############################################################################
# #
# ettercap -- etter.conf -- configuration file #
# #
# Copyright (C) ALoR & NaGA #
# #
# This program is free software; you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# the Free Software Foundation; either version 2 of the License, or #
# (at your option) any later version. #
# #
# #
############################################################################
[privs]
ec_uid = 65534 # nobody is the default
ec_gid = 65534 # nobody is the default
[mitm]
arp_storm_delay = 10 # milliseconds
arp_poison_smart = 0 # boolean
arp_poison_warm_up = 1 # seconds
arp_poison_delay = 10 # seconds
arp_poison_icmp = 1 # boolean
arp_poison_reply = 1 # boolean
arp_poison_request = 0 # boolean
arp_poison_equal_mac = 1 # boolean
dhcp_lease_time = 1800 # seconds
port_steal_delay = 10 # seconds
port_steal_send_delay = 2000 # microseconds
ndp_poison_warm_up = 1 # seconds
ndp_poison_delay = 5 # seconds
ndp_poison_send_delay = 1500 # microseconds
ndp_poison_icmp = 1 # boolean
ndp_poison_equal_mac = 1 # boolean
icmp6_probe_delay = 3 # seconds
[connections]
connection_timeout = 300 # seconds
connection_idle = 5 # seconds
connection_buffer = 10000 # bytes
connect_timeout = 5 # seconds
[stats]
sampling_rate = 50 # number of packets
[misc]
close_on_eof = 1 # boolean value
store_profiles = 1 # 0 = disabled; 1 = all; 2 = local; 3 = remote
aggressive_dissectors = 1 # boolean value
skip_forwarded_pcks = 1 # boolean value
checksum_check = 0 # boolean value
submit_fingerprint = 0 # boolean valid (set if you want ettercap to submit unknown finger prints)
checksum_warning = 0 # boolean value (valid only if checksum_check is 1)
sniffing_at_startup = 1 # boolean value
############################################################################
#
# You can specify what DISSECTORS are to be enabled or not...
#
# e.g.: ftp = 21 enabled on port 21 (tcp is implicit)
# ftp = 2345 enabled on non standard port
# ftp = 21,453 enabled on port 21 and 453
# ftp = 0 disabled
#
# NOTE: some dissectors have multiple default ports, if you specify a new
# one, all the default ports will be overwritten
#
#
#dissector default port
[dissectors]
ftp = 21 # tcp 21
ssh = 22 # tcp 22
telnet = 23 # tcp 23
smtp = 25 # tcp 25
dns = 53 # udp 53
dhcp = 67 # udp 68
http = 80 # tcp 80
ospf = 89 # ip 89 (IPPROTO 0x59)
pop3 = 110 # tcp 110
#portmap = 111 # tcp / udp
vrrp = 112 # ip 112 (IPPROTO 0x70)
nntp = 119 # tcp 119
smb = 139,445 # tcp 139 445
imap = 143,220 # tcp 143 220
snmp = 161 # udp 161
bgp = 179 # tcp 179
ldap = 389 # tcp 389
https = 443 # tcp 443
ssmtp = 465 # tcp 465
rlogin = 512,513 # tcp 512 513
rip = 520 # udp 520
nntps = 563 # tcp 563
ldaps = 636 # tcp 636
telnets = 992 # tcp 992
imaps = 993 # tcp 993
ircs = 994 # tcp 993
pop3s = 995 # tcp 995
socks = 1080 # tcp 1080
radius = 1645,1646 # udp 1645 1646
msn = 1863 # tcp 1863
cvs = 2401 # tcp 2401
mysql = 3306 # tcp 3306
icq = 5190 # tcp 5190
ymsg = 5050 # tcp 5050
mdns = 5353 # udp 5353
vnc = 5900,5901,5902,5903 # tcp 5900 5901 5902 5903
x11 = 6000,6001,6002,6003 # tcp 6000 6001 6002 6003
irc = 6666,6667,6668,6669 # tcp 6666 6667 6668 6669
gg = 8074 # tcp 8074
proxy = 8080 # tcp 8080
rcon = 27015,27960 # udp 27015 27960
ppp = 34827 # special case ;) this is the Net Layer code
TN3270 = 23,992 # tcp 23 992
#
# you can change the colors of the curses GUI.
# here is a list of values:
# 0 Black 4 Blue
# 1 Red 5 Magenta
# 2 Green 6 Cyan
# 3 Yellow 7 White
#
[curses]
color_bg = 0
color_fg = 7
color_join1 = 2
color_join2 = 4
color_border = 7
color_title = 3
color_focus = 6
color_menu_bg = 4
color_menu_fg = 6
color_window_bg = 4
color_window_fg = 7
color_selection_bg = 6
color_selection_fg = 6
color_error_bg = 1
color_error_fg = 3
color_error_border = 3
#
# This section includes all the configurations that needs a string as a
# parmeter such as the redirect command for SSL mitm attack.
#
[strings]
# the default encoding to be used for the UTF-8 visualization
utf8_encoding = "ISO-8859-1"
# the command used by the remote_browser plugin
remote_browser = "xdg-open http://%host%url"
#####################################
# redir_command_on/off
#####################################
# you must provide a valid script for your operating system in order to have
# the SSL dissection available
# note that the cleanup script is executed without enough privileges (because
# they are dropped on startup). so you have to either: provide a setuid program
# or set the ec_uid to 0, in order to be sure the cleanup script will be
# executed properly
# NOTE: the script must fit into one line with a maximum of 255 characters
#---------------
# Linux
#---------------
# if you use ipchains:
#redir_command_on = "ipchains -A input -i %iface -p tcp -s 0/0 -d 0/0 %port -j REDIRECT %rport"
#redir_command_off = "ipchains -D input -i %iface -p tcp -s 0/0 -d 0/0 %port -j REDIRECT %rport"
# if you use iptables:
#redir_command_on = "iptables -t nat -A PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"
#redir_command_off = "iptables -t nat -D PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"
#---------------
# Mac Os X
#---------------
# quick and dirty way:
#redir_command_on = "ipfw -q add set %set fwd 127.0.0.1,%rport tcp from any to any %port in via %iface"
#redir_command_off = "ipfw -q delete set %set"
# a better solution is to use a script that keeps track of the rules interted
# and then deletes them on exit:
# redir_command_on:
# ----- cut here -------
# #!/bin/sh
# if [ -a "/tmp/osx_ipfw_rules" ]; then
# ipfw -q add `head -n 1 osx_ipfw_rules` fwd 127.0.0.1,$1 tcp from any to any $2 in via $3
# else
# ipfw add fwd 127.0.0.1,$1 tcp from any to any $2 in via $3 | cut -d " " -f 1 >> /tmp/osx_ipfw_rules
# fi
# ----- cut here -------
# redir_command_off:
# ----- cut here -------
# #!/bin/sh
# if [ -a "/tmp/osx_ipfw_rules" ]; then
# ipfw -q delete `head -n 1 /tmp/osx_ipfw_rules`
# rm -f /tmp/osx_ipfw_rules
# fi
# ----- cut here -------
#---------------
# FreeBSD
#---------------
# Before OF can be used, make sure the kernel module has been loaded by
# `kldstat | grep pf.ko`. If the rusult is empty, you can load it by
# `kldload pf.ko` or add 'pf_enable="YES"' to the /etc/rc.conf and reboot.
# Check if the PF status is enabled by
# `pfctl -si | grep Status | awk '{print $2;}'`. If "Disabled", enable it with
# `pfctl -e`.
#redir_command_on = "(pfctl -sn 2> /dev/null; echo 'rdr pass on %iface inet proto tcp from any to any port %port -> localhost port %rport') | pfctl -f - 2> /dev/null"
#redir_command_off = "pfctl -Psn 2> /dev/null | grep -v %port | pfctl -f - 2> /dev/null"
#---------------
# Open BSD
#---------------
# unfortunately the pfctl command does not accepts direct rules adding
# you have to use a script which executed the following command:
# ----- cut here -------
# #!/bin/sh
# rdr pass on $1 inet proto tcp from any to any port $2 -> localhost port $3 | pfctl -a sslsniff -f -
# ----- cut here -------
# it's important to remember that you need "rdr-anchor sslsniff" in your
# pf.conf in the TRANSLATION section.
#redir_command_on = "the_script_described_above %iface %port %rport"
#redir_command_off = "pfctl -a sslsniff -Fn"
# also, if you create a group called "pfusers" and have EC_GID be that group,
# you can do something like:
# chgrp pfusers /dev/pf
# chmod g+rw /dev/pf
# such that all users in "pfusers" can run pfctl commands; thus allowing non-root
# execution of redir commands.
##########
# EOF #
##########
distrib
>
Mageia
>
7
>
i586
>
media
>
core-release
>
by-pkgid
>
f25440540c5443b4e951026808a97d24
>
files
>
2
