Ettercap è un tool di acquisizione dei pacchetti in grado di riscrivere i pacchetti sulla rete. Questo vuol dire che i flussi di dati possono essere deviati e modificati al volo. Il sistema può essere utilizzato anche per l'analisi del protocollo per analizzare il traffico di rete e determinare quali applicazioni generano la maggior parte del traffico.
Ettercap logo

Ettercap è dotato anche di un interfaccia GUI ed è possibile usarlo anche nel terminale.
Gli usi più comuni di Ettercap sono gli attacchi man-in-the-middle tramite "ARP poisoning".
Inoltre può essere anche un buon tool per i penetration test.

Installazione:

  • Installazione per Debian/Mint:

    $ sudo apt update
    $ sudo apt-get install ettercap-gtk
  • Installazione per Ubuntu:

    $ sudo apt update
    $ sudo apt install ettercap-common

Comandi base:

root@kali:~# ettercap -h

ettercap 0.8.3.1 copyright 2001-2020 Ettercap Development Team


Usage: ettercap [OPTIONS] [TARGET1] [TARGET2]

TARGET is in the format MAC/IP/IPv6/PORTs (see the man for further detail)

Sniffing and Attack options:
  -M, --mitm <METHOD:ARGS>    perform a mitm attack
  -o, --only-mitm             don't sniff, only perform the mitm attack
  -b, --broadcast             sniff packets destined to broadcast
  -B, --bridge <IFACE>        use bridged sniff (needs 2 ifaces)
  -p, --nopromisc             do not put the iface in promisc mode
  -S, --nosslmitm             do not forge SSL certificates
  -u, --unoffensive           do not forward packets
  -r, --read <file>           read data from pcapfile <file>
  -f, --pcapfilter <string>   set the pcap filter <string>
  -R, --reversed              use reversed TARGET matching
  -t, --proto <proto>         sniff only this proto (default is all)
      --certificate <file>    certificate file to use for SSL MiTM
      --private-key <file>    private key file to use for SSL MiTM

User Interface Type:
  -T, --text                  use text only GUI
       -q, --quiet                 do not display packet contents
       -s, --script <CMD>          issue these commands to the GUI
  -C, --curses                use curses GUI
  -D, --daemon                daemonize ettercap (no GUI)
  -G, --gtk                   use GTK+ GUI

Logging options:
  -w, --write <file>          write sniffed data to pcapfile <file>
  -L, --log <logfile>         log all the traffic to this <logfile>
  -l, --log-info <logfile>    log only passive infos to this <logfile>
  -m, --log-msg <logfile>     log all the messages to this <logfile>
  -c, --compress              use gzip compression on log files

Visualization options:
  -d, --dns                   resolves ip addresses into hostnames
  -V, --visual <format>       set the visualization format
  -e, --regex <regex>         visualize only packets matching this regex
  -E, --ext-headers           print extended header for every pck
  -Q, --superquiet            do not display user and password

LUA options:
      --lua-script <script1>,[<script2>,...]     comma-separted list of LUA scripts
      --lua-args n1=v1,[n2=v2,...]               comma-separated arguments to LUA script(s)

General options:
  -i, --iface <iface>         use this network interface
  -I, --liface                show all the network interfaces
  -Y, --secondary <ifaces>    list of secondary network interfaces
  -n, --netmask <netmask>     force this <netmask> on iface
  -A, --address <address>     force this local <address> on iface
  -P, --plugin <plugin>       launch this <plugin> - multiple occurance allowed
      --plugin-list <plugin1>,[<plugin2>,...]       comma-separated list of plugins
  -F, --filter <file>         load the filter <file> (content filter)
  -z, --silent                do not perform the initial ARP scan
  -6, --ip6scan               send ICMPv6 probes to discover IPv6 nodes on the link
  -j, --load-hosts <file>     load the hosts list from <file>
  -k, --save-hosts <file>     save the hosts list to <file>
  -W, --wifi-key <wkey>       use this key to decrypt wifi packets (wep or wpa)
  -a, --config <config>       use the alternative config file <config>

Standard options:
  -v, --version               prints the version and exit
  -h, --help                  this help screen

ettercap-pkexec

Launcher grafico basato su pkexec per Ettercap:

root@kali:~# man ettercap-pkexec
ETTERCAP(8)                 System Manager's Manual                ETTERCAP(8)

NAME
       ettercap-pkexec - graphical pkexec-based launcher for ettercap

       This  launcher  depends on policykit-1 and the menu packages, and basi-
       cally wraps the ettercap binary command
       with a pkexec action script usually defined on  /usr/share/polkit-1/ac-
       tions/org.pkexec.ettercap.policy,
       allowing  users  to  directly  call  ettercap  from the desktop or menu
       launcher with root privileges.
       The commands available are exactly the same as the ettercap man page.

       Please refer to man ettercap for the list of available parameters.
       (don't forget to change "ettercap" to "ettercap-pkexec" as caller  pro-
       gram).

       example:

       ettercap-pkexec  -G  will  start  ettercap with root privileges and the
       GTK2 interface.

AUTHOR
       This code was originally taken from arch distro, and refactored to work
       with cmake system by
       Gianfranco Costamagna (LocutusOfBorg) <costamagnagianfranco@yahoo.it>

ORIGINAL AUTHORS
       Alberto Ornaghi (ALoR) <alor@users.sf.net>
       Marco Valleri (NaGA) <naga@antifork.org>

PROJECT STEWARDS
       Emilio Escobar (exfil)  <eescobar@gmail.com>
       Eric Milam (Brav0Hax)  <jbrav.hax@gmail.com>

OFFICIAL DEVELOPERS
       Mike Ryan (justfalter)  <falter@gmail.com>
       Gianfranco Costamagna (LocutusOfBorg)  <costamagnagianfranco@yahoo.it>
       Antonio Collarino (sniper)  <anto.collarino@gmail.com>
       Ryan Linn   <sussuro@happypacket.net>
       Jacob Baines   <baines.jacob@gmail.com>

CONTRIBUTORS
       Dhiru Kholia (kholia)  <dhiru@openwall.com>
       Alexander Koeppe (koeppea)  <format_c@online.de>
       Martin Bos (PureHate)  <purehate@backtrack.com>
       Enrique Sanchez
       Gisle Vanem  <giva@bgnett.no>
       Johannes Bauer  <JohannesBauer@gmx.de>
       Daten (Bryan Schneiders)  <daten@dnetc.org>

SEE ALSO
       etter.conf(5) ettercap_curses(8) ettercap_plugins(8) etterlog(8) etter-
       filter(8)

AVAILABILITY
       https://github.com/Ettercap/ettercap/downloads

GIT
       git clone git://github.com/Ettercap/ettercap.git
       or
       git clone https://github.com/Ettercap/ettercap.git

BUGS
       Our software never has bugs.
       It just develops random features.   ;)

       KNOWN-BUGS

       - ettercap doesn't handle fragmented packets... only the first  segment
       will  be  displayed  by the sniffer. However all the fragments are cor-
       rectly forwarded.

       + please send bug-report, patches or suggestions to <ettercap-betatest-
       ing@lists.sourceforge.net>  or visit https://github.com/Ettercap/etter-
       cap/issues.

       + to report a bug, follow the instructions in the README.BUGS file

PHILOLOGICAL HISTORY
       "Even if blessed  with  a  feeble  intelligence,  they  are  cruel  and
       smart..."   this  is  the description of Ettercap, a monster of the RPG
       Advanced Dungeons & Dragon.

       The name "ettercap" was chosen because it has an assonance with "ether-
       cap"  which  means "ethernet capture" (what ettercap actually does) and
       also because such monsters have a powerful poison... and you know,  arp
       poisoning... ;)

The Lord Of The (Token)Ring
       (the fellowship of the packet)

       "One Ring to link them all, One Ring to ping them,
        one Ring to bring them all and in the darkness sniff them."

Last words
       "Programming  today  is  a  race between software engineers striving to
       build bigger and better idiot-proof programs, and the  Universe  trying
       to  produce bigger and better idiots. So far, the Universe is winning."
       - Rich Cook

ettercap 0.8.3.1                                                   ETTERCAP(8)

Usi del tool:

Gli usi più comuni di Ettercap sono:

  • Man-in-the-middle
  • DNS spoofing
  • Credentials capture
  • DoS attack

Ettercap interfaccia GUI

2 anni dopo

Questo è uno degli attacchi più potenti che mi piace molto
Aggiungi taget 1 target 2 e start 🔝

Powered by: FreeFlarum.
(remove this footer)