Installing ettercap on linux and configureing the conf file

View previous topic View next topic Go down

Installing ettercap on linux and configureing the conf file

Post by jamied_uk on 12th August 2014, 12:54

Installing ettercap on linux and configureing the conf file

Original concept for this can be found @ youtube: https://www.youtube.com/watch?v=IE-PI43Q5_0


Code:
sudo apt-get install -y ettercap-common ettercap-graphical
sudo gedit /etc/ettercap/etter.conf


edit the .conf file so that is the same as this example



############################################################################
#                                                                          #
#  ettercap -- etter.conf -- configuration file                            #
#                                                                          #
#  Copyright (C) ALoR & NaGA                                               #
#                                                                          #
#  This program is free software; you can redistribute it and/or modify    #
#  it under the terms of the GNU General Public License as published by    #
#  the Free Software Foundation; either version 2 of the License, or       #
#  (at your option) any later version.                                     #
#                                                                          #
#                                                                          #
############################################################################

[privs]
ec_uid = 65534                # nobody is the default
ec_gid = 65534                # nobody is the default

[mitm]
arp_storm_delay = 10          # seconds
arp_poison_warm_up = 1        # seconds
arp_poison_delay = 10         # seconds
arp_poison_icmp = 1           # boolean
arp_poison_reply = 1          # boolean
arp_poison_request = 0        # boolean
arp_poison_equal_mac = 1      # boolean
dhcp_lease_time = 1800        # seconds
port_steal_delay = 10         # seconds
port_steal_send_delay = 2000  # microseconds

[connections]
connection_timeout = 300      # seconds
connection_idle = 5           # seconds
connection_buffer = 10000     # bytes
connect_timeout = 5           # seconds

[stats]
sampling_rate = 50            # number of packets

[misc]
close_on_eof = 1              # boolean value
store_profiles = 1            # 0 = disabled; 1 = all; 2 = local; 3 = remote
aggressive_dissectors = 1     # boolean value
skip_forwarded_pcks = 1       # boolean value
checksum_check = 0            # boolean value
submit_fingerprint = 0        # boolean valid (set if you want ettercap to submit unknown finger prints)
checksum_warning = 0          # boolean value (valid only if checksum_check is 1)

############################################################################
#
# You can specify what DISSECTORS are to be enabled or not...
#
# e.g.:     ftp = 21            enabled on port 21 (tcp is implicit)
#           ftp = 2345          enabled on non standard port
#           ftp = 21,453        enabled on port 21 and 453
#           ftp = 0             disabled
#
#  NOTE: some dissectors have multiple default ports, if you specify a new
#        one, all the default ports will be overwritten
#
#

#dissector                 default port

[dissectors]
ftp = 21                   # tcp    21
ssh = 22                   # tcp    22
telnet = 23                # tcp    23
smtp = 25                  # tcp    25
dns = 53                   # udp    53
dhcp = 67                  # udp    68
http = 80                  # tcp    80
ospf = 89                  # ip     89  (IPPROTO 0x59)
pop3 = 110                 # tcp    110
#portmap = 111              # tcp / udp
vrrp = 112                 # ip     112 (IPPROTO 0x70)
nntp = 119                 # tcp    119
smb = 139,445              # tcp    139 445
imap = 143,220             # tcp    143 220
snmp = 161                 # udp    161
bgp = 179                  # tcp    179
ldap = 389                 # tcp    389
https = 443                # tcp    443
ssmtp = 465                # tcp    465
rlogin = 512,513           # tcp    512 513
rip = 520                  # udp    520
nntps = 563                # tcp    563
ldaps = 636                # tcp    636
telnets = 992              # tcp    992
imaps = 993                # tcp    993
ircs = 994                 # tcp    993
pop3s = 995                # tcp    995
socks = 1080               # tcp    1080
radius = 1645,1646         # udp    1645 1646
msn = 1863                 # tcp    1863
cvs = 2401                 # tcp    2401
mysql = 3306               # tcp    3306
icq = 5190                 # tcp    5190
ymsg = 5050                # tcp    5050
mdns = 5353                # udp    5353
vnc = 5900,5901,5902,5903  # tcp    5900 5901 5902 5903
x11 = 6000,6001,6002,6003  # tcp    6000 6001 6002 6003
irc = 6666,6667,6668,6669  # tcp    6666 6667 6668 6669
gg = 8074               # tcp    8074
proxy = 8080               # tcp    8080
rcon = 27015,27960         # udp    27015 27960
ppp = 34827                # special case Wink this is the Net Layer code
TN3270 = 23,992            # tcp    23 992

