Thema: Auferstehung: Sniffingtool Ettercap wird weitergeführt

[SiLæncer]

Mehr als sechs Jahre nach dem letzten Release 0.73 von Ettercap haben die Entwickler Version 0.74 veröffentlicht. Zwar handelt es sich bei den Änderungen nur um die Beseitigung von kleineren Programmierfehlern. Jedoch allein die Tatsache, dass Ettercap nach so langer Zeit wiederbelebt wird, ist Anlass zur Freude. Passenderweise haben die Entwickler der neuen Version den Beinamen Lazarus gegeben – in Anlehnung an Lazarus von Bethanien, den Jesus laut dem Johannesevangelium von den Toten auferweckt hat.

Das freie Ettercap ist unter Pen-Testern immer noch das Tool der Wahl, wenn es um das Umleiten von Verbindungen in geswitchten LANs über den eigenen Rechner geht. Auch c't benutzt das Tool, um die Sicherheitsversprechen von Herstellern auf die Probe zu stellen und die gesicherte Übertragung von Daten zu untersuchen.

Ettercap kombiniert dazu ARP-Spoofing mit der automatischen Suche nach bestimmten Inhalten in Datenströmen. Daneben kann das Tool für Man-in-the-Middle-Attacken auch SSL-Verbindungen aufbrechen, indem es ein eigenes Zertifikat erzeugt und etwa dem Browser präsentiert. Neben HTTP(S) unterstützt Ettercap POP3, SMTP, IMAP und weitere Protokolle.

Die ursprünglichen Entwickler Alberto Ornaghi (ALoR) und Marco Valleri (NaGA) haben Ettercap nach eigenen Angaben während ihrer Studienzeit entwickelt, danach aber wegen ihres Jobs und Familie keine Zeit mehr gefunden, das Projekt weiterzupflegen. Man habe nun den Staffelstab an Emilio Escobar und Eric Milam (J0hnnyBrav0) weitergegeben. Die hätten bereits eine lange To-Do-Liste mit vielen neuen Funktionen.

Quelle : www.heise.de

[SiLæncer]

0.7.4-Lazarus

   !! fixed resource depletion issue
   !! buffer access out-of-bounds issues
   !! DNS dissector not working on 64bit systems
   !! multiple buffer overflows
   !! multiple memory leaks
   !! multiple files with obsolete code
   !! fixed SEND L3 errors experienced by some users
   !! fixed a compilation error under Mac OS X Lion
   !! updated build system
   (Please see bug track for issue specifics)

http://ettercap.sourceforge.net/

[SiLæncer]

    Bug Fix

        !! Fixed some parsing errors
        !! Fixes to TN3270 dissector and SSL Strip
        !! PostgreSQL dissector: Update output format to reflect release syntax or John the Ripper 1.7.9-Jumbo-8. The old format is still supported, but deprecated.
        !! Fixed memory leak in SSL Strip plugin
        !! Fixed check in invalid ip header
        !! Fixed QoS packets handling (they aren't dropped anymore)
        !! Fix in o5logon Heap Corruption
        !! New and updated OUI file
        !! Some memory leaks fixed
        !! Fixed some bugs in return values and fstat failures handling
        !! Fixed a bug in some password display (didn't get null terminated)
        !! Many fixes in gcc warnings when building
        !! Better cmake module to find curl and libnet
        !! Fixed bug in filters load
        !! Fixes in HTTP and HTTPs protocols
        !! Fixed UI deadlock
        !! Fixes in tcp and http handling (infinite loop and crash)
        !! Better reads in BGP to avoid invalid reads

    New Features

        + New logo
        + Added ascii FQDN support to DHCP ACK
        + Added UA parsing to http packets
        + Added support for IPv4 and IPv6 Tunnels
        + New mDNS dissector
        + Added PPI support (per packet information) for wireless captures
        + Ensure that we find required packages with cmake
        + New clean-all cmake target
        + Print a message when done reading PCAP file

    Removed

        Removed 'u' and 'p' fields from etter.fields file

http://ettercap.github.io/ettercap/

[SiLæncer]

Whats new: >>

Code: [Auswählen]

    Bug Fix
        !! Fixed some problems in fork and execve usage in case of command failure (sslstrip)
        !! Fixed dropping privileges for remote_browser plugin ran as root
        !! Fixed infinite loop when a http GET was issued on the attacker browser, while remote_browser was active
        !! Fixed some "atexit" bad references
        !! Fixed plugin load on text interface, if no number were entered
        !! Fixed problem spotted when ethtool wasn't installed on the machine
        !! Fixed old "ethereal" references
        !! Fixed missing newlines in printf
        !! Switching to ps2pdf as default (from ps2pdf13), it should point to ps2pdf14 on all distros
        !! Fix cmake file, dropped MACPORTS_BASE_DIRECTORY
        !! Fix problem in "stopping attacks" window not properly shown in gtk
        !! Fix problem in wrong pcap file saving
        !! Fix issue in send_udp function
        !! Fix problem in libnet rc detection
        !! Fix restore ip_forward by retrying up to 5 times
        !! Fix socket issues
        !! Fix for hex format display
        !! New send_tcp function, taking payload and length
        !! Fixed memory leak in remote browser plugin
        !! Fixed comparison bug in ec_decode
        !! Fixed UI input for GTK
        !! Fixed some memory leaks
        !! Fixed man pages and AUTHORS file
        !! Fixes in sslstrip plugin
        !! Many etter.dns fixes
        !! Many documentation fixes
        !! A ton of refactors/fixes in Cmake scripts
        !! Fix GTK crash when scanning hosts
        !! Fix build failure on Mac OS X 10.6
        !! Crash fix in target selection
        !! Disabled UID change for remote browser plugin
        !! Fixed remote browser plugin
        !! A ton of fixes in protocols and dissectors (dhcp, http, ppp, mpls)

    New Features
        + New ettercap logo
        + Renamed help menu to "?", to avoid double "H" shortcut
        + New WARN_MSG warning message
        + Added message in DHCP spoofing when no mitm has started
        + New horizontal scrollbar for messages in gtk view
        + Disabled offload warning messages (only in Release mode)
        + New ettercap-pkexec, policy and ettercap.desktop files for launching ettercap -G as a normal user with sudo privileges
        + Automatic host list refresh in GTK GUI after scanning
        + New fraggle plugin attack
        + New fields in etter.fields file
        + Cherry picked debian patches (svg icon)
        + Added content print on http dissector
        + Added support for negative dns replies
        + Creation of (experimental) unit tests
        + Creation of (experimental) libettercap
        + Now you can build just the ettercap library (libettercap) without any GUIs
        + Added travis-ci support
        + DNS spoofing for IPv6 addresses
        + PDF Docs generation is not optional
        + Added SRV query handling to DNS spoof
        + New mDNS spoof plugin
        + New low level decoders
        + New decoder for ip over pppoe
        + Added PPP DLT to interfaces
        + Add experimental Lua support to Ettercap
        + New Bundle libnet and curl
        + Full support for wifi decrypting (wep and wpa)

    Removed
        - Disabled update feature (not working anymore and not secure)
        - Deprecated napster dissector
http://ettercap.github.io/ettercap/

[SiLæncer]

Changelog

Bug Fix:

Fixed some openssl deprecated functions usage
Fixed log file ownership
Fixed mixed output print
Fixed drop_privs function usage
Fixed nopromisc option usage.
Fixed missing break in parser code.
Improved redirect commands
Fix truncated VLAN packet headers
Fix ettercap.rc file (windows only)
Various cmake fixes
A ton of BSD bug fixes
Simplify macosx cmake files
Fix incorrect sequence number after TCP injection
Fix pcap length, and aligment problems with libpcap
Bug fixes and gtk code refactor (gtk box wrapper)
Fix some ipv6 send issues
Fixed sleep time on Windows (high CPU usage)
Fixed many CVE vulnerabilities (some of them already fixed in 0.8.1)
CVE-2014-6395 (Length Parameter Inconsistency)
CVE-2014-6396 (Arbitrary write)
CVE-2014-9376 (Negative index/underflow)
CVE-2014-9377 (Heap overflow)
CVE-2014-9378 (Unchecked return value)
CVE-2014-9379 (Incorrect cast)
CVE-2014-9380 (Buffer over-read)
CVE-2014-9381 (Signedness error)

New Features:

Updated etter.finger.mac
Add TXT and ANY query support on dns_spoof
New macosx travis-ci build!
Enable again PDF generation

Removed:

Remove gprof support

[close]

http://ettercap.github.io/ettercap/

[SiLæncer]

Changelog

    Bug Fix

        !! Fix binary comparsion and assignment in etterfilter
        !! Fixed packetbuffer racecond. in BRIDGE mode (e.g. Message too long)
        !! Non-aligned filters are no longer supported (recompilation with etterfilter required)
        !! Fixed sslstrip plugin startup issue due to regex compilation error
        !! Fixed lots of build warnings
        !! Proper separation of library and executable code
        !! Fixed heap-buffer-overflow in write_output in etterfilter
        !! ip_addr sanity check when etterlog processes info logfile
        !! CVE-2017-8366 (Lots of buffer under-/overflow conditions fixed)
        !! CVE-2017-6430 (Fix invalid read on crafted file in etterfilter)
        !! fix dns_spoof plugin when used in bridge mode

    New Features

        + SSL redirects are now customizable at runtime
        + GeoIP detection / support using CMake
        + Rework of GTK3 UI - modern GNOME3 look
        + New Kerberos 5 downgrade plugin
        + GTK3 is the new default GTK_BUILD_TYPE
        + OSPF dissector supports more authentication methods in hash-cracker friendly format
        + Rework of Oracle O5LOGON dissector
        + Multi-threaded name resolution
        + Updated etter.finger.mac

    Removed

        - GTK2 phase out initialized
        - Usage of deprecated inet_aton replaced with current successor functions

[close]

http://ettercap.github.io/ettercap/

[SiLæncer]

Changelog

    Fix SSL protocol failure with older TLS client/server versions (min. TLS1.0)
    Fix blackholing SSL packets when specific redirection is used
    Fix TLS 1.3 interception issues (replace fake certificate with proper key length)
    Fix segmentation fault when parsing HTTP NTLM handshake (fixes #922)
    Fix crash if one redirect command is not enabled
    Fix build on MacOSX detecting new dependency HarfBuzz
    Fix warnings when parsing etter.(m)dns file when built w/o IPv6 support
    Fix capture delay with libpcap v1.9.1 (fixes #974)
    Fix segmentation fault when etterlog concatinate files
    Fix compiling with GCC version / defaulting to -fno-common
    Fix bad UDP length for packets changed with replace()
    Fix passing --lua-args arguments to LUA scripts
    Fix MSVC build when macro ORDER_ADD_{SHORT,LONG} is being used
    Fix references to old sourceforce.org website in the code and documentation
    Fix fingerprint_submit (still missing its server counterpart)
    Take over client-side SNI extension in ClientHello in SSL interception (req. OpenSSL 1.1.1)
    Take over SAN certificate extension from server certificate in SSL interception
    Use server certificate sign algorithm to sign fake certificate defaulting to SHA256
    CLI provided plugins are now also autostarted in graphical UI
    Added --plugin-list CLI parameter
    New execreplace etterfilter command
    Update bundled OUI mac addresses
    Update LuaJIT from 2.0.4 to 2.0.5
    Update libnet from 1.1.6 to 1.2
    Update check from 0.10.0 to 0.15.0
    Update curl from 7.44.0 to 7.71.1
    Separate etter.dns and etter.mdns examples in dedicated examples file
    Remove source IP specification from customizable SSL redirects
    Remove of deprecated redirect commands from etter.conf
    Remove Easter Egg (Sorry ALoR and NaGA)

[close]

http://ettercap.github.io/ettercap/