]>
Commit | Line | Data |
---|---|---|
2e13c635 MM |
1 | diff -uNr ettercap-0.6.4.orig/configure.in ettercap-0.6.4/configure.in |
2 | --- ettercap-0.6.4.orig/configure.in Mon Feb 11 22:28:37 2002 | |
3 | +++ ettercap-0.6.4/configure.in Sat Feb 16 16:50:12 2002 | |
4 | @@ -401,14 +401,14 @@ | |
449fed60 MM |
5 | ncurses_warn=0 |
6 | curses_warn=0 | |
7 | ||
8 | - AC_CHECK_HEADERS(ncurses.h,,ncurses_warn=1) | |
9 | + AC_CHECK_HEADERS(ncurses/ncurses.h,,ncurses_warn=1) | |
10 | AC_CHECK_LIB(ncurses,newpad,,ncurses_warn=1) | |
11 | ||
12 | if test $ncurses_warn -ne 1; then | |
13 | AC_DEFINE(HAVE_NCURSES,1) | |
14 | ac_cv_ec_ncurses=yes | |
15 | else | |
16 | - AC_CHECK_HEADERS(curses.h,,curses_warn=1) | |
17 | + AC_CHECK_HEADERS(ncurses/curses.h,,curses_warn=1) | |
18 | AC_CHECK_LIB(curses,newpad,,curses_warn=1) | |
19 | AC_CHECK_LIB(curses,mvwgetnstr,,curses_warn=1) | |
20 | ||
2e13c635 | 21 | @@ -426,7 +426,7 @@ |
449fed60 MM |
22 | form_warn=0 |
23 | ||
24 | if test "$ncurses_warn$curses_warn" = "00"; then | |
25 | - AC_CHECK_HEADERS(form.h,,form_warn=1) | |
26 | + AC_CHECK_HEADERS(ncurses/form.h,,form_warn=1) | |
27 | AC_CHECK_LIB(form,form_win,,form_warn=1) | |
28 | ||
29 | if test $form_warn -ne 1; then | |
2e13c635 | 30 | @@ -458,12 +458,12 @@ |
449fed60 MM |
31 | ac_cv_ec_debug=yes |
32 | ;; | |
33 | no) AC_MSG_RESULT(no.) | |
34 | - CFLAGS="-O3 -funroll-loops -fomit-frame-pointer -Wall" | |
35 | + CFLAGS="${CFLAGS} -funroll-loops -fomit-frame-pointer -Wall" | |
36 | ac_cv_ec_debug=no | |
37 | ;; | |
38 | esac ], | |
39 | AC_MSG_RESULT(no. disabled by default.) | |
40 | - CFLAGS="-O3 -funroll-loops -fomit-frame-pointer -Wall" | |
41 | + CFLAGS="${CFLAGS} -funroll-loops -fomit-frame-pointer -Wall" | |
42 | ac_cv_ec_debug=no | |
43 | ) | |
44 | AC_SUBST(DEBUG) | |
2e13c635 MM |
45 | diff -uNr ettercap-0.6.4.orig/configure.in.orig ettercap-0.6.4/configure.in.orig |
46 | --- ettercap-0.6.4.orig/configure.in.orig Thu Jan 1 01:00:00 1970 | |
47 | +++ ettercap-0.6.4/configure.in.orig Mon Feb 11 22:28:37 2002 | |
48 | @@ -0,0 +1,675 @@ | |
49 | +dnl | |
50 | +dnl ettercap -- configure script | |
51 | +dnl | |
52 | +dnl Copyright (C) 2001 ALoR <alor@users.sourceforge.net>, NaGA <crwm@freemail.it> | |
53 | +dnl | |
54 | +dnl This program is free software; you can redistribute it and/or modify | |
55 | +dnl it under the terms of the GNU General Public License as published by | |
56 | +dnl the Free Software Foundation; either version 2 of the License, or | |
57 | +dnl (at your option) any later version. | |
58 | +dnl | |
59 | +dnl This program is distributed in the hope that it will be useful, | |
60 | +dnl but WITHOUT ANY WARRANTY; without even the implied warranty of | |
61 | +dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
62 | +dnl GNU General Public License for more details. | |
63 | +dnl | |
64 | +dnl You should have received a copy of the GNU General Public License | |
65 | +dnl along with this program; if not, write to the Free Software | |
66 | +dnl Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. | |
67 | +dnl | |
68 | +dnl $Id$ | |
69 | +dnl | |
70 | + | |
71 | +AC_INIT(src/ec_main.c) | |
72 | +AC_CONFIG_HEADER(config.h) | |
73 | + | |
74 | +SB=`./shtool echo -n -e %B` | |
75 | +EB=`./shtool echo -n -e %b` | |
76 | + | |
77 | +AC_SUBST(SB) | |
78 | +AC_SUBST(EB) | |
79 | + | |
80 | +VERSION=`grep VERSION ./src/include/ec_main.h | cut -f2 -d"\""` | |
81 | +AC_SUBST(VERSION) | |
82 | + | |
83 | +PROG=`grep PROGRAM ./src/include/ec_main.h | cut -f2 -d"\""` | |
84 | +AC_SUBST(PROG) | |
85 | + | |
86 | +EC_MESSAGE(Configuring $PROG-$VERSION) | |
87 | + | |
88 | +SERIAL=`date +%Y%m%d` | |
89 | +AC_SUBST(SERIAL) | |
90 | + | |
91 | +RELEASE=1 | |
92 | +AC_SUBST(RELEASE) | |
93 | + | |
94 | +SOURCES=`ls ./src/ec_*.c | awk ' { printf "%s ", $1 } '` | |
95 | +AC_SUBST(SOURCES) | |
96 | + | |
97 | + | |
98 | +dnl ========================================= | |
99 | +dnl Enable Developmen feature or portings | |
100 | +dnl ========================================= | |
101 | + | |
102 | +AC_ARG_ENABLE(devel, [ --enable-devel enable the undeveloped (alpha) features.], | |
103 | +[ case "$enableval" in | |
104 | + yes) | |
105 | + development=1 | |
106 | + ;; | |
107 | + no) | |
108 | + development=0 | |
109 | + ;; | |
110 | +esac ], | |
111 | + development=0 | |
112 | +) | |
113 | + | |
114 | +dnl ================ | |
115 | +dnl Check the OS | |
116 | +dnl ================ | |
117 | + | |
118 | +AC_CANONICAL_SYSTEM | |
119 | +case "$target_os" in | |
120 | +*linux*) | |
121 | + EC_LINUX_KERNEL() | |
122 | + OS=LINUX | |
123 | + OS_OPT= | |
124 | + ;; | |
125 | +*freebsd*) | |
126 | + EC_FREEBSD_VERSION() | |
127 | + OS=FREEBSD | |
128 | + OS_OPT= | |
129 | + ;; | |
130 | +*netbsd*) | |
131 | + OS=NETBSD | |
132 | + OS_OPT= | |
133 | + ;; | |
134 | +*openbsd*) | |
135 | + OS=OPENBSD | |
136 | + OS_OPT= | |
137 | + ;; | |
138 | +*darwin*) | |
139 | + EC_DARWIN_KERNEL() | |
140 | + OS=MACOSX | |
141 | + OS_OPT= | |
142 | + STRIPOPTION="-x" | |
143 | + ;; | |
144 | +*cygwin*) | |
145 | + if test $development -ne 1; then | |
146 | + echo | |
147 | + echo "CYGWIN PORTING IS IN PROGRESS..." | |
148 | + echo "STAY TUNED FOR THE NEXT RELEASE" | |
149 | + echo | |
150 | + echo "you can try to compile and run it" | |
151 | + echo "by configuring with the --enable-devel flag" | |
152 | + echo "TRY AT YOUR OWN RISK" | |
153 | + echo | |
154 | + exit | |
155 | + fi | |
156 | + OS=CYGWIN | |
157 | + OS_OPT= | |
158 | + ;; | |
159 | +*solaris*) | |
160 | + if test $development -ne 1; then | |
161 | + echo | |
162 | + echo "WE ARE VERY VERY SORRY, BUT STILL NO SOLARIS PORT" | |
163 | + echo "WE ARE WORKING ON IT..." | |
164 | + echo "IF YOU WANT TO CONTRIBUTE WITH PORTING:" | |
165 | + echo "run ./configure --enable-devel " | |
166 | + echo "and report bugs" | |
167 | + echo | |
168 | + exit | |
169 | + fi | |
170 | + OS=SOLARIS | |
171 | + OS_OPT= | |
172 | + ;; | |
173 | +*) | |
174 | + echo | |
175 | + echo "NOT A SUPPORTED SYSTEM / OR SYSTEM NOT RECOGNIZED" | |
176 | + echo | |
177 | + cat PORTINGS | |
178 | + echo | |
179 | + exit | |
180 | + ;; | |
181 | +esac | |
182 | + | |
183 | +AC_SUBST(OS) | |
184 | +AC_SUBST(OS_OPT) | |
185 | +AC_SUBST(STRIPOPTION) | |
186 | + | |
187 | +dnl ====================== | |
188 | +dnl Initialize prefix. | |
189 | +dnl ====================== | |
190 | + | |
191 | +AC_PREFIX_DEFAULT(/usr/local) | |
192 | + | |
