Ettercap is a suite for man in the middle attacks on LAN. It features sniffing of live connections, content filtering on the fly and many other interesting tricks.
It supports active and passive dissection of many protocols (even ciphered ones) and includes many feature for network and host analysis.
Ettercap is a Unix and Windows tool for computer network protocol analysis and security auditing.
It supports active and passive dissection of many protocols (even ciphered ones) and includes many feature for network and host analysis.
Ettercap is a Unix and Windows tool for computer network protocol analysis and security auditing.
It is capable of intercepting traffic on a network segment, capturing passwords, and conducting active eavesdropping against a number of common protocols.
It is free open source software, licensed under the terms of the GNU General Public License.
Ettercap offers four modes of operation:
- IP-based: packets are filtered based on IP source and destination.
- MAC-based: packets are filtered based on MAC address, useful for sniffing connections through a gateway.
- ARP-based: uses ARP poisoning to sniff on a switched LAN between two hosts (full-duplex).
- PublicARP-based: uses ARP poisoning to sniff on a switched LAN from a victim host to all other hosts (half-duplex).
In addition, the software also offers the following features:
- Character injection into an established connection. Ettercap is the first software capable of sniffing an SSH connection in full duplex.
- HTTPS support: the sniffing of HTTP SSL secured data--even when the connection is made through a proxy.
- Remote traffic through a GRE tunnel: the sniffing of remote traffic through a GRE tunnel from a remote Cisco router, and perform a man-in-the-middle attack on it.
- Plug-in support: creation of custom plugins using Ettercap's API.
- Password collectors for: TELNET, FTP, POP, IMAP, rlogin, SSH1, ICQ, SMB, MySQL, HTTP, NNTP, X11, Napster, IRC, RIP, BGP, SOCKS 5, IMAP 4, VNC, LDAP, NFS, SNMP, Half-Life, Quake 3, MSN, YMSG
- Packet filtering/dropping: setting up a filter that searches for a particular string (or hexadecimal sequence) in the TCP or UDP payload and replaces it with a custom string/sequence of choice, or drops the entire packet.
- OS fingerprinting: determine the OS of the victim host and its network adapter.
- Kill a connection: killing connections of choice from the connections-list.
- Passive scanning of the LAN: retrieval of information about hosts on the LAN, their open ports, the version numbers of available services, the type of the host (gateway, router or simple PC) and estimated distances in number of hops.
- Hijacking of DNS requests.
- Ettercap also has the ability to actively or passively find other poisoners on the LAN.
Very interesting.. Isn't it? But don't forget that this will work only if the victim is on the same LAN as you are.
Ettercap official website: http://ettercap.sourceforge.net/
Ettercap download page: http://ettercap.sourceforge.net/download.php
We recommend Linux to get the best out of Ettercap.
We recommend Linux to get the best out of Ettercap.
0 comments:
Post a Comment