42 lines
1.4 KiB
Plaintext
42 lines
1.4 KiB
Plaintext
Ettercap is a multipurpose sniffer/interceptor/logger for switched
|
|
LAN. It supports active and passive dissection of many protocols
|
|
(even ciphered ones) and includes many feature for network and host
|
|
analysis.
|
|
|
|
It's possible to sniff in four modes.
|
|
|
|
+ IP Based, the packets are filtered on IP source and destination
|
|
+ MAC Based, packets filtered on mac address, useful to sniff
|
|
connections through gateway
|
|
+ ARP based, uses arp poisoning to sniff in switched lan between
|
|
two hosts (full-duplex).
|
|
+ PublicARP based, uses arp poisoning to sniff in switched LAN
|
|
from a victim host to all other hosts (half-duplex).
|
|
|
|
Cool Features:
|
|
|
|
Characters injection in an established connection :
|
|
you can inject character to server (emulating commands) or to
|
|
client (emulating replies) maintaining the connection alive !!
|
|
|
|
SSH1 support:
|
|
you can sniff User and Pass, and even the data of an SSH1
|
|
connection. ettercap is the first software capable to sniff an
|
|
SSH connection in FULL-DUPLEX
|
|
|
|
Plug-ins support:
|
|
You can create your own plugin using the ettercap's API.
|
|
|
|
Password collector for:
|
|
TELNET, FTP, POP, RLOGIN, SSH1, ICQ, SMB, MySQL, HTTP
|
|
(other protocols coming soon...)
|
|
|
|
OS fingerprint:
|
|
you can fingerprint the OS of the victim host and even its
|
|
network adapter
|
|
|
|
Kill a connection:
|
|
from the connections list you can kill all the connections you want
|
|
|
|
WWW: ${HOMEPAGE}
|