#
# you can change the colors of the curses GUI.
# here is a list of values:
#  0 Black     4 Blue
#  1 Red       5 Magenta
#  2 Green     6 Cyan
#  3 Yellow    7 White
#
[curses]
color_bg = 0
color_fg = 7
color_join1 = 2
color_join2 = 4
color_border = 7
color_title = 3
color_focus = 6
color_menu_bg = 4
color_menu_fg = 6
color_window_bg = 4
color_window_fg = 7
color_selection_bg = 6
color_selection_fg = 6
color_error_bg = 1
color_error_fg = 3
color_error_border = 3

#
# This section includes all the configurations that needs a string as a
# parmeter such as the redirect command for SSL mitm attack.
#
[strings]

# the default encoding to be used for the UTF-8 visualization
utf8_encoding = "ISO-8859-1"

# the command used by the remote_browser plugin
remote_browser = "xdg-open http://%host%url"


#####################################
#       redir_command_on/off
#####################################
# you must provide a valid script for your operating system in order to have
# the SSL dissection available
# note that the cleanup script is executed without enough privileges (because
# they are dropped on startup). so you have to either: provide a setuid program
# or set the ec_uid to 0, in order to be sure the cleanup script will be
# executed properly
# NOTE: this script is executed with an execve(), so you can't use pipes or
# output redirection as if you were in a shell. We suggest you to make a script if
# you need those commands.

#---------------
#     Linux
#---------------

# if you use ipchains:
   #redir_command_on = "ipchains -A input -i %iface -p tcp -s 0/0 -d 0/0 %port -j REDIRECT %rport"
   #redir_command_off = "ipchains -D input -i %iface -p tcp -s 0/0 -d 0/0 %port -j REDIRECT %rport"

# if you use iptables:
   redir_command_on = "iptables -t nat -A PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"
   redir_command_off = "iptables -t nat -D PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"

#---------------
#    Mac Os X
#---------------

# quick and dirty way:
   #redir_command_on = "ipfw add set %set fwd 127.0.0.1,%rport tcp from any to any %port in via %iface"
   #redir_command_off = "ipfw -q delete set %set"

# a better solution is to use a script that keeps track of the rules interted
# and then deletes them on exit:

 # redir_command_on:
 # ----- cut here -------
 #   #!/bin/sh
 #   if [ -a "/tmp/osx_ipfw_rules" ]; then
 #      ipfw -q add `head -n 1 osx_ipfw_rules` fwd 127.0.0.1,$1 tcp from any to any $2 in via $3
 #   else
 #      ipfw add fwd 127.0.0.1,$1 tcp from any to any $2 in via $3 | cut -d " " -f 1 >> /tmp/osx_ipfw_rules
 #   fi
 # ----- cut here -------

 # redir_command_off:
 # ----- cut here -------
 #   #!/bin/sh
 #   if [ -a "/tmp/osx_ipfw_rules" ]; then
 #      ipfw -q delete `head -n 1 /tmp/osx_ipfw_rules`
 #      rm -f /tmp/osx_ipfw_rules
 #   fi
 # ----- cut here -------


#---------------
#   Open BSD
#---------------

# unfortunately the pfctl command does not accepts direct rules adding
# you have to use a script wich executed the following command:

 # ----- cut here -------
 #   #!/bin/sh
 #   rdr pass on $1 inet proto tcp from any to any port $2 -> localhost port $3 | pfctl -a sslsniff -f -
 # ----- cut here -------
 
# it's important to remember that you need "rdr-anchor sslsniff" in your
# pf.conf in the TRANSLATION section.

   #redir_command_on = "the_script_described_above %iface %port %rport"
   #redir_command_off = "pfctl -a sslsniff -Fn"

# also, if you create a group called "pfusers" and have EC_GID be that group,
# you can do something like:
#     chgrp pfusers /dev/pf
#     chmod g+rw /dev/pf
# such that all users in "pfusers" can run pfctl commands; thus allowing non-root
# execution of redir commands.


##########
#  EOF   #
##########
avatar
jamied_uk
Admin

Posts : 2260
Join date : 2010-05-09
Age : 34
Location : UK

http://address-shortner.co.uk

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum