-
Notifications
You must be signed in to change notification settings - Fork 493
/
CHANGELOG
865 lines (758 loc) · 34.8 KB
/
CHANGELOG
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
Legend:
+ new feature
- old feature removed
!! bug fixed
=========================================
0.8.4-nnnnnnnn YYYYMMDD
!! Fix fingerprint composition
!! Default connection buffer size increased from 10KByte to 10MByte
!! /etc/ettercap is now by default /usr/local/etc/ettercap under MacOSX, FreeBSD and Windows
++ new random etterfilter function
++ superseded legacy GeoIP C API with libmaxminddb C API
0.8.3.1-Bertillon 20200801
!! Fix SSL protocol failure with older TLS client/server versions (min. TLS1.0)
!! Fix blackholing SSL packets when specific redirection is used
!! Fix TLS 1.3 interception issues (replace fake certificate with proper key length)
!! Fix segmentation fault when parsing HTTP NTLM handshake (fixes #922)
!! Fix crash if one redirect command is not enabled
!! Fix build on MacOSX detecting new dependency HarfBuzz
!! Fix warnings when parsing etter.(m)dns file when built w/o IPv6 support
!! Fix capture delay with libpcap v1.9.1 (fixes #974)
!! Fix segmentation fault when etterlog concatinate files
!! Fix compiling with GCC version / defaulting to -fno-common
!! Fix bad UDP length for packets changed with replace()
!! Fix passing --lua-args arguments to LUA scripts
!! Fix MSVC build when macro ORDER_ADD_{SHORT,LONG} is being used
!! Fix references to old sourceforce.org website in the code and documentation
!! Fix fingerprint_submit (still missing its server counterpart)
+ Take over client-side SNI extension in ClientHello in SSL interception (req. OpenSSL 1.1.1)
+ Take over SAN certificate extension from server certificate in SSL interception
+ Use server certificate sign algorithm to sign fake certificate defaulting to SHA256
+ CLI provided plugins are now also autostarted in graphical UI
+ Added --plugin-list CLI parameter
+ New execreplace etterfilter command
+ Update bundled OUI mac addresses
+ Update LuaJIT from 2.0.4 to 2.0.5
+ Update libnet from 1.1.6 to 1.2
+ Update check from 0.10.0 to 0.15.0
+ Update curl from 7.44.0 to 7.71.1
- Separate etter.dns and etter.mdns examples in dedicated examples file
- Remove source IP specification from customizable SSL redirects
- Remove of deprecated redirect commands from etter.conf
- Remove Easter Egg (Sorry ALoR and NaGA)
0.8.3-Bertillon 20190701
!! Fix binary comparison and assignment in etterfilter
!! Fixed packetbuffer racecond. in BRIDGE mode (e.g. Message too long)
!! Non-aligned filters are no longer supported (recompilation with etterfilter required)
!! Fixed sslstrip plugin startup issue due to regex compilation error
!! Fixed lots of build warnings
!! Proper separation of library and executable code
!! Fixed heap-buffer-overflow in write_output in etterfilter
!! ip_addr sanity check when etterlog processes info logfile
!! CVE-2017-8366 (Lots of buffer under-/overflow conditions fixed)
!! CVE-2017-6430 (Fix invalid read on crafted file in etterfilter)
!! fix dns_spoof plugin when used in bridge mode
+ SSL redirects are now customizable at runtime
+ GeoIP detection / support using CMake
+ Rework of GTK3 UI - modern GNOME3 look
+ New Kerberos 5 downgrade plugin
+ GTK3 is the new default GTK_BUILD_TYPE
+ OSPF dissector supports more authentication methods in hash-cracker friendly format
+ Rework of Oracle O5LOGON dissector
+ Multi-threaded name resolution
+ Updated etter.finger.mac
- GTK2 phase out initialized
- Usage of deprecated inet_aton replaced with current successor functions
0.8.2-Ferri 20150314
!! Fixed some openssl deprecated functions usage
!! Fixed log file ownership
!! Fixed mixed output print
!! Fixed drop_privs function usage
!! Fixed nopromisc option usage
!! Fixed missing break in parser code
!! Improved redirect commands
!! Fix truncated VLAN packet headers
!! Fix ettercap.rc file (windows only)
!! Various cmake fixes
!! A ton of BSD bug fixes
!! Simplify macosx cmake files
!! Fix incorrect sequence number after TCP injection
!! Fix pcap length, and alignment problems with libpcap
!! Bug fixes and gtk code refactor (gtk box wrapper)
!! Fix some ipv6 send issues
!! Fixed sleep time on Windows (high CPU usage)
!! Fixed many CVE vulnerabilities (some of them already fixed in 0.8.1)
- CVE-2014-6395 (Length Parameter Inconsistency)
- CVE-2014-6396 (Arbitrary write)
- CVE-2014-9376 (Negative index/underflow)
- CVE-2014-9377 (Heap overflow)
- CVE-2014-9378 (Unchecked return value)
- CVE-2014-9379 (Incorrect cast)
- CVE-2014-9380 (Buffer over-read)
- CVE-2014-9381 (Signedness error)
+ Updated etter.finger.mac
+ Add TXT and ANY query support on dns_spoof
+ New macosx travis-ci build!
+ Enable again PDF generation
- Remove gprof support
0.8.1-Lombroso 20141016
!! Fixed incorrect checksum computation on 64-bit systems
!! Fixed DNS resolution problems
!! Fixed hurd build failure (not specific to hurd but hurd seems the first OS defining ESUCCESS in glibc)
!! Fixed rpath handling
!! Fixed scan host crash with recent kernels
!! Fixed etter{log,filter} library path
!! O5LOGON dissector fixes for stealth mode scans
!! Fix constants to allow full hexadecimal characterset. Useful for filtering on ESP SPIs
!! Fixed some incoherencies in gbls pointers in utils and core
!! Fixed dhcp spoofing automatically start in text ui
!! Many fixes in filter compiler
!! Fixed lua installation path
!! Many ipv6 fixes and improvements
!! Fixed tests build failures
!! Fixed many iconv detection problems
!! Fixed many ctime problems
!! Fixed many dissector ports
!! Fixed timers incoherences
!! Fixed powerpc build failure
!! Fixed uniqueness of our include guards
!! Fixed cmake warnings, by correctly linking our libraries
!! Fixed clean target
!! Fixed COOKIE_PATTERN string
!! A ton of kfreebsd, freebsd, and MacOS fixes and build fixes
!! Fixed with a new "regain_privs" the ip forwarding restore
!! Fixed another scan crash
!! Fixed host list updated (delegated to the main thread)
!! Fixed etter.conf.v6 and etter.conf.v4 installation
!! Fixed (removed) some old code
!! Fixed (removed) some dbus interfaces listed in ettercap
!! Fixed some libraries link issues
!! Fixed various polkit installation directory issues
!! Fixed plugin path issues
!! Fixed bundled libs building order
!! Fixed undefined ips added to the host list (e.g. 0.0.0.0 in dhcp discover)
!! Fixed macosx builds
!! Moved check framework in bundled_libs directory
!! Fixed crash on scan for hosts, by adding a mutex
!! Fixed libettercap.so linking, by removing curses and gtk stuff
!! Fixed ip_add_to_int32 macro
!! Fixed a ton of warnings in gtk, curses and core
!! Fixed some documentation
!! Fixed tests with eglibc >= 2.17
!! Fixed check framework find, with fallback in the bundled
one if not available
!! Fixed bug in etter.finger.mac parsing
!! Fixed ssl checks on cmake, now it is mandatory
!! Fixed scan for hosts progress bar
!! Fixed linux.org ip address on etter.dns conf file
!! Fixed some memory leakages
!! Fixed missing RelWithDebInfo on Cmake
!! Fixed typos
!! Fixed some performance issues in scan for hosts function
!! Fixed race condition when scan progress was canceled
!! Fixed cmake flags passing
!! Fixed IPv6 build
!! Fixed debug messages
+ experimental ESP detection/filtering
+ make etter{log,filter} ipv6 compatible
+ Enabled multithread scan for Curses interface
+ New appdata xml file
+ New experimental GTK3 support!
+ New threaded host resolution!
+ Many build and runtime performances improvements
+ Ettercap builds on windows (MingW) again!
+ New arp "smart" poisoning!
+ New base64 encode and decode functions
+ New execinject etterfilter command
+ New ipv6 hidden scan mode
+ New support for multiple plugins in UI mode
+ New uninstall target
+ Gnu/Hurd support!
+ Automatically refresh plugin list
+ Threading some plugins
+ A new function for self-destruct plugins
+ New INSTALL_EXEDIR cmake option, now you can have "ettercap" and
the other binaries in two different directories!
+ New Null/Loopback decoder!
+ Added automatic irc notifications!
+ Added some debug and fortify-source flags
+ Added some travis builds!
+ Updated etter.finger.mac
+ Added support for parsing RIPv2 and OSPF MD5 authentication packets
+ Updated curl and check bundled libraries
+ updated etter.filter.examples file
+ updated TODO list
+ etterfilter now is IPv6 ready!
+ Documentation updated
+ Man pages updated
+ New nd-poisoning!
+ Increased IPv6 probe delay from 2 seconds to 3
- Removed hex_encode stuff
- Removed ec_pap.c since it was already implemented in ec_ppp.c
- Removed duplicate code, in favour of libettercap usage
0.8.0-Lacassagne 20130921
!! Fixed some problems in fork and execve usage in case of command failure (sslstrip)
!! Fixed dropping privileges for remote_browser plugin ran as root
!! Fixed infinite loop when a http GET was issued on the attacker browser, while remote_browser was active
!! Fixed some "atexit" bad references
!! Fixed plugin load on text interface, if no number were entered
!! Fixed problem spotted when ethtool wasn't installed on the machine
!! Fixed old "ethereal" references
!! Fixed missing newlines in printf
!! Switching to ps2pdf as default (from ps2pdf13), it should point to ps2pdf14 on all distros
!! Fix cmake file, dropped MACPORTS_BASE_DIRECTORY
!! Fix problem in "stopping attacks" window not properly shown in gtk
!! Fix problem in wrong pcap file saving
!! Fix issue in send_udp function
!! Fix problem in libnet rc detection
!! Fix restore ip_forward by retrying up to 5 times
!! Fix socket issues
!! Fix for hex format display
!! New send_tcp function, taking payload and length
!! Fixed memory leak in remote browser plugin
!! Fixed comparison bug in ec_decode
!! Fixed UI input for GTK
!! Fixed some memory leaks
!! Fixed man pages and AUTHORS file
!! Fixes in sslstrip plugin
!! Many etter.dns fixes
!! Many documentation fixes
!! A ton of refactors/fixes in Cmake scripts
!! Fix GTK crash when scanning hosts
!! Fix build failure on Mac OS X 10.6
!! Crash fix in target selection
!! Disabled UID change for remote browser plugin
!! Fixed remote browser plugin
!! A ton of fixes in protocols and dissectors (dhcp, http, ppp, mpls)
+ New ettercap logo
+ Renamed help menu to "?", to avoid double "H" shortcut
+ New WARN_MSG warning message
+ Added message in DHCP spoofing when no mitm has started
+ New horizontal scrollbar for messages in gtk view
+ Disabled offload warning messages (only in Release mode)
+ New ettercap-pkexec, policy and ettercap.desktop files for launching ettercap -G as a normal user with sudo privileges
+ Automatic host list refresh in GTK GUI after scanning
+ New fraggle plugin attack
+ New fields in etter.fields file
+ Cherry picked debian patches (svg icon)
+ Added content print on http dissector
+ Added support for negative dns replies
+ Creation of (experimental) unit tests
+ Creation of (experimental) libettercap
+ Now you can build just the ettercap library (libettercap) without any GUIs
+ Added travis-ci support
+ DNS spoofing for IPv6 addresses
+ PDF Docs generation is not optional
+ Added SRV query handling to DNS spoof
+ New mDNS spoof plugin
+ New low level decoders
+ New decoder for ip over pppoe
+ Added PPP DLT to interfaces
+ Add experimental Lua support to Ettercap
+ New Bundle libnet and curl
+ Full support for wifi decrypting (wep and wpa)
- Disabled update feature (not working anymore and not secure)
- Deprecated napster dissector
0.7.6-Locard 20130327
!! Fixed some parsing errors
!! Fixes to TN3270 dissector and SSL Strip
!! PostgreSQL dissector: Update output format to reflect release syntax
for John the Ripper 1.7.9-Jumbo-8. The old format is still supported,
but deprecated.
