d2defaa973
-- - Plugins now works with GTK+ interface - Updated the passive OS fingerprint database (1279 records) - Fixed internal refreshing (for huge traffic loads) - Fixed wifi-dump support - Fixed some possible buffer overflows
36 lines
1.4 KiB
Plaintext
36 lines
1.4 KiB
Plaintext
Ettercap is a multipurpose sniffer/interceptor/logger for switched
|
|
LAN. It supports active and passive dissection of many protocols
|
|
(even ciphered ones) and includes many features for network and host
|
|
analysis.
|
|
|
|
It's possible to sniff in four modes.
|
|
|
|
+ IP Based, the packets are filtered on IP source and destination
|
|
+ MAC Based, packets filtered on mac address, useful to sniff
|
|
connections through gateway
|
|
+ ARP based, uses arp poisoning to sniff in switched lan between
|
|
two hosts (full-duplex).
|
|
+ PublicARP based, uses arp poisoning to sniff in switched LAN
|
|
from a victim host to all other hosts (half-duplex).
|
|
|
|
Cool Features:
|
|
|
|
* Characters injection in an established connection:
|
|
you can inject character to server (emulating commands) or to
|
|
client (emulating replies) maintaining the connection alive !!
|
|
* SSH1 support:
|
|
you can sniff User and Pass, and even the data of an SSH1
|
|
connection. ettercap is the first software capable to sniff an
|
|
SSH connection in FULL-DUPLEX
|
|
* Plug-ins support:
|
|
You can create your own plugin using the ettercap's API.
|
|
* Password collector for:
|
|
TELNET, FTP, POP, RLOGIN, SSH1, ICQ, SMB, MySQL, HTTP
|
|
(other protocols coming soon...)
|
|
* OS fingerprint:
|
|
you can fingerprint the OS of the victim host and even its
|
|
network adapter
|
|
* Kill a connection:
|
|
from the connections list you can kill all the connections you
|
|
want.
|