Ettercap è un tool di acquisizione dei pacchetti in grado di riscrivere i pacchetti sulla rete. Questo vuol dire che i flussi di dati possono essere deviati e modificati al volo. Il sistema può essere utilizzato anche per l'analisi del protocollo per analizzare il traffico di rete e determinare quali applicazioni generano la maggior parte del traffico.
Ettercap è dotato anche di un interfaccia GUI ed è possibile usarlo anche nel terminale.
Gli usi più comuni di Ettercap sono gli attacchi man-in-the-middle tramite "ARP poisoning".
Inoltre può essere anche un buon tool per i penetration test.
Installazione:
Installazione per Debian/Mint:
$ sudo apt update
$ sudo apt-get install ettercap-gtk
Installazione per Ubuntu:
$ sudo apt update
$ sudo apt install ettercap-common
Comandi base:
root@kali:~# ettercap -h
ettercap 0.8.3.1 copyright 2001-2020 Ettercap Development Team
Usage: ettercap [OPTIONS] [TARGET1] [TARGET2]
TARGET is in the format MAC/IP/IPv6/PORTs (see the man for further detail)
Sniffing and Attack options:
-M, --mitm <METHOD:ARGS> perform a mitm attack
-o, --only-mitm don't sniff, only perform the mitm attack
-b, --broadcast sniff packets destined to broadcast
-B, --bridge <IFACE> use bridged sniff (needs 2 ifaces)
-p, --nopromisc do not put the iface in promisc mode
-S, --nosslmitm do not forge SSL certificates
-u, --unoffensive do not forward packets
-r, --read <file> read data from pcapfile <file>
-f, --pcapfilter <string> set the pcap filter <string>
-R, --reversed use reversed TARGET matching
-t, --proto <proto> sniff only this proto (default is all)
--certificate <file> certificate file to use for SSL MiTM
--private-key <file> private key file to use for SSL MiTM
User Interface Type:
-T, --text use text only GUI
-q, --quiet do not display packet contents
-s, --script <CMD> issue these commands to the GUI
-C, --curses use curses GUI
-D, --daemon daemonize ettercap (no GUI)
-G, --gtk use GTK+ GUI
Logging options:
-w, --write <file> write sniffed data to pcapfile <file>
-L, --log <logfile> log all the traffic to this <logfile>
-l, --log-info <logfile> log only passive infos to this <logfile>
-m, --log-msg <logfile> log all the messages to this <logfile>
-c, --compress use gzip compression on log files
Visualization options:
-d, --dns resolves ip addresses into hostnames
-V, --visual <format> set the visualization format
-e, --regex <regex> visualize only packets matching this regex
-E, --ext-headers print extended header for every pck
-Q, --superquiet do not display user and password
LUA options:
--lua-script <script1>,[<script2>,...] comma-separted list of LUA scripts
--lua-args n1=v1,[n2=v2,...] comma-separated arguments to LUA script(s)
General options:
-i, --iface <iface> use this network interface
-I, --liface show all the network interfaces
-Y, --secondary <ifaces> list of secondary network interfaces
-n, --netmask <netmask> force this <netmask> on iface
-A, --address <address> force this local <address> on iface
-P, --plugin <plugin> launch this <plugin> - multiple occurance allowed
--plugin-list <plugin1>,[<plugin2>,...] comma-separated list of plugins
-F, --filter <file> load the filter <file> (content filter)
-z, --silent do not perform the initial ARP scan
-6, --ip6scan send ICMPv6 probes to discover IPv6 nodes on the link
-j, --load-hosts <file> load the hosts list from <file>
-k, --save-hosts <file> save the hosts list to <file>
-W, --wifi-key <wkey> use this key to decrypt wifi packets (wep or wpa)
-a, --config <config> use the alternative config file <config>
Standard options:
-v, --version prints the version and exit
-h, --help this help screen
ettercap-pkexec
Launcher grafico basato su pkexec per Ettercap:
root@kali:~# man ettercap-pkexec
ETTERCAP(8) System Manager's Manual ETTERCAP(8)
NAME
ettercap-pkexec - graphical pkexec-based launcher for ettercap
This launcher depends on policykit-1 and the menu packages, and basi-
cally wraps the ettercap binary command
with a pkexec action script usually defined on /usr/share/polkit-1/ac-
tions/org.pkexec.ettercap.policy,
allowing users to directly call ettercap from the desktop or menu
launcher with root privileges.