!! Fixed memory leak in SSL Strip plugin
!! Fixed check in invalid ip header
!! Fixed QoS packets handling (they aren't dropped anymore)
!! Fix in o5logon Heap Corruption
!! New and updated OUI file
!! Some memory leaks fixed
!! Fixed some bugs in return values and fstat failures handling
!! Fixed a bug in some password display (didn't get null terminated)
!! Many fixes in gcc warnings when building
!! Better cmake module to find curl and libnet
!! Fixed bug in filters load
!! Fixes in HTTP and HTTPs protocols
!! Fixed UI deadlock
!! Fixes in tcp and http handling (infinite loop and crash)
!! Better reads in BGP to avoid invalid reads
+ New logo
+ Added ascii FQDN support to DHCP ACK
+ Added UA parsing to http packets
+ Added support for IPv4 and IPv6 Tunnels
+ New mDNS dissector
+ Added PPI support (per packet information) for wireless captures
+ Ensure that we find required packages with cmake
+ New clean-all cmake target
+ Print a message when done reading PCAP file
- Removed 'u' and 'p' fields from etter.fields
0.7.5.3-Assimilation 20130201
!! Fixed ncurses host scan crash (already fixed in 0.7.5.2)
!! Fixed ppp connection crash (already fixed in 0.7.5.2)
!! Fixed only MiTM mode selecting text interface
+ Changed to version 0.7.5.3 to help distributions.
0.7.5.2-Assimilation 20130129
!! applied patch to fix CVE-2012-0722
!! fixed username detection in TN3270 dissector
+ Added new private-key and certificate-file options for SSL MiTM
+ Fix for crash in ncurses multiple scan for host mode
+ Fix for crash in ppp0 connections
0.7.5.1-Assimilation 20130103
!! fixed set_blocking() method preventing SSL MiTM from working
!! changed SSLStrip plugin to use PCRE
!! more improvements to SSLStrip plugin
+ Added MySQL 5.x dissector
+ Added O5Logon dissector
+ Added iSCSI CHAP dissector
+ Added TN3270 dissector
+ Added MongoDB dissector
0.7.5-Assimilation 20121015
!! fixed more memory leaks
!! improved GTK GUI
!! changed build system to CMake.
+ Added IPv6 poisoning and capture.
+ Added NBNS spoof plugin.
+ Added SSLStrip Plugin (EXPERIMENTAL)
0.7.4-Lazarus 20111202
!! fixed resource depletion issue
!! buffer access out-of-bounds issues
!! fixed DNS dissector not working on 64bit systems
!! multiple buffer overflows
!! multiple memory leaks
!! multiple files with obsolete code
!! fixed SEND L3 errors experienced by some users
!! fixed a compilation error under Mac OS X Lion
!! updated build system
(Please see bug track for issue specifics)
NG-0.7.4 2005
+ added the radius dissector
+ go into unoffensive mode if libnet initialization fails
!! etterfilter now accepts empty blocks
!! the log files are closed on SIGTERM
!! fixed a compilation error under Mac OS X Tiger
!! fixed an improper handling of wdg_dynlist callback
!! fixed bound checking in some dissectors
NG-0.7.3 20050528
+ added the INC (+=) and DEC (-=) operators to the filter engine
!! fixed the compilation of some plugins
!! fixed a segfault in the isolate plugin
!! fixed a bug in the dhcp spoofing module
!! fixed a serious security bug (a format bug in the curses gui)
NG-0.7.2 20041221
+ the hosts scan can now be canceled by the user (ctrl+q)
+ the netmask for the scan can now be specified within the GUI
+ checksum_check was renamed to checksum_warning
and a new option to prevent the check was introduced
(see the man page etter.conf(5) for details)
+ added the help menu (inline man pages)
+ wins support for the dns_spoof plugin
+ new plugin: repoison_arp
!! do not drop privs under windows (useless)
!! fixed the mmap problem under windows
!! fixed file operation under windows (O_BINARY related)
!! fixed the IRC password collector (\r \n related)
!! fixes the dumping of the profiles to a file (fingerprint not recorded)
!! the remote flag is now reset when the arp poisoning is stopped
!! fixed the ebcdic visualization
!! fixed the autoadd plugin when a target is ANY
NG-0.7.1 20040920
+ added the -s options to issue commands to the gui (useful in scripts)
+ added the -I options to show the list of NICs
+ ported to windows (mingw)
+ added a new plugin: isolate
+ updated os and mac fingerprints
!! fixed compilation of strtok_r under solaris
!! fixed a pthread problem under mac os X
!! fixed the compilation with gcc 3.5.x
!! fixed message box character wrapping (gtk)
NG-0.7.0 20040705
+ implemented a thread safe strtok
+ prepared the source for a smooth mingw porting
!! fixed numeric sorting in gtk interface
!! autoadd plugin does not add the local address
!! dump profiles to file now dumps even host without any open port
!! fixed compilation under freebsd 4.9
NG-0.7.0_rc1 20040614
+ WEP decryption for WiFi packets
+ support for prism2 headers
+ added the -I search option in etterlog
+ you can now apply filters on pcapfiles and dump the results
+ you can now specify an alternative config file with -a
!! log to file works again
!! fixed a segfault dumping profiles to file
!! fixed a segfault when opening not-readable dirs from the curses GUI
!! fixed uninitialized data that caused segfault in the dhcp dissector
!! etterlog -c respect the -f specification
!! fixed some problems with non blocking ssl sockets
!! "should be checksum" is now correct
NG-0.7.0_pre2 20040517
+ added support for UTF-8 strings
+ telnet collector enhancements (catches cisco login)
+ added new plugins:
+ find_ettercap
+ autoadd
+ the live connections list can be purged by the user
+ SSL support for the following dissector:
+ imaps
+ ircs
+ ldaps
+ nntps
+ pop3s
+ ssmtp
+ telnets
+ support for vlan tagging (802.1q header)
+ support for rawip file dumps
+ multiple selections in the GTK ui for targets and hosts
+ wifi enhancements
!! fixed the $prefix issue in the configure
!! fixed a linking problem against openssl
!! some fixes in the man pages
!! compiles against old openssl 0.9.6x
!! better error handling on file creation failure
!! fingerprint submissions works again
!! fixed the configure checks for libpcap and libnet
!! ec[ip] files are now platform independent
!! fixed the "etter.ssl.crt not found" bug
!! the arp_cop plugin now does not report the ettercap poisoning
!! the filters are respected even logging to a eci file
!! profiles in the eci file are not duplicated if arp poisoning
NG-0.7.0_pre1 20040415
+ rewrite from scratch (the code is now cleaner and well commented)
+ it now requires libpcap and libnet
+ support for unconfigured network interfaces
+ automake and libtool are now used for the configuration process
+ etterlog utility for logfiles parsing
+ etterfilter utility to compile advanced content filters
+ root privs dropped after initialization
+ big endian arch support (sparc64)
+ layer 3 routing (forwarding packets)
+ new media support for:
+ wifi
+ token ring
+ fddi
+ ppp
+ linux cooked interfaces
+ unified sniffing (you can use external hijacker)
+ new MITM methods:
+ advanced ARP poisoning engine (with many-to-many support)
+ ICMP redirect
+ DCHP spoofing
+ port stealing
+ multiple target selection
+ pcap filter on capture
+ regex packet matching
+ hook points per packet type (TCP, UDP... )
+ quiet mode (don't print packet content)
+ enhanced passive open port discoverer
+ randomized ARP scan
+ cached dns resolution (increase speed and stealth)
+ enhanced statistics on ettercap performances
+ extended headers for every packet
+ passive DNS answer caching
+ global conf file always loaded to tweak internal variables
+ etter.conf supports dissectors on multiple ports
+ possibility to sniff on loopback
+ autoupdate from website for passive databases
+ non root users can use ettercap to read from files
+ unoffensive mode (doesn't forward packets)
+ user messages can be logged
+ dissector enhancements in:
+ POP (APOP and AUTH LOGIN/PLAIN support)
+ X11 (banner discovery)
+ TELNET (collect even failed attempts)
+ SNMP fixes
+ MySQL fixes
+ HalfLife and Quake3 were unified
+ SMB
+ SSH (blowfish support)
+ SSL (totally reworked, runs on all platforms)
+ HTTP has gained performance overhaul
+ ...many others
+ new dissectors:
+ SMTP
+ CVS
+ OSPF, VRRP
+ plugins were unified, no more distinctions between standalone and hooking
+ new plugins:
+ finger (SYN+ACK fingerprinting on remote hosts)
+ smb_clear, smb_down (attacks against the SMB protocol)
+ curses interface improvements:
+ resizable under X11
+ mouse event are supported
+ customizable colors
+ completely new menu-driven interface
+ totally redesigned GTK+ interface
+ you can filter data with a visualization regexp
+ profiles can be dumped to a file
+ A lot of new bugs^H^H^H^H random features to be discovered ;)
!! offline sniffing actually does not bind to any NICs
- packet factory was removed
- some plugins were not ported
+++ too many other improvements to be listed here +++
0.6.b 20030710
+ Plugins now works with GTK+ interface
+ Updated the passive OS fingerprint database (1279 records)
