Whistle Master Posted August 4, 2012 Share Posted August 4, 2012 (edited) Hi there !As there are some discussions around ettercap which pop out recently, this gave me the idea to develop a module dedicated to it.Features- Ettercap options selection- Filter building- History Edited August 5, 2013 by Whistle Master Quote Link to comment Share on other sites More sharing options...
dustbyter Posted August 4, 2012 Share Posted August 4, 2012 Looks good Whistle Master! Can't wait to see it completed. Quote Link to comment Share on other sites More sharing options...
PineDominator Posted August 4, 2012 Share Posted August 4, 2012 wow just awesome. is this going to take the place of your key-logger module, maybe adding the filter for it in the ettercap module. Quote Link to comment Share on other sites More sharing options...
dustbyter Posted August 4, 2012 Share Posted August 4, 2012 You can inject any Javascript payload you chose to! Quote Link to comment Share on other sites More sharing options...
Whistle Master Posted August 5, 2012 Author Share Posted August 5, 2012 wow just awesome. is this going to take the place of your key-logger module, maybe adding the filter for it in the ettercap module. No it won't replace it. I will continue to work on the keylogger module later :) Quote Link to comment Share on other sites More sharing options...
Whistle Master Posted August 5, 2012 Author Share Posted August 5, 2012 (edited) First version was sent to Seb ;) You can send me your filter and I will integrate it as default in the module. Edited August 5, 2012 by Whistle Master Quote Link to comment Share on other sites More sharing options...
loozr Posted September 14, 2012 Share Posted September 14, 2012 Could you please give me some hints to how you get this plugin working? I've tried adding a image-replace filter from this site: http://www.irongeek.com/i.php?page=security/ettercapfilter But I cant get it working. Usually the log only states. [1mettercap NG-0.7.3[0m copyright 2001-2004 ALoR & NaGA[/CODE]Also when not using any filter whatsoever.. Quote Link to comment Share on other sites More sharing options...
yukondokne Posted September 14, 2012 Share Posted September 14, 2012 i have same problem as loozr Quote Link to comment Share on other sites More sharing options...
pineapples4fun Posted September 28, 2012 Share Posted September 28, 2012 I haven't had much luck getting it working either. Given how my sslstrip was crashing I was hoping to replace it with ettercap. No such luck.. Could you please give me some hints to how you get this plugin working? I've tried adding a image-replace filter from this site: http://www.irongeek..../ettercapfilter But I cant get it working. Usually the log only states. [1mettercap NG-0.7.3[0m copyright 2001-2004 ALoR & NaGA[/CODE]Also when not using any filter whatsoever.. Quote Link to comment Share on other sites More sharing options...
loozr Posted October 18, 2012 Share Posted October 18, 2012 (edited) Okey, to report some findings regarding the ettercap module. I'm now able to actually run ettercap via the module but I still can't make any filter working. Oh, and it seems that this will only work on external wlan1. Ettercap will not run if choosing wlan0. 1. Edit /etc/etter.conf. [privs]ec_uid = 0 # nobody is the defaultec_gid = 0 # nobody is the default------snip--------#---------------# Linux#---------------# if you use ipchains:redir_command_on = "ipchains -A input -i %iface -p tcp -s 0/0 -d 0/0 %port -j REDIRECT %rport"redir_command_off = "ipchains -D input -i %iface -p tcp -s 0/0 -d 0/0 %port -j REDIRECT %rport"[/CODE]Just change privs to 0, and remove the # in front of the lines under Linux. I also commented out dns under dissector.2. Choose your settings for the command. I would recommend not to choose to much options. Less is more. [s]Before you start the command you will have to edit the beginning of the commandline into "ettercap -T ". This is because ettercap requires you to enter an User Interface. Text beeing the right one in this case. And this is not the same as choosing text under Visualization.[/s]Edit: Seems this might not be the case afterall, I can run without the -T now..This is just my findings, might not be the same for everybody. Anywho, I would really like to know if you guys have any good filters for ettercap lying around? :) Edited October 18, 2012 by loozr Quote Link to comment Share on other sites More sharing options...
