PC & IT SUPPORT MADE EASY FORUM
Would you like to react to this message? Create an account in a few clicks or log in to continue.

Installing ettercap on linux and configureing the conf file

Go down

Installing ettercap on linux and configureing the conf file Empty Installing ettercap on linux and configureing the conf file

Post by jamied_uk 12th August 2014, 12:54

Installing ettercap on linux and configureing the conf file

Original concept for this can be found @ youtube: https://www.youtube.com/watch?v=IE-PI43Q5_0


Code:
sudo apt-get install -y ettercap-common ettercap-graphical
sudo gedit /etc/ettercap/etter.conf


edit the .conf file so that is the same as this example



############################################################################
#                                                                          #
#  ettercap -- etter.conf -- configuration file                            #
#                                                                          #
#  Copyright (C) ALoR & NaGA                                               #
#                                                                          #
#  This program is free software; you can redistribute it and/or modify    #
#  it under the terms of the GNU General Public License as published by    #
#  the Free Software Foundation; either version 2 of the License, or       #
#  (at your option) any later version.                                     #
#                                                                          #
#                                                                          #
############################################################################

[privs]
ec_uid = 65534                # nobody is the default
ec_gid = 65534                # nobody is the default

[mitm]
arp_storm_delay = 10          # seconds
arp_poison_warm_up = 1        # seconds
arp_poison_delay = 10         # seconds
arp_poison_icmp = 1           # boolean
arp_poison_reply = 1          # boolean
arp_poison_request = 0        # boolean
arp_poison_equal_mac = 1      # boolean
dhcp_lease_time = 1800        # seconds
port_steal_delay = 10         # seconds
port_steal_send_delay = 2000  # microseconds

[connections]
connection_timeout = 300      # seconds
connection_idle = 5           # seconds
connection_buffer = 10000     # bytes
connect_timeout = 5           # seconds

[stats]
sampling_rate = 50            # number of packets

[misc]
close_on_eof = 1              # boolean value
store_profiles = 1            # 0 = disabled; 1 = all; 2 = local; 3 = remote
aggressive_dissectors = 1     # boolean value
skip_forwarded_pcks = 1       # boolean value
checksum_check = 0            # boolean value
submit_fingerprint = 0        # boolean valid (set if you want ettercap to submit unknown finger prints)
checksum_warning = 0          # boolean value (valid only if checksum_check is 1)

############################################################################
#
# You can specify what DISSECTORS are to be enabled or not...
#
# e.g.:     ftp = 21            enabled on port 21 (tcp is implicit)
#           ftp = 2345          enabled on non standard port
#           ftp = 21,453        enabled on port 21 and 453
#           ftp = 0             disabled
#
#  NOTE: some dissectors have multiple default ports, if you specify a new
#        one, all the default ports will be overwritten
#
#

#dissector                 default port

[dissectors]
ftp = 21                   # tcp    21
ssh = 22                   # tcp    22
telnet = 23                # tcp    23
smtp = 25                  # tcp    25
dns = 53                   # udp    53
dhcp = 67                  # udp    68
http = 80                  # tcp    80
ospf = 89                  # ip     89  (IPPROTO 0x59)
pop3 = 110                 # tcp    110
#portmap = 111              # tcp / udp
vrrp = 112                 # ip     112 (IPPROTO 0x70)
nntp = 119                 # tcp    119
smb = 139,445              # tcp    139 445
imap = 143,220             # tcp    143 220
snmp = 161                 # udp    161
bgp = 179                  # tcp    179
ldap = 389                 # tcp    389
https = 443                # tcp    443
ssmtp = 465                # tcp    465
rlogin = 512,513           # tcp    512 513
rip = 520                  # udp    520
nntps = 563                # tcp    563
ldaps = 636                # tcp    636
telnets = 992              # tcp    992
imaps = 993                # tcp    993
ircs = 994                 # tcp    993
pop3s = 995                # tcp    995
socks = 1080               # tcp    1080
radius = 1645,1646         # udp    1645 1646
msn = 1863                 # tcp    1863
cvs = 2401                 # tcp    2401
mysql = 3306               # tcp    3306
icq = 5190                 # tcp    5190
ymsg = 5050                # tcp    5050
mdns = 5353                # udp    5353
vnc = 5900,5901,5902,5903  # tcp    5900 5901 5902 5903
x11 = 6000,6001,6002,6003  # tcp    6000 6001 6002 6003
irc = 6666,6667,6668,6669  # tcp    6666 6667 6668 6669
gg = 8074               # tcp    8074
proxy = 8080               # tcp    8080
rcon = 27015,27960         # udp    27015 27960
ppp = 34827                # special case Wink this is the Net Layer code
TN3270 = 23,992            # tcp    23 992