!! Fixed internal refreshing (for huge traffic loads)
!! Fixed wifi-dump support
!! Fixed doppelganger re-arp
!! Fixed a problem with signed char under mac G3
!! Fixed some possible buffer overflows
0.6.a 20030505
+ Buffered Data Connections (only for ncurses)
+ New Sniffing method (Port Stealing)
+ Updated the passive OS fingerprint database (1189 records)
+ enhanced smb dissector
+ enhanced troll plugin against request caching
+ NEW PLUGIN: Confusion,Hunter, SMB suite
+ partial wifi-dump support (experimental)
!! Fixed demonization problem
!! Fixed StateMachine problem
!! a bouch of bug fix
0.6.9 20030125
+ GTK+ 2.0 interface (experimental) (--enable-devel)
+ Windows Plugins porting
+ Updated the passive OS fingerprint database (1093 records)
+ Dissector Proxy 8080
+ NTLM auth
+ Enhanced poisoning method (solaris issue)
+ NEW PLUGIN: troll, PPTP suite
+ text and ebcdic view from command line
+ lc-convert utility (share dir)
!! Fixed a LIBS problem under MacOSX (-lpoll)
!! Fixed the VNC dissector
!! A bouch of bug fix (too many to list here)
0.6.7 20020702
+ Updated the passive OS fingerprint database (853 records)
!! Fixed the strlcpy bug in the the telnet dissector (oops alor mistake)
!! Fixed a possible sigfault in the rlogin dissector
!! Fixed the exit_func for Mac OS X
0.6.6.6 20020603
+ Solaris porting
+ Sparc architecture support even for all other OSes
+ Windows 9X porting
+ Increased the speed of arp storm under windows
+ Added the ability to bind a port on which ettercap forwards the sniffed traffic
+ The -H option now supports range ip
+ NEW PLUGIN: lamia (become root of a switches spanning tree)
+ Updated the passive OS fingerprint database (825 records)
!! Fixed the pthread_join problem under MacOSX
!! Fixed the -w options (openssl path related bug)
!! Fixed the conflicting options -Y and -a
!! Fixed the FindIface function under BSD
0.6.5 20020423
+ Windows (CYGWIN) porting
+ Dumping to and sniffing from tcpdump file format is now supported
+ Sniffing from command line now capture UDP+TCP packet by default
+ Logging engine doesn't log the same user/pass/ip twice
+ Under *BSD and MacOSX ettercap now uses only one bpf
+ Added the -J options (onlyposion) to allow multitarget arp sniffing
+ NEW PLUGIN :
- roper (Tries to stop ISAKMP for IPSEC traffic)
+ NEW password collector for: QUAKE 3, ICQ v7, MSN, YMSG
+ DISSECTORS enhanced: HTTPS - IMAP - NAPSTER (opennap) - IRC
+ PLUGIN enhanced:
- leech (now it rearps the victim after isolation)
+ DOCUMENTATION translated in Polish and Dutch
!! Better handling of CTRL+C
!! Fixed a bug the the dlsym on OpenBSD 3.0 (plugin related)
!! Fixed a bug in the handling of debug file
!! Fixed the "not scrolling" JOINED visualization
0.6.4 20020212
+ You can sniff traffic from a remote cisco router
and make mitm attacks on it using GRE tunnels.
+ Added some bits for the passive OS fingerprint database.
Now even the length of the packet make sense.
+ The sniffing interface now supports JOINED view
+ NEW PLUGIN :
- thief (dumps all files from HTTP)
- zaratan (redirect GRE tunnels)
+ ICQ dissector now searches for passwords on all ports
+ Updated the passive OS fingerprint database (675 records)
+ Changed arg 2 of Plugin_HookPoint for PCK_RECEIVED_RAW
!! Under OpenBSD the pflog interface is ignored
!! Fixed the DATA_PATH issue in the phantom plugin
!! Fixed an unsigned short in state_machine
!! Fixed some plugins that don't recognize the 'yes' answer
!! Fixed the plugins symbol problem on Mac OS X (strip -x)
!! Fixed the possibility of remote exploitation on interface with MTU > 1500
0.6.3.1 20011213
!! Fixed the truncation of passwords in some dissectors
!! Fixed the -undefined error problem for Mac OS X (darwin 1.4.x / 5.1)
0.6.3 20011212
+ Grell dissector (HTTPS) now handles proxy auth
+ Grell dissector (HTTPS) now correctly handles SSL & TLS
+ Better connection status handling
+ Updated the passive OS fingerprint database (530 records)
- Removed the --enable-suid option, so it is clear that ettercap is only for root
!! Fixed a bug that implied to send on the net every packet sniffed from it (introduced in ettercap 0.6.2)
!! Fixed the ENOBUFS error on BSD
!! Fixed a bug for the compilation with --disable-plugins
!! Fixed a bug for the compilation on Mac OS X without dlcompat libs
!! Fixed the configure script to handle the -bundle_loader option under Mac OS X
!! Fixed the command line format bug exploit (`ettercap %x%x%x%x%x`) !!
