Garland

Please try the following and report back: Comment out lines 97 and line 98 of /usr/lib/python2.7/site-packages/sslstrip/ServerConnection.py file by adding a "#" to the beginning of each line: # elif (key.lower() == 'set-cookie'): # self.client.responseHeaders.addRawHeader(key, value) Do you still get the error after that?

Currently ssltrip 0.9 on OpenWRT fails with the following exception: exceptions.AttributeError: ClientRequest instance has no attribute 'responseHeaders' If you want to get sslstrip 0.9 working, do the following: Comment out lines 97 and line 98 of /usr/lib/python2.7/site-packages/sslstrip/ServerConnection.py file: # elif (key.lower() == 'set-cookie'): # self.client.responseHeaders.addRawHeader(key, value) It should function normally after that. Hope this helps.

Having spent a bit more time with this, I have sorted out exactly which patches are necessary to get 0.4.7.1 to compile (where before I could only compile it by leaving all of the old build files from NG-0.7.3). The issue was in the acinclude.m4 file, so I made a patch to correct that file. Here is the Makefile, patches and source: http://www.qfpost.com/file/d?g=bLManu7nx ...and here is the resulting package: http://www.qfpost.com/file/d?g=24gQvEcX2 I would test using this version of the package instead of the one I posted yesterday. Thank you, -Garland

Looking at the ettercap changelog, you can see what switching to 0.7.4.1 gains you: https://github.com/Ettercap/ettercap/blob/master/CHANGELOG First, the NG-0.7.4 (2005) update adds a radius dissector, so now there are 40 protocol dissectors, instead of 39. The 0.7.4.1 (2011) update seems to fix several memory and buffer overflow issues, which is good thing. If anyone is wishing to build from source, you may find my modified source files here: http://www.qfpost.com/file/d?g=J97Yh4YDU Oh, and welcome to 2011... ;) -Garland

Since I've been playing around with the OpenWRT toolchain (on a Kali Linux VM) I thought I would take a crack at updating the ettercap package to a more recent version. Ettercap 0.7.5 was the first version to switch to 'cmake'. Currently building 'cmake' packages (outside of the source directory) with the OpenWRT toolchain is a mystery to me, so I settled on attempting to cross-compile the last non-cmake version, which is 0.7.4.1. All of this takes place on my Kali Linux VM, with the OpenWRT toolchain installed: First I copied the ettercap-NG-0.7.3.tar.gz from /root/openwrt/attitude_adjustment/dl/ and placed it in a directory with a copy of ettercap-0.7.4.1.tar.gz, then I ran this script: #!/bin/sh rm -rf ./ettercap-NG-0.7.3/ rm -rf ./ettercap-0.7.4.1/ tar xvfz ./ettercap-NG-0.7.3.tar.gz tar xvfz ./ettercap-0.7.4.1.tar.gz rm -rf ./ettercap-NG-0.7.3/include cp -r ./ettercap-0.7.4.1/include ./ettercap-NG-0.7.3/ cp -r ./ettercap-0.7.4.1/libltdl ./ettercap-NG-0.7.3/ rm -rf ./ettercap-NG-0.7.3/man cp -r ./ettercap-0.7.4.1/man ./ettercap-NG-0.7.3/ rm -rf ./ettercap-NG-0.7.3/plug-ins cp -r ./ettercap-0.7.4.1/plug-ins ./ettercap-NG-0.7.3/ rm -rf ./ettercap-NG-0.7.3/share cp -r ./ettercap-0.7.4.1/share ./ettercap-NG-0.7.3/ rm -rf ./ettercap-NG-0.7.3/src cp -r ./ettercap-0.7.4.1/src ./ettercap-NG-0.7.3/ rm -rf ./ettercap-NG-0.7.3/utils cp -r ./ettercap-0.7.4.1/utils ./ettercap-NG-0.7.3/ ..and then manually applied the patch files (found in /root/openwrt/attitude_adjustment/feeds/packages/net/ettercap/patches) for the ettercap-NG-0.7.3 (with the exception of the last one from patch file 003), renamed the directory from ettercap-NG-0.7.3 to ettercap-0.7.4.1 and then tar-ed and gziped the directory into a new ettercap-0.7.4.1.tar.gz file and dropped that into "/root/openwrt/attitude_adjustment/dl/". Next I generated a new md5sum for this file (34f95caea07c47c31ae1f564f7734b8c) and lastly I updated the /root/openwrt/attitude_adjustment/feeds/packages/net/ettercap/Makefile, so the beginning of it looks like this: PKG_NAME:=ettercap PKG_VERSION:=0.7.4.1 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=@SF/ettercap PKG_MD5SUM:=34f95caea07c47c31ae1f564f7734b8c ...after all of that I ran 'make' and the toolchain generated the ettercap-0.7.4.1-1_ar71xx.ipk file. Of course this package is unofficial. I'm not responsible if it doesn't work or ends up bricking your device. That being said, I'm running it without any issues so far. Ideally you should compile this package yourself; however if people want to try it, you may find it here: http://www.qfpost.com/file/d?g=UOZdy3dKg To update to this version of ettercap, just scp the file over to your pineapple and then run: opkg remove ettercap opkg install ./ettercap-0.7.4.1-1_ar71xx.ipk Good luck, -Garland

Oops... Try this link: http://www.qfpost.com/file/d?g=6yb584pNj

Here is my unofficial package file for the daemonized ettercap (ettercap_NG-0.7.3-3_ar71xx.ipk). https://filetea.me/default/#t1s2Wtp6OCmSxCtY6z1f6SFeQ Just scp this to your Pineapple, then ssh into the Pineapple and run: opkg remove ettercap opkg install ./ettercap_NG-0.7.3-3_ar71xx.ipk Then copy and paste these commands to build the daemonized ettercap infusion: rm -rf /pineapple/components/infusions/ettercap cp -r /pineapple/components/infusions/sslstrip/ /pineapple/components/infusions/ettercap cd /pineapple/components/infusions/ettercap/ find . -type f -exec sed -ie "s/sslstrip/ettercap/g" {} \; sed -ie "s/1.3/1.0/g" ./handler.php sed -ie "s/\texec(\"iptables/\t\/\/exec(\"iptables/g" includes/actions.php sed -ie "s/ettercap -a -k -f -w /ettercap -i br-lan -D -w /g" includes/actions.php sed -ie "s/ettercap -k -f -w /ettercap -i br-lan -D -m /g" includes/actions.php sed -ie "s/^iptables/#iptables/g" includes/autostart.sh sed -ie "s/ettercap -k -f -w /ettercap -i br-lan -D -m /g" includes/autostart.sh sed -ie "s/ettercap -a/ettercap -i br-lan -D -w/g" includes/vars.php Hope this helps, -Garland

I couldn't take any credit for the infusion itself. I only changed seven lines. If you would like to see what the ettercap infusion looks like, without going through all of the trouble to build a new ettercap package, you can ssh to your Pineapple and paste the following lines to build the ettercap infusion (as long as you have the sslstrip infusion installed): cp -r /pineapple/components/infusions/sslstrip/ /pineapple/components/infusions/ettercap cd /pineapple/components/infusions/ettercap/ find . -type f -exec sed -ie "s/sslstrip/ettercap/g" {} \; sed -ie "s/1.3/1.0/g" ./handler.php sed -ie "s/\texec(\"iptables/\t\/\/exec(\"iptables/g" includes/actions.php sed -ie "s/ettercap -a -k -f -w /ettercap -i br-lan -D -w /g" includes/actions.php sed -ie "s/ettercap -k -f -w /ettercap -i br-lan -D -m /g" includes/actions.php sed -ie "s/^iptables/#iptables/g" includes/autostart.sh sed -ie "s/ettercap -k -f -w /ettercap -i br-lan -D -m /g" includes/autostart.sh sed -ie "s/ettercap -a/ettercap -i br-lan -D -w/g" includes/vars.php sed -ie "s/ettercap -i br-lan -D -w /ettercap -i br-lan --text -w /g" includes/actions.php sed -ie "s/ettercap -i br-lan -D -m /ettercap -i br-lan --text -m /g" includes/actions.php sed -ie "s/ettercap -i br-lan -D -w/ettercap -i br-lan --text -w/g" includes/vars.php Refresh the web UI and you will have the ettercap infusion; however it will use the default, text-mode ettercap, which will cause excessive CPU load. If you don't like the ettercap infusion, you can remove it using the Pineapple Bar menus. Also, if you ssh into your Pineapple and run ettercap manually, you don't have the CPU problem with the default ettercap, as your shell is being interactive with ettercap. The CPU issue only comes up when you background ettercap without an interactive shell.