PineDominator Posted October 19, 2012 Share Posted October 19, 2012 Good work loozr, we need to break this so we can move on to some real fun:-D Quote Link to comment Share on other sites More sharing options...
jus7incase Posted January 31, 2013 Share Posted January 31, 2013 Hi there, I am wondering of this module support SSL sniffing. I didnt find any certificates being generated... TIA JC Quote Link to comment Share on other sites More sharing options...
noxferatu Posted February 13, 2013 Share Posted February 13, 2013 (edited) I'm unable to get ettercap to work at all, even with no "options" assigned. If I attempt to start ettercap, with or without any options, ettercap will state that it is running, but as soon as the page is refreshed there is a message in the output window that ettercap has stopped running. Also, I saw the earlier post stating that ettercap will not work on wlan0, but I only have wlan0 in my interface options. If need be, I can post the log when I get home. Does anyone have an idea of what might be going on? ***EDIT: I read loozr's comment a bit closer and I'll check these settings when I get home. Edited February 13, 2013 by noxferatu Quote Link to comment Share on other sites More sharing options...
Boba Fett Posted February 24, 2013 Share Posted February 24, 2013 Hi, where can find nice filters? The irongeek image sawp filter works here? Quote Link to comment Share on other sites More sharing options...
Whistle Master Posted February 24, 2013 Author Share Posted February 24, 2013 all ettercap filters will work ;) irongeek images swap as well :) Quote Link to comment Share on other sites More sharing options...
Boba Fett Posted February 27, 2013 Share Posted February 27, 2013 Anyone makes ettercap works? I make the irongeek filter but always says: not running. Quote Link to comment Share on other sites More sharing options...
rdbell Posted May 17, 2013 Share Posted May 17, 2013 Anyone makes ettercap works? I make the irongeek filter but always says: not running. I'm in the same boat. Quote Link to comment Share on other sites More sharing options...
BeNe Posted May 18, 2013 Share Posted May 18, 2013 Looks like there is something missing in the commandline that the gui build ? I tried to set different filters in the gui and pressed start. The file /usb/infusions/ettercap/ettercap.sh with the selected filters was created. But if i try to run the same command manualy i get an error: root@Pineapple:/usb/infusions/ettercap# ls -l drwxr-xr-x 2 501 20 4096 May 16 22:12 css -rw-r--r-- 1 501 20 7460 Feb 9 20:53 ettercap.php -rwxr-xr-x 1 root root 138 May 16 22:22 ettercap.sh -rw-r--r-- 1 501 20 1275 Feb 9 20:53 ettercap_actions.php -rw-r--r-- 1 501 20 1512 Dec 23 13:31 ettercap_data.php -rw-r--r-- 1 501 20 1705 Aug 5 2012 ettercap_filters.php -rw-r--r-- 1 501 20 2012 Feb 9 20:53 ettercap_vars.php drwxr-xr-x 2 501 20 4096 Aug 5 2012 filters drwxr-xr-x 2 501 20 4096 May 16 22:12 js drwxr-xr-x 2 501 20 4096 May 16 22:22 log root@Pineapple:/usb/infusions/ettercap# cat ettercap.sh #!/bin/sh ettercap -i br-lan -M arp -w /usb/infusions/ettercap/log/log_1368742926.pcap > /usb/infusions/ettercap/log/log_1368742926.log & root@Pineapple:/usb/infusions/ettercap# ettercap -i br-lan -M arp -w /usb/infusions/ettercap/log/log_1368742926.pcap > /usb/infusions/ettercap/log/log_1368742926.log Please select an User Interface root@Pineapple:/usb/infusions/ettercap# So there is a User Interface type missing ? User Interface Type: -T, --text use text only GUI -q, --quiet do not display packet contents -s, --script <CMD> issue these commands to the GUI -C, --curses use curses GUI -G, --gtk use GTK+ GUI -D, --daemon daemonize ettercap (no GUI) I added a "-T" and the most commands works on the shell so far. Sometimes it stops also directly. No running process with "ps" found. Don´t know if this helps anybody out there or if this is the real problem. Only want to share it... Greez BeNe Quote Link to comment Share on other sites More sharing options...
crepsidro Posted September 17, 2013 Share Posted September 17, 2013 Can anyone tell me, how to invoke ettercap to be ssl sniffing proxy? I edited the .conf, then i just run 'ettercap -Tq -i br-lan' on the pineapple. My https traffic gets mitmed ok (certs being generated etc), but no http traffic passes thru. Little help please. Thanks Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.