The commands available are exactly the same as the ettercap man page.
Please refer to man ettercap for the list of available parameters.
(don't forget to change "ettercap" to "ettercap-pkexec" as caller pro-
gram).
example:
ettercap-pkexec -G will start ettercap with root privileges and the
GTK2 interface.
AUTHOR
This code was originally taken from arch distro, and refactored to work
with cmake system by
Gianfranco Costamagna (LocutusOfBorg) <costamagnagianfranco@yahoo.it>
ORIGINAL AUTHORS
Alberto Ornaghi (ALoR) <alor@users.sf.net>
Marco Valleri (NaGA) <naga@antifork.org>
PROJECT STEWARDS
Emilio Escobar (exfil) <eescobar@gmail.com>
Eric Milam (Brav0Hax) <jbrav.hax@gmail.com>
OFFICIAL DEVELOPERS
Mike Ryan (justfalter) <falter@gmail.com>
Gianfranco Costamagna (LocutusOfBorg) <costamagnagianfranco@yahoo.it>
Antonio Collarino (sniper) <anto.collarino@gmail.com>
Ryan Linn <sussuro@happypacket.net>
Jacob Baines <baines.jacob@gmail.com>
CONTRIBUTORS
Dhiru Kholia (kholia) <dhiru@openwall.com>
Alexander Koeppe (koeppea) <format_c@online.de>
Martin Bos (PureHate) <purehate@backtrack.com>
Enrique Sanchez
Gisle Vanem <giva@bgnett.no>
Johannes Bauer <JohannesBauer@gmx.de>
Daten (Bryan Schneiders) <daten@dnetc.org>
SEE ALSO
etter.conf(5) ettercap_curses(8) ettercap_plugins(8) etterlog(8) etter-
filter(8)
AVAILABILITY
https://github.com/Ettercap/ettercap/downloads
GIT
git clone git://github.com/Ettercap/ettercap.git
or
git clone https://github.com/Ettercap/ettercap.git
BUGS
Our software never has bugs.
It just develops random features. ;)
KNOWN-BUGS
- ettercap doesn't handle fragmented packets... only the first segment
will be displayed by the sniffer. However all the fragments are cor-
rectly forwarded.
+ please send bug-report, patches or suggestions to <ettercap-betatest-
ing@lists.sourceforge.net> or visit https://github.com/Ettercap/etter-
cap/issues.
+ to report a bug, follow the instructions in the README.BUGS file
PHILOLOGICAL HISTORY
"Even if blessed with a feeble intelligence, they are cruel and
smart..." this is the description of Ettercap, a monster of the RPG
Advanced Dungeons & Dragon.
The name "ettercap" was chosen because it has an assonance with "ether-
cap" which means "ethernet capture" (what ettercap actually does) and
also because such monsters have a powerful poison... and you know, arp
poisoning... ;)
The Lord Of The (Token)Ring
(the fellowship of the packet)
"One Ring to link them all, One Ring to ping them,
one Ring to bring them all and in the darkness sniff them."
Last words
"Programming today is a race between software engineers striving to
build bigger and better idiot-proof programs, and the Universe trying
to produce bigger and better idiots. So far, the Universe is winning."
- Rich Cook
ettercap 0.8.3.1 ETTERCAP(8)
Usi del tool:
Gli usi più comuni di Ettercap sono:
- Man-in-the-middle
- DNS spoofing
- Credentials capture
- DoS attack