Jump to content
Hak5 Forums
Whistle Master

[Official] ettercap

Recommended Posts

Module: ettercap


Version: 1.4


Features:


  • Manage dependencies
  • Configure ettercap options
  • Manager filters
  • Live output
  • Run History

Change log:



1.4


  • Bug fixes

5e3a0epewsaox2u4g.jpg


Edited by Whistle Master

Share this post


Link to post
Share on other sites
kg6kvq   

Ettercap will not start on my nano, checking the module script I see the following

<snip>
MYCMD=`cat /tmp/ettercap.run`

if [ `$1` = "start" ]; then
      eval ${MYCMD}
      rm -rf /tmp/ettercap.run

</snip>

When I check the /tmp/ettercap.run file I see

-T -w /pineapple/modules/ettercap/log/log_1457500461.pcap -m /pineapple/modules/ettercap/log/log_1457500461.log

If I ssh to the nano and prepend /usr/bin/ettercap to that ettercap starts. A quick hack of the ettercap/api/module.php on line 110 to add /usr/bin/ettercap to the command that is written to ettercap.run and I can start ettercap from the GUI.

The -T option sets ettercap to the interactive text interface, I'm not sure but I think the -D option to daemonize the process would be preferred?

Share this post


Link to post
Share on other sites

That's weird... The ettercap.run file did not have "ettercap" at the beginning ?

What is the content in the GUI of the "command" field ? It should have "ettercap" and the rest of your options.

The "-T" option is mandatory to start ettercap start in the interactive text interface, otherwise, it won't start. The "-D" is not used in this case.

Share this post


Link to post
Share on other sites
kg6kvq   

I will check when I get home for the command field.

I did try running with the -D instead of -T from the command line and as I guess you knew it failed to start.

Share this post


Link to post
Share on other sites
kg6kvq   

Sorry for the delay, I was out of posts for the day when I got home.

I did find the issue, something in chrome was resetting the interface selection when I left the field. I got it to run using firefox

Share this post


Link to post
Share on other sites
drale2k   

Hi, i am having issues with ettercap. It seems to say it is running but it is not or it is crashing. I am not sure what it is.

I am starting it with the command "ettercap -i eth0 -V text". When i connect with my device (iPad) to the PineAP and start browsing, nothing will appear in the log. After some time it will just say "ettercap is not running..." but at the top the button is red and says "Stop".

Any idea what is happening? I can post logs if you tell me where to find them.

Thanks

Share this post


Link to post
Share on other sites

TETRA ? NANO ?

If you connect with SSH to your Pineapple and issue the following commands:

which ettercap
ettercap -v
ettercap -i eth0 -V text -T
Edited by Whistle Master

Share this post


Link to post
Share on other sites
QSDx25   

Does anyone expirience ettercap shutdown problem? When you start to sniff on br-lan with ARP the module stop working after a while, especially if there are more than 10 clinets connected. In status is says that ettercap is not running but button is still red and says "stop". Then if you click "stop" the module start working again... ?!

Share this post


Link to post
Share on other sites
QSDx25   

Is it normal to have 30+ connected clients, run ettercap on br-lan with ARP poisoning and receive only those kind of logs:

DHCP: [38:71:DE:85:AE:13] REQUEST 172.19.106.221
DHCP: [172.16.42.1] OFFER : 172.16.42.112 255.255.255.0 GW 172.16.42.1 DNS 172.16.42.1 "lan"
DHCP: [38:71:DE:85:AE:13] DISCOVER
DHCP: [E4:98:D1:D0:90:1E] REQUEST 172.16.42.112
DHCP: [38:71:DE:85:AE:13] DISCOVER
DHCP: [172.16.42.1] OFFER : 172.16.42.241 255.255.255.0 GW 172.16.42.1 DNS 172.16.42.1 "lan"
DHCP: [172.16.42.1] ACK : 172.16.42.112 255.255.255.0 GW 172.16.42.1 DNS 172.16.42.1 "lan"
DHCP: [172.16.42.1] OFFER : 172.16.42.241 255.255.255.0 GW 172.16.42.1 DNS 172.16.42.1 "lan"
DHCP: [E4:98:D1:D0:90:1E] REQUEST 172.16.42.112
DHCP: [172.16.42.1] ACK : 172.16.42.112 255.255.255.0 GW 172.16.42.1 DNS 172.16.42.1 "lan"
DHCP: [38:71:DE:85:AE:13] REQUEST 172.16.42.241
DHCP: [172.16.42.1] ACK : 172.16.42.241 255.255.255.0 GW 172.16.42.1 DNS 172.16.42.1 "lan"

Share this post


Link to post
Share on other sites
Onus   

I was excited to use this module, but I like others can't get it to work.. sometimes it won't start, sometimes it won't stop.. but when it is running it doesn't seem to work at all.. either the target gets blocked from the internet all together once it's running, or the target gets internet but no logs of the targets browsing. I second the motion that a video is made giving an example of how to use it.. I'm not sure what interface to use and most of the other settings seem confusing.. please give us a video tutorial 

Share this post


Link to post
Share on other sites

The module is only a Web UI for the existing binary. Try to use ettercap on the command line to see if you manage to get what you want and then, you should be able to do the same with the module.

Share this post


Link to post
Share on other sites
PMR   

Hi I am new in Pineapple so if I am starting something old here please don't be mad :)

I have Pineapple Tetra and trying to run ettercap in this unit.

As shown in different youtubes I have connected test client to free wifi. I can see his IP and mac address. Also tested by DWall and it works fine.

On ettercap in target 1 was written client IP, and on target 2 router IP (at this moment it is pineapple). For poisoning was choose arp and remote.

In commandline it shown like this:

ettercap -i wlan0 -M arp:remote /172.16.42.227/ /172.16.42.1/ 

After START WAN connection dropped. That's mean client cant co into WWW (no ping). Also pineapple WAN is dropped as well.

Log what I downloaded is below:

Listening on:
 wlan0 -> 00:13:37:A6:24:E7

Regained root privileges: 0 0Regained root privileges: 0 0Regained root privileges: 0 0Regained root privileges: 0 0Regained root privileges: 0 0Regained root privileges: 0 0Regained root privileges: 0 0Regained root privileges: 0 0Regained root privileges: 0 0Regained root privileges: 0 0Privileges dropped to EUID 0 EGID 0...

  33 plugins
  42 protocol dissectors
  57 ports monitored
20388 mac vendor fingerprint
1766 tcp OS fingerprint
2182 known services

Scanning for merged targets (2 hosts)...

0 hosts added to the hosts list...

Do I am still to do something wrong?
 

Share this post


Link to post
Share on other sites

Hi everyone, I am trying to use the ettercap to replace/modify HTML code. 

I executed the replace_str.filter with the bellow code:

if (ip.proto == TCP && tcp.dst == 80) {
   if (search(DATA.data, "Accept-Encoding")) {
      replace("Accept-Encoding", "Accept-Rubbish!"); 
   }
}

if (ip.proto == TCP && tcp.src == 80) {
   replace("Anarchy", "Hola");
   msg("Filter Ran.\n");
}

The command is simple: ettercap -i br-lan -F /pineapple/modules/ettercap/filters/replace_str.ef 

And in the logs the filter look good and appeared the string "Filter Ran" but I cannot see any modification during the navigation :-(

 

Any ideas? Thank you very much :-)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


  • Recently Browsing   0 members

    No registered users viewing this page.

×