of the LAN.
Release focus: Major security fixes
Changes:
Two new operators were added to the filter engine:
INC (+=) and DEC (-=). The compilation of some
plugins and an issue with the dhcp spoofing module
against windows client were fixed. A serious
security bug was eradicated from the curses GUI.
Author:
ALoR NaGA <alor |at| users |dot| sourceforge |dot| net>
[contact developer]
Homepage:
http://ettercap.sf.net
Tar/GZ:
http://ettercap.sf.net/download.php
Changelog:
http://ettercap.sf.net/history.php
CVS tree (cvsweb):
http://ettercap.cvs.sourceforge.net/
Mailing list archive:
http://lists.sourceforge.net/mailman/listinfo/ettercap-betatesting
Trove categories:
[change]
Dependencies:
[change]
libpcap (required)
zlib (required)
Libtool (recommended)
OpenSSL (recommended)
PCRE (recommended)
GTK+ (optional)
ncurses (optional)
[download links]
|
|
» Rating:
8.40/10.00
(Rank 318)
» Vitality: 0.02% (Rank 3551)
» Popularity: 13.70% (Rank 114)
 
(click to enlarge graphs)
Record hits: 155,283
URL hits: 114,037
Subscribers: 264
|
|
Branches
Releases
|
Version
|
Focus
|
Date
|
|
0.7.3
|
Major security fixes |
29-May-2005 15:33 |
|
0.7.2
|
Minor feature enhancements |
21-Dec-2004 23:11 |
|
0.7.1
|
Minor feature enhancements |
20-Sep-2004 20:30 |
|
0.7.0
|
Minor bugfixes |
05-Jul-2004 20:35 |
|
0.7.0_rc1
|
Minor feature enhancements |
14-Jun-2004 21:24 |
|
0.7.0 pre2
|
Minor bugfixes |
17-May-2004 09:46 |
|
0.7.0 pre1
|
Major feature enhancements |
18-Apr-2004 10:46 |
Articles referencing this project
Comments
[»]
MIM not possible against secure (ie most) SSL
by Belinda Woods - Dec 15th 2001 06:30:52
Even with SSL support in the code, it is not possible to crack SSL
encrypted links. To complete an SSL
handshake you must know the secret key for the certificate that you
supply. If Ettercap supplies the server's
certificate to the client, it will not be able to complete the handshake.
If it supplies its own certificate,
the client will see that the certificate is not the one expected.
So the only hope this has of working is if certificates are not checked,
which is only likely if people use ssh
insecurely. It will not work for browser connections because the browser
itself checks the certificate for the site
name (and to fool that you have to persuade Verisign or similar to sign a
certificate that says, for example, that
you are amazon.com - not likely).
Given all that, aren't you misprepesenting the abilities of this tool?
[Apologies, I'm using an anon acct for obvious reasons]
--
[reply]
[top]
[»]
Re: MIM not possible against secure (ie most) SSL
by ALoR - Dec 15th 2001 08:41:38
> It will not work for
> browser connections because the browser
> itself checks the certificate for the
> site name (and to fool that you have to
> persuade Verisign or similar to sign a
> certificate that says, for example, that
> you are amazon.com - not likely).
or to persuade the user to accept the false certificate... here the social
engineering is crucial, if the user is prompted with a false certificate
that is *very* similar to its favourite CA, he will accept it... obviously
the weakest link of the chain is always the user as in SSH
man-in-the-middle.
bye
--
---=> ALoR
[reply]
[top]
[»]
Re: MIM not possible against secure (ie most) SSL
by rcastell - Apr 6th 2002 18:42:19
If you set up ssh right, it gives you a loud warning about
man-in-the-middle attacks if the
host's key fingerprint changes. If the user accepts anyway, the connection
can be sniffed.
And I was wondering, will ssh sniffing work at all against public key
authentication?
[reply]
[top]
[»]
Re: MIM not possible against secure (ie most) SSL
by ALoR - Apr 7th 2002 04:52:41
> And I was wondering, will ssh sniffing
> work at all against public key
> authentication?
During public key auth (like in SSH2) the keys are not exchanged on the
wire... so you cannot do a m-i-t-m attach against it. The server already
has your REAL public key and will not start the session if it doesn't
match.
--
---=> ALoR
[reply]
[top]
[»]
Re: MIM not possible against secure (ie most) SSL
by WildThing - Apr 19th 2002 09:10:30
Try to use ettercap with etter.filter.ssh filter.
It tries to convince the client that the server only support ssh v1 (if it
supports both). So if you run simply ssh it will look up on known_hosts
keys (not known_hosts2). If you always use ssh with v2 by default you don't
have the right key in known_hosts so no warning pop-up but a simple "do you
want to add..."
--
...
[reply]
[top]
[»]
Good Work Guys!
by WildThing - Sep 18th 2001 08:07:53
Yeah!
--
...
[reply]
[top]
|
|
|