As my first attempt to build an infusion was an abysmal failure, I thought I would share a bit of what I've learned for those who would like a working ettercap infusion which functions likes whistlemaster's sslstrip infusion. The issue that I ran into is that the default ettercap package (ettercap_NG-0.7.3-2_ar71xx.ipk) only supports "text" mode, which is interactive. Launch this in the background via a PHP exec and the Pineapple's CPU load pegs. Running 'top' shows that ettercap is consuming most of the CPU (around 80%). The solution is to not use ettercap's interactive text mode; however the mode you need to use (daemon mode) is broken in ettercap_NG-0.7.3-2_ar71xx.ipk. A patch exists which fixes this issue. To build a new package with the patch applied, boot up a Kali Linux VM (which has plenty of free disk space) and follow these instructions to build the OpenWRT toolchain then build a patched ettercap: http://wiki.openwrt.org/doc/howto/buildroot.exigence Following this page I run the following commands on my Kali VM: sudo apt-get update sudo apt-get install subversion build-essential sudo apt-get install git-core apt-get install libncurses5-dev zlib1g-dev gawk Next I creating an 'openwrt' directory, then switched to a non-root user: mkdir openwrt chown nobody openwrt cd openwrt su nobody bash Then I used svn to 'check out' the appropriate branch, then installed feeds: svn co svn://svn.openwrt.org/openwrt/branches/attitude_adjustment cd ./attitude_adjustment ./scripts/feeds update -a ./scripts/feeds install -a Next use the Menu Config to build ettercap as a module: make menuconfig When the text-based menu comes up arrow down to network, then hit the space bar, then arrow down to ettercap and hit the space bar again. There should be an "M" (for module) next to ettercap. Right arrow and hit return on "Exit" twice, then hit return one last time to save your configuration. We will now run make, which will build the toolchain (this takes a while) as well as download and build the ettercap package. Note: This package will still be broken, but don't worry, we will be patching it in a few minutes. Go ahead and run make: make That will take quite a while to run, so come back in a bit... Next we will add in the necessary patch for ettercap. Using the editor of your choice create a new file: vi ./feeds/packages/net/ettercap/patches/004-daemon-ui.patch Paste in the following content, then write the file and quit your editor: diff -ruN ettercap-NG-0.7.3-old/src/ec_ui.c ettercap-NG-0.7.3-new/src/ec_ui.c --- ettercap-NG-0.7.3-old/src/ec_ui.c 2006-10-03 18:24:09.000000000 +0200 +++ ettercap-NG-0.7.3-new/src/ec_ui.c 2006-10-03 18:28:57.000000000 +0200 @@ -336,7 +336,7 @@ BUG_IF(ops->fatal_error == NULL); GBL_UI->fatal_error = ops->fatal_error; - BUG_IF(ops->input == NULL); + BUG_IF((ops->input == NULL)&&(ops->type != UI_DAEMONIZE)); GBL_UI->input = ops->input; BUG_IF(ops->progress == NULL); Now we need to increment the package number by editing the 12th line of the ettercap Makefile: vi ./feeds/packages/net/ettercap/Makefile +12 Change the line from this: PKG_RELEASE:=2 To look like this: PKG_RELEASE:=3 Now run make one last time to build the patched ettercap package: make Once the compile finishes (if all went well) you should now have the following file: ./bin/ar71xx/packages/ettercap_NG-0.7.3-3_ar71xx.ipk Use scp to copy this file to your Pineapple, then ssh into your Pineapple and run the following commands (on the Pineapple): opkg remove ettercap opkg install ./ettercap_NG-0.7.3-3_ar71xx.ipk At this point you should test to make sure that you can now use the -D (daemonize) option: ettercap -i br-lan -D -m /tmp/test.log I see the following: ettercap NG-0.7.3 copyright 2001-2004 ALoR & NaGA Dissector "dns" not supported (etter.conf line 70) Daemonizing ettercap... If that worked and you didn't get an error, go ahead and kill ettercap and remove the log file: killall ettercap rm /tmp/test.log Now were ready to clone the sslstrip infusion and modify our clone to use ettercap. First, make sure you have installed the sslstrip infusion. It is a good idea to clear all of your sslstrip log files first. Then run the following commands on your Pineapple to clone this infusion and make the necessary changes to adapt it for ettercap: cp -r /pineapple/components/infusions/sslstrip/ /pineapple/components/infusions/ettercap cd /pineapple/components/infusions/ettercap/ find . -type f -exec sed -ie "s/sslstrip/ettercap/g" {} \; sed -ie "s/1.3/1.0/g" ./handler.php sed -ie "s/\texec(\"iptables/\t\/\/exec(\"iptables/g" includes/actions.php sed -ie "s/ettercap -a -k -f -w /ettercap -i br-lan -D -w /g" includes/actions.php sed -ie "s/ettercap -k -f -w /ettercap -i br-lan -D -m /g" includes/actions.php sed -ie "s/^iptables/#iptables/g" includes/autostart.sh sed -ie "s/ettercap -k -f -w /ettercap -i br-lan -D -m /g" includes/autostart.sh sed -ie "s/ettercap -a/ettercap -i br-lan -D -w/g" includes/vars.php At this point it is probably a good idea to reboot your Pineapple, so issue the following command: reboot In my case the sslstrip infusion was set to autostart on boot and the ettercap infusion inherited that setting when we cloned it, so after a reboot I can see that the ettercap infusion started. If you didn't delete your log files from your sslstrip infustion you may find that the new ettercap infusion has clones of those files. Just stop ettercap, delete these log files, then restart ettercap and you should be good to go. You should stop here; however If you want to return to the original (default) ettercap and see the high CPU load issue I mentioned at this beginning of this post, just run the following commands: cd /root opkg remove ettercap opkg update opkg install ettercap Then run these commands to modify the ettercap infusion to use text mode: cd /pineapple/components/infusions/ettercap/ sed -ie "s/ettercap -i br-lan -D -w /ettercap -i br-lan --text -w /g" includes/actions.php sed -ie "s/ettercap -i br-lan -D -m /ettercap -i br-lan --text -m /g" includes/actions.php sed -ie "s/ettercap -i br-lan -D -w/ettercap -i br-lan --text -w/g" includes/vars.php When looking with the 'top' program, the new ettercap (in daemon mode) averages around 3% load; however with the default ettercap the load is around 80%. Again I hope that this post helps someone out there who wanted a working ettercap infusion. -Garland