!! Fixed many security threats in the code
0.6.2 20011112
+ Ettercap is now a multi-thread single process.
+ The connection handling engine was enhanced and sped up
+ Now filtered (replaced) data can exceed the MTU
+ Completely new plugin conception (hooking plugin)
+ Better handling for unknown passive fingerprints
+ Possibility to load/save the hosts list from/to a file (-j -k options)
- the -k (newcert) options was renamed to -w
+ Updated the passive OS fingerprint database (501 records)
+ Updated the active OS fingerprint database (2001/10/14)
+ New 'TEXT only' view on sniffed data
+ NEW password collector for: HALF LIFE, NFS, SNMP, LDAP
+ ENHANCEMENT in the password collector for: MySQL
+ NEW PLUGIN : dwarf (logs all POP and SMTP activity)
!! Fixed a bug when recognizing HUB or SWITCH
!! Fixed a bug in the banshee plugin
!! Fixed a bug in the filtering engine from command line
!! Fixed a sigfault in the HTTP dissector
!! Plugins are now installed in {prefix}/lib/ettercap, not in share/ettercap
!! ettercap is now installed in the more appropriate {prefix}/sbin/
!! now the configure script doesn't require root privileges to run
!! configure now handles correctly the --datadir=DIR and --libdir=DIR directive.
0.6.0 20010917
+ Passive scanning of the LAN
+ Plugins ported to Mac OS X (darwin)
+ Doppelganger now uses the new REQUEST ARP POISON (see readme)
+ Grell (HTTPS) now supports virtual hosts
+ The Logging engine for the simple mode was rewritten from scratch
+ Now MAC sniffing can have only one parameter
+ Updated the active OS fingerprint database
+ Updated the MAC fingerprint database
+ NEW PLUGIN : beholder and basilisk
+ PLUGIN enhanced: imp and triton
!! configure script tuned up. now it compiles missing libs only if needed
!! Fixed a bug preventing SSL sniffing
!! Fixed a problem in illithid related to the smart arp sniffing
!! Fixed a compilation problem for FreeBSD 4.0 (getifaddrs related)
!! Fixed a compilation problem for MacOsX (termios related)
!! Fixed a ioctl() problem in phantom plugin on *BSD and MacOsX
0.5.4 20010726
+ Porting for Mac Os X (darwin 1.3.x)
+ Reverse IP matching (-R option)
+ Spoofing of the source ip on start up
+ Customizable delay between arp request on startup
+ Added the Inet_CloseRawSock API (for debugging purpose)
+ Better handling of SIGSEGV and SIGBUS (for debugging purpose)
+ Updated the OS fingerprint database
+ ENHANCEMENT in the password collector for: IRC
+ PLUGIN enhanced: triton
+ NEW PLUGIN : arpcop, phantom, imp
!! Fixed the "make_label" compilation problem
!! Fixed a sigfault on OS fingerprinting
!! Fixed ip_forwarding restoring bug
!! Fixed some ncurses visualization errors
0.5.2 20010707
+ Plugins ported to OpenBSD
+ Porting for NetBSD 1.5
+ Added FreeBSD 4 support for source MAC address spoofing
+ Illithid (the sniffer engine) totally rewritten and tuned up
+ Doppelganger (the arp poisoner) totally rewritten and tuned up
+ New programmable filtering engine (see README for details)
+ Filter can be used in command line mode (-F option)
+ Possibility to scan only chosen IPs (-H option)
+ Possibility to select the delay between arp replies (-D option)
+ Checking for the latest ettercap version (-v option)
+ More accurate and faster start up host scanning
+ Connection killing method enhanced
+ New and more detailed man pages
+ ENHANCEMENT in the password collector for: HTTP (<form> parsing)
+ NEW PLUGIN : spectre, triton
!! Fixed the interface shutdown bug... yeah !
!! Fixed "can't find grell_ssl.crt" error message in the rpm version.
0.5.0 20010611
+ Full-duplex HTTPS man-in-the-middle support
+ Support for HTTPS through a proxy
+ SSH sniffing even from command line
+ Enable/Disable dissectors via conf file
+ Public ARP in simple mode
+ Smart Public arp (all but the target)
+ Dump of the pass to a file from interactive mode
+ Packet Factory enhancement (now the payload can be loaded from a file)
+ The newest config.guess and config.sub are now included
+ Updated the OS fingerprint database (2001/06/04 09:40:50 fyodor)
+ NEW password collector for: HTTPS, PROXYHTTPS
+ ENHANCEMENT in the password collector for: SMB, HTTP, MySQL
+ FIXED password collector for: IRC
+ DOCUMENTATION translated in : French, Italian
! Fixed many many bug... but some still persist... ;)
0.4.3 20010511
+ Added a Protocol State Machine for dissectors
+ Added the rule "Log" to the filtering form
+ Packet Factory (create and send packets on the fly)
+ Configuration file
+ Code cleanup !!
+ Plugins can be launched from connection list
+ NEW plugin : banshee
+ ENHANCEMENT in the password collector for: SOCKS 5, IMAP, VNC, SMB, MySQL
+ FIXED password collector for: SOCKS 5
0.4.2 20010429
+ You can specify the IP "ANY"
+ Logging all data to specific file(s)
+ Added the "demonization" feature (--quiet)
+ Packet filtering/dropping/search/replace
+ Improved the user/password hunting in datadecode module
+ Tuning of Doppelganger poison/rearp
+ NEW plugin : lurker
+ NEW password collector for: NNTP, X11, NAPSTER, IRC, RIP, BGP, SOCKS 5, IMAP 4, VNC
+ ENHANCEMENT in the password collector for: POP, SMB, MySQL
! fixed a bug in the fingerprint for *BSD
! fixed the handling of eth aliases
! fixed the activation/deactivation of Active Dissectors
0.4.0 20010409
+ Full duplex SSH man-in-the-middle support !!
+ new startup mode (--broadping -b).
+ new sniffing method (PublicARP)
+ Injector now supports escape sequences
+ netmask switch added
+ added support for getopt_long even on *BSD
+ NEW password collector for : SSH1, SMB, RLOGIN, HTTP, ICQ, MySQL
! fixed the "sendto() 1518 byte" bug
0.3.1 20010323
! fixed a nasty bug sniffing/sending big packets
! fixed telnet dissector
0.3.0 20010319
+ Ported on OpenBSD 2.7
+ UDP support
+ OS Fingerprint
+ Network Adapter Fingerprint
+ Password collector for: FTP, POP, TELNET
+ Injection interface redesigned
+ Possibility to check if you are in a switched lan or not.
! various bugfix
0.2.4 20010309
+ Ported on FreeBSD 4.x
+ Plugin version control
+ Added -x option for hex mode in command line
- Removed -1 and -2 options (better getopt parsing)
+ Ability to sniff in all direction (no more two hosts limit)
+ Silent mode (--silent or -z) (no arp storm on start up)
0.2.1 20010223
+ Scrolling window for plugin output
+ detailed packets view in hex mode (SEQ, ACK and FLAGS)
+ identification of connections type (FTP, telnet, ecc)
+ ability to kill a connection from connection list
! sigfault when no plugin found and press return
0.2.0 20010219
+ Plug-In support
+ Inet module totally rewritten and redesigned.
+ Downported to 2.0.x Linux Kernels (EXPERIMENTAL)
+ Added support for glibc 2.0.x 2.1.x 2.2.x
+ Scroll back in sniffing window (*very* *very* useful !!)
! after injection the connections are cleanly RSTted
0.1.1 20010209
+ detect if there is another man-in-the-middle in the LAN
+ full telnet injection support
! ettercap defaults to the first up and running iface
! removed possible sigfault making host list
! now works with openwall
! various bugfixing
0.1.0.beta 20010125
* Initial public release...
+ Easy to use ncurses interface
+ Command line mode (without ncurses)
+ IP based sniffing (old style sniffing)
+ MAC based sniffing (for traffic between hosts and gateways)
+ ARP based sniffing (with arp poisoning for switched lan)
+ Characters injection in an established connection