#
# you can change the colors of the curses GUI.
# here is a list of values:
#  0 Black     4 Blue
#  1 Red       5 Magenta
#  2 Green     6 Cyan
#  3 Yellow    7 White
#
[curses]
color_bg = 0
color_fg = 7
color_join1 = 2
color_join2 = 4
color_border = 7
color_title = 3
color_focus = 6
color_menu_bg = 4
color_menu_fg = 6
color_window_bg = 4
color_window_fg = 7
color_selection_bg = 6
color_selection_fg = 6
color_error_bg = 1
color_error_fg = 3
color_error_border = 3

#
# This section includes all the configurations that needs a string as a
# parmeter such as the redirect command for SSL mitm attack.
#
[strings]

# the default encoding to be used for the UTF-8 visualization
utf8_encoding = "ISO-8859-1"

# the command used by the remote_browser plugin
remote_browser = "xdg-open http://%host%url"


#####################################
#       redir_command_on/off
#####################################
# you must provide a valid script for your operating system in order to have
# the SSL dissection available
# note that the cleanup script is executed without enough privileges (because
# they are dropped on startup). so you have to either: provide a setuid program
# or set the ec_uid to 0, in order to be sure the cleanup script will be
# executed properly
# NOTE: this script is executed with an execve(), so you can't use pipes or
# output redirection as if you were in a shell. We suggest you to make a script if
# you need those commands.

#---------------
#     Linux
#---------------

# if you use ipchains:
   #redir_command_on = "ipchains -A input -i %iface -p tcp -s 0/0 -d 0/0 %port -j REDIRECT %rport"
   #redir_command_off = "ipchains -D input -i %iface -p tcp -s 0/0 -d 0/0 %port -j REDIRECT %rport"

# if you use iptables:
   redir_command_on = "iptables -t nat -A PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"
   redir_command_off = "iptables -t nat -D PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"

#---------------
#    Mac Os X
#---------------

# quick and dirty way:
   #redir_command_on = "ipfw add set %set fwd 127.0.0.1,%rport tcp from any to any %port in via %iface"
   #redir_command_off = "ipfw -q delete set %set"

# a better solution is to use a script that keeps track of the rules interted
# and then deletes them on exit:

 # redir_command_on:
 # ----- cut here -------
 #   #!/bin/sh
 #   if [ -a "/tmp/osx_ipfw_rules" ]; then
 #      ipfw -q add `head -n 1 osx_ipfw_rules` fwd 127.0.0.1,$1 tcp from any to any $2 in via $3
 #   else
 #      ipfw add fwd 127.0.0.1,$1 tcp from any to any $2 in via $3 | cut -d " " -f 1 >> /tmp/osx_ipfw_rules
 #   fi
 # ----- cut here -------

 # redir_command_off:
 # ----- cut here -------
 #   #!/bin/sh
 #   if [ -a "/tmp/osx_ipfw_rules" ]; then
 #      ipfw -q delete `head -n 1 /tmp/osx_ipfw_rules`
 #      rm -f /tmp/osx_ipfw_rules
 #   fi
 # ----- cut here -------


#---------------
#   Open BSD
#---------------

# unfortunately the pfctl command does not accepts direct rules adding
# you have to use a script wich executed the following command:

 # ----- cut here -------
 #   #!/bin/sh
 #   rdr pass on $1 inet proto tcp from any to any port $2 -> localhost port $3 | pfctl -a sslsniff -f -
 # ----- cut here -------
 
# it's important to remember that you need "rdr-anchor sslsniff" in your
# pf.conf in the TRANSLATION section.

   #redir_command_on = "the_script_described_above %iface %port %rport"
   #redir_command_off = "pfctl -a sslsniff -Fn"

# also, if you create a group called "pfusers" and have EC_GID be that group,
# you can do something like:
#     chgrp pfusers /dev/pf
#     chmod g+rw /dev/pf
# such that all users in "pfusers" can run pfctl commands; thus allowing non-root
# execution of redir commands.


##########
#  EOF   #
##########
jamied_uk
jamied_uk
Admin

Posts : 2942
Join date : 2010-05-09
Age : 41
Location : UK

https://jnet.sytes.net

Back to top Go down

Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum