Xx_Instroduction
- Ettercap is a man-in-the-middle attack(MITM) tool,kali take this tool,so,use front we are need configuration that configuration file.
-
Ax_Open
- vi /etc/ettercap/etter.conf
-
-
1 ############################################################################ 2 ## 3 # ettercap -- etter.conf -- configuration file # 4 # # 5 # Copyright (C) ALoR & NaGA # 6 # # 7 # This program is free software; you can redistribute it and/or modify # 8 # it under the terms of the GNU General Public License as published by # 9 # the Free Software Foundation; either version 2 of the License, or # 10 # (at your option) any later version. # 11 # # 12 # # 13 ############################################################################ 14 15 [privs] 16 ec_uid = 0 #nobody is the default 17 #haha userid and groupid gaiwei 0 18 ec_gid = 0 # nobody is the default 19 20 [mitm] 21 arp_storm_delay = 10 # milliseconds 22 arp_poison_smart = 0 # boolean 23 arp_poison_warm_up = 1 # seconds 24 arp_poison_delay = 10 # seconds 25 arp_poison_icmp = 1 # boolean 26 arp_poison_reply = 1 # boolean 27 arp_poison_request = 0 # boolean 28 arp_poison_equal_mac = 1 # boolean 29 dhcp_lease_time = 1800 # seconds 30 port_steal_delay = 10 # seconds 31 port_steal_send_delay = 2000 # microseconds 32 ndp_poison_warm_up = 1 # seconds 33 ndp_poison_delay = 5 # seconds 34 ndp_poison_send_delay = 1500 # microseconds 35 ndp_poison_icmp = 1 # boolean 36 ndp_poison_equal_mac = 1 # boolean 37 icmp6_probe_delay = 3 # seconds 38 39 [connections] 40 connection_timeout = 300 # seconds 41 connection_idle = 5 # seconds 42 connection_buffer = 10000 # bytes 43 connect_timeout = 5 # seconds 44 45 [stats] 46 sampling_rate = 50 # number of packets 47 48 [misc] 49 close_on_eof = 1 # boolean value 50 store_profiles = 1 # 0 = disabled; 1 = all; 2 = local; 3 = remote 51 aggressive_dissectors = 1 # boolean value 52 skip_forwarded_pcks = 1 # boolean value 53 checksum_check = 0 # boolean value 54 submit_fingerprint = 0 # boolean valid (set if you want ettercap to submit unknown finger prints) 55 checksum_warning = 0 # boolean value (valid only if checksum_check is 1) 56 sniffing_at_startup = 1 # boolean value 57 58 ############################################################################ 59 # 60 # You can specify what DISSECTORS are to be enabled or not... 61 # 62 # e.g.: ftp = 21 enabled on port 21 (tcp is implicit) 63 # ftp = 2345 enabled on non standard port 64 # ftp = 21,453 enabled on port 21 and 453 65 # ftp = 0 disabled 66 # 67 # NOTE: some dissectors have multiple default ports, if you specify a new 68 # one, all the default ports will be overwritten 69 # 70 # 71 72 #dissector default port 73 74 [dissectors] 75 ftp = 21 # tcp 21 76 ssh = 22 # tcp 22 77 telnet = 23 # tcp 23 78 smtp = 25 # tcp 25 79 dns = 53 # udp 53 80 dhcp = 67 # udp 68 81 http = 80 # tcp 80 82 ospf = 89 # ip 89 (IPPROTO 0x59) 83 pop3 = 110 # tcp 110 84 #portmap = 111 # tcp / udp 85 vrrp = 112 # ip 112 (IPPROTO 0x70) 86 nntp = 119 # tcp 119 87 smb = 139,445 # tcp 139 445 88 imap = 143,220 # tcp 143 220 89 snmp = 161 # udp 161 90 bgp = 179 # tcp 179 91 ldap = 389 # tcp 389 92 https = 443 # tcp 443 93 ssmtp = 465 # tcp 465 94 rlogin = 512,513 # tcp 512 513 95 rip = 520 # udp 520 96 nntps = 563 # tcp 563 97 ldaps = 636 # tcp 636 98 telnets = 992 # tcp 992 99 imaps = 993 # tcp 993 100 ircs = 994 # tcp 993 101 pop3s = 995 # tcp 995 102 socks = 1080 # tcp 1080 103 radius = 1645,1646 # udp 1645 1646 104 msn = 1863 # tcp 1863 105 cvs = 2401 # tcp 2401 106 mysql = 3306 # tcp 3306 107 icq = 5190 # tcp 5190 108 ymsg = 5050 # tcp 5050 109 mdns = 5353 # udp 5353 110 vnc = 5900,5901,5902,5903 # tcp 5900 5901 5902 5903 111 x11 = 6000,6001,6002,6003 # tcp 6000 6001 6002 6003 112 irc = 6666,6667,6668,6669 # tcp 6666 6667 6668 6669 113 gg = 8074 # tcp 8074 114 proxy = 8080 # tcp 8080 115 rcon = 27015,27960 # udp 27015 27960 116 ppp = 34827 # special case ;) this is the Net Layer code 117 TN3270 = 23,992 # tcp 23 992 118 119 # 120 # you can change the colors of the curses GUI. 121 # here is a list of values: 122 # 0 Black 4 Blue 123 # 1 Red 5 Magenta 124 # 2 Green 6 Cyan 125 # 3 Yellow 7 White 126 # 127 [curses] 128 color_bg = 0 129 color_fg = 7 130 color_join1 = 2 131 color_join2 = 4 132 color_border = 7 133 color_title = 3 134 color_focus = 6 135 color_menu_bg = 4 136 color_menu_fg = 6 137 color_window_bg = 4 138 color_window_fg = 7 139 color_selection_bg = 6 140 color_selection_fg = 6 141 color_error_bg = 1 142 color_error_fg = 3 143 color_error_border = 3 144 145 # 146 # This section includes all the configurations that needs a string as a 147 # parmeter such as the redirect command for SSL mitm attack. 148 # 149 [strings] 150 151 # the default encoding to be used for the UTF-8 visualization 152 utf8_encoding = "ISO-8859-1" 153 154 # the command used by the remote_browser plugin 155 remote_browser = "xdg-open http://%host%url" 156 157 158 ##################################### 159 # redir_command_on/off 160 ##################################### 161 # you must provide a valid script for your operating system in order to have 162 # the SSL dissection available 163 # note that the cleanup script is executed without enough privileges (because 164 # they are dropped on startup). so you have to either: provide a setuid program 165 # or set the ec_uid to 0, in order to be sure the cleanup script will be 166 # executed properly 167 # NOTE: the script must fit into one line with a maximum of 255 characters 168 169 #--------------- 170 # Linux 171 #--------------- 172 173 # if you use ipchains: 174 #redir_command_on = "ipchains -A input -i %iface -p tcp -s 0/0 -d 0/0 %port -j REDIRECT %rport" 175 #redir_command_off = "ipchains -D input -i %iface -p tcp -s 0/0 -d 0/0 %port -j REDIRECT %rport" 176 177 # if you use iptables: 178 redir_command_on = "iptables -t nat -A PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport" 179 redir_command_off = "iptables -t nat -D PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport" 180 181 #--------------- 182 # Mac Os X 183 #--------------- 184 185 # quick and dirty way: 186 #redir_command_on = "ipfw -q add set %set fwd 127.0.0.1,%rport tcp from any to any %port in via %iface" 187 #redir_command_off = "ipfw -q delete set %set" 188 189 # a better solution is to use a script that keeps track of the rules interted 190 # and then deletes them on exit: 191 192 # redir_command_on: 193 # ----- cut here ------- 194 # #!/bin/sh 195 # if [ -a "/tmp/osx_ipfw_rules" ]; then 196 # ipfw -q add head -n 1 osx_ipfw_rules fwd 127.0.0.1,1 tcp from any to any2 in via 3 197 # else 198 # ipfw add fwd 127.0.0.1,1 tcp from any to any 2 in via3 | cut -d " " -f 1 >> /tmp/osx_ipfw_rules 199 # fi 200 # ----- cut here ------- 201 202 # redir_command_off: 203 # ----- cut here ------- 204 # #!/bin/sh 205 # if [ -a "/tmp/osx_ipfw_rules" ]; then 206 # ipfw -q delete head -n 1 /tmp/osx_ipfw_rules 207 # rm -f /tmp/osx_ipfw_rules 208 # fi 209 # ----- cut here ------- 210 211 #--------------- 212 # FreeBSD 213 #--------------- 214 215 # Before OF can be used, make sure the kernel module has been loaded by 216 # kldstat | grep pf.ko. If the rusult is empty, you can load it by 217 # kldload pf.ko or add 'pf_enable="YES"' to the /etc/rc.conf and reboot. 218 219 # Check if the PF status is enabled by 220 # pfctl -si | grep Status | awk '{print $2;}'. If "Disabled", enable it with 221 # pfctl -e. 222 223 #redir_command_on = "(pfctl -sn 2> /dev/null; echo 'rdr pass on %iface inet proto tcp from any to any port %port -> localhost port %rport') | pfctl -f - 2> /dev/null" 224 #redir_command_off = "pfctl -Psn 2> /dev/null | grep -v %port | pfctl -f - 2> /dev/null" 225 226 227 #--------------- 228 # Open BSD 229 #--------------- 230 231 # unfortunately the pfctl command does not accepts direct rules adding 232 # you have to use a script which executed the following command: 233 234 # ----- cut here ------- 235 # #!/bin/sh 236 # rdr pass on 1 inet proto tcp from any to any port2 -> localhost port $3 | pfctl -a sslsniff -f - 237 # ----- cut here ------- 238 239 # it's important to remember that you need "rdr-anchor sslsniff" in your 240 # pf.conf in the TRANSLATION section. 241 242 #redir_command_on = "the_script_described_above %iface %port %rport" 243 #redir_command_off = "pfctl -a sslsniff -Fn" 244 245 # also, if you create a group called "pfusers" and have EC_GID be that group, 246 # you can do something like: 247 # chgrp pfusers /dev/pf 248 # chmod g+rw /dev/pf 249 # such that all users in "pfusers" can run pfctl commands; thus allowing non-root 250 # execution of redir commands. 251 252 253 ########## 254 # EOF # 255 ##########</pre>
Bx_Modificati
- Line 16 and line 18 will userid and groupid value instead 0
- Line 178 and line 179 do away with "#" ,in this way can pass iptables firewall function transmit part flow.
-
save,close,and ok