############################################################################ # # # ettercap -- etter.conf -- configuration file # # # # Copyright (C) ALoR & NaGA # # # # This program is free software; you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # # the Free Software Foundation; either version 2 of the License, or # # (at your option) any later version. # # # # # ############################################################################ [privs] ec_uid = 65534 # nobody is the default ec_gid = 65534 # nobody is the default [mitm] arp_storm_delay = 10 # seconds arp_poison_warm_up = 1 # seconds arp_poison_delay = 10 # seconds arp_poison_icmp = 1 # boolean arp_poison_reply = 1 # boolean arp_poison_request = 0 # boolean arp_poison_equal_mac = 1 # boolean dhcp_lease_time = 1800 # seconds port_steal_delay = 10 # seconds port_steal_send_delay = 2000 # microseconds [connections] connection_timeout = 300 # seconds connection_idle = 5 # seconds connection_buffer = 10000 # bytes connect_timeout = 5 # seconds [stats] sampling_rate = 50 # number of packets [misc] close_on_eof = 1 # boolean value store_profiles = 1 # 0 = disabled; 1 = all; 2 = local; 3 = remote aggressive_dissectors = 1 # boolean value skip_forwarded_pcks = 1 # boolean value checksum_check = 0 # boolean value submit_fingerprint = 0 # boolean valid (set if you want ettercap to submit unknown finger prints) checksum_warning = 0 # boolean value (valid only if checksum_check is 1) ############################################################################ # # You can specify what DISSECTORS are to be enabled or not... # # e.g.: ftp = 21 enabled on port 21 (tcp is implicit) # ftp = 2345 enabled on non standard port # ftp = 21,453 enabled on port 21 and 453 # ftp = 0 disabled # # NOTE: some dissectors have multiple default ports, if you specify a new # one, all the default ports will be overwritten # # #dissector default port [dissectors] ftp = 21 # tcp 21 ssh = 22 # tcp 22 telnet = 23 # tcp 23 smtp = 25 # tcp 25 dns = 53 # udp 53 dhcp = 67 # udp 68 http = 80 # tcp 80 ospf = 89 # ip 89 (IPPROTO 0x59) pop3 = 110 # tcp 110 #portmap = 111 # tcp / udp vrrp = 112 # ip 112 (IPPROTO 0x70) nntp = 119 # tcp 119 smb = 139,445 # tcp 139 445 imap = 143,220 # tcp 143 220 snmp = 161 # udp 161 bgp = 179 # tcp 179 ldap = 389 # tcp 389 https = 443 # tcp 443 ssmtp = 465 # tcp 465 rlogin = 512,513 # tcp 512 513 rip = 520 # udp 520 nntps = 563 # tcp 563 ldaps = 636 # tcp 636 telnets = 992 # tcp 992 imaps = 993 # tcp 993 ircs = 994 # tcp 993 pop3s = 995 # tcp 995 socks = 1080 # tcp 1080 radius = 1645,1646 # udp 1645 1646 msn = 1863 # tcp 1863 cvs = 2401 # tcp 2401 mysql = 3306 # tcp 3306 icq = 5190 # tcp 5190 ymsg = 5050 # tcp 5050 mdns = 5353 # udp 5353 vnc = 5900,5901,5902,5903 # tcp 5900 5901 5902 5903 x11 = 6000,6001,6002,6003 # tcp 6000 6001 6002 6003 irc = 6666,6667,6668,6669 # tcp 6666 6667 6668 6669 gg = 8074 # tcp 8074 proxy = 8080 # tcp 8080 rcon = 27015,27960 # udp 27015 27960 ppp = 34827 # special case ;) this is the Net Layer code TN3270 = 23,992 # tcp 23 992 # # you can change the colors of the curses GUI. # here is a list of values: # 0 Black 4 Blue # 1 Red 5 Magenta # 2 Green 6 Cyan # 3 Yellow 7 White # [curses] color_bg = 0 color_fg = 7 color_join1 = 2 color_join2 = 4 color_border = 7 color_title = 3 color_focus = 6 color_menu_bg = 4 color_menu_fg = 6 color_window_bg = 4 color_window_fg = 7 color_selection_bg = 6 color_selection_fg = 6 color_error_bg = 1 color_error_fg = 3 color_error_border = 3 # # This section includes all the configurations that needs a string as a # parmeter such as the redirect command for SSL mitm attack. # [strings] # the default encoding to be used for the UTF-8 visualization utf8_encoding = "ISO-8859-1" # the command used by the remote_browser plugin remote_browser = "xdg-open http://%host%url" ##################################### # redir_command_on/off ##################################### # you must provide a valid script for your operating system in order to have # the SSL dissection available # note that the cleanup script is executed without enough privileges (because # they are dropped on startup). so you have to either: provide a setuid program # or set the ec_uid to 0, in order to be sure the cleanup script will be # executed properly # NOTE: this script is executed with an execve(), so you can't use pipes or # output redirection as if you were in a shell. We suggest you to make a script if # you need those commands. #--------------- # Linux #--------------- # if you use ipchains: #redir_command_on = "ipchains -A input -i %iface -p tcp -s 0/0 -d 0/0 %port -j REDIRECT %rport" #redir_command_off = "ipchains -D input -i %iface -p tcp -s 0/0 -d 0/0 %port -j REDIRECT %rport" # if you use iptables: #redir_command_on = "iptables -t nat -A PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport" #redir_command_off = "iptables -t nat -D PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport" #--------------- # Mac Os X #--------------- # quick and dirty way: #redir_command_on = "ipfw add set %set fwd 127.0.0.1,%rport tcp from any to any %port in via %iface" #redir_command_off = "ipfw -q delete set %set" # a better solution is to use a script that keeps track of the rules interted # and then deletes them on exit: # redir_command_on: # ----- cut here ------- # #!/bin/sh # if [ -a "/tmp/osx_ipfw_rules" ]; then # ipfw -q add `head -n 1 osx_ipfw_rules` fwd 127.0.0.1,$1 tcp from any to any $2 in via $3 # else # ipfw add fwd 127.0.0.1,$1 tcp from any to any $2 in via $3 | cut -d " " -f 1 >> /tmp/osx_ipfw_rules # fi # ----- cut here ------- # redir_command_off: # ----- cut here ------- # #!/bin/sh # if [ -a "/tmp/osx_ipfw_rules" ]; then # ipfw -q delete `head -n 1 /tmp/osx_ipfw_rules` # rm -f /tmp/osx_ipfw_rules # fi # ----- cut here ------- #--------------- # Open BSD #--------------- # unfortunately the pfctl command does not accepts direct rules adding # you have to use a script wich executed the following command: # ----- cut here ------- # #!/bin/sh # rdr pass on $1 inet proto tcp from any to any port $2 -> localhost port $3 | pfctl -a sslsniff -f - # ----- cut here ------- # it's important to remember that you need "rdr-anchor sslsniff" in your # pf.conf in the TRANSLATION section. #redir_command_on = "the_script_described_above %iface %port %rport" #redir_command_off = "pfctl -a sslsniff -Fn" # also, if you create a group called "pfusers" and have EC_GID be that group, # you can do something like: # chgrp pfusers /dev/pf # chmod g+rw /dev/pf # such that all users in "pfusers" can run pfctl commands; thus allowing non-root # execution of redir commands. ########## # EOF # ##########