193 | +if test "$prefix" = "NONE"; then | |
194 | + prefix="/usr/local" | |
195 | +fi | |
196 | + | |
197 | + | |
198 | +dnl ======================== | |
199 | +dnl Check the C compiler | |
200 | +dnl ======================== | |
201 | + | |
202 | +AC_PROG_CC | |
203 | +AC_PROG_INSTALL | |
204 | +AC_PROG_MAKE_SET | |
205 | +AC_PROG_GCC_TRADITIONAL | |
206 | + | |
207 | +dnl ====================== | |
208 | +dnl Machine Endianness | |
209 | +dnl ====================== | |
210 | + | |
211 | +AC_C_BIGENDIAN | |
212 | + | |
213 | +dnl ====================== | |
214 | +dnl OS specific checks | |
215 | +dnl ====================== | |
216 | + | |
217 | + | |
218 | +if test "$OS" = "LINUX"; then | |
219 | + | |
220 | + dnl =========================== | |
221 | + dnl Check for Socket Packet | |
222 | + dnl =========================== | |
223 | + | |
224 | + EC_PF_PACKET() | |
225 | + EC_SOCK_PACKET() | |
226 | + | |
227 | + if test "$ac_cv_ec_nopf" = 1 && test "$ac_cv_ec_nosock" = 1; then | |
228 | + AC_MSG_WARN(*************************************); | |
229 | + AC_MSG_WARN(* You can't create Socket Packet !! *); | |
230 | + AC_MSG_WARN(*************************************); | |
231 | + exit; | |
232 | + fi | |
233 | + | |
234 | + dnl =========================================== | |
235 | + dnl Check for /proc/sys/net/ipv4/ip_forward | |
236 | + dnl =========================================== | |
237 | + | |
238 | + AC_PATH_PROGS(IPFORWARD,ip_forward,no,/proc/sys/net/ipv4) | |
239 | + if test "$IPFORWARD" = no; then | |
240 | + AC_MSG_WARN(*****************************************************************) | |
241 | + AC_MSG_WARN(* /proc/sys/net/ipv4/ip_forward not found !! *) | |
242 | + AC_MSG_WARN(* please disable manually ip_forwarding before running ettercap *) | |
243 | + AC_MSG_WARN(*****************************************************************) | |
244 | + else | |
245 | + AC_DEFINE(HAVE_PROC_FORWARDING) | |
246 | + fi | |
247 | + | |
248 | +fi | |
249 | + | |
250 | + | |
251 | + | |
252 | +if test "$OS" = "FREEBSD" -o "$OS" = "OPENBSD" -o "$OS" = "NETBSD" -o "$OS" = "MACOSX"; then | |
253 | + | |
254 | + AC_MSG_CHECKING(link-layer packet interface) | |
255 | + | |
256 | + if test -r /dev/bpf0 ; then | |
257 | + AC_MSG_RESULT(found bpf) | |
258 | + elif test -c /dev/bpf0 ; then | |
259 | + AC_MSG_RESULT(found bpf) | |
260 | + else | |
261 | + AC_MSG_WARN(*********************************************************); | |
262 | + AC_MSG_WARN(* /dev/bpf0 not found !! please reconfigure your kernel *); | |
263 | + AC_MSG_WARN(*********************************************************); | |
264 | + exit; | |
265 | + fi | |
266 | + | |
267 | +fi | |
268 | + | |
269 | + | |
270 | + | |
271 | +if test "$OS" = "SOLARIS"; then | |
272 | + | |
273 | + AC_CHECK_HEADERS(sys/bufmod.h sys/dlpi_ext.h) | |
274 | + AC_MSG_CHECKING(for /dev/dlpi device) | |
275 | + if test -c /dev/dlpi; then | |
276 | + AC_MSG_RESULT(yes) | |
277 | + AC_DEFINE(HAVE_DEV_DLPI) | |
278 | + else | |
279 | + AC_MSG_RESULT(no) | |
280 | + dir="/dev/dlpi" | |
281 | + AC_MSG_CHECKING(for $dir directory) | |
282 | + if test -d $dir ; then | |
283 | + AC_MSG_RESULT(yes) | |
284 | + AC_DEFINE_UNQUOTED(DLPI_DEV_PREFIX, "$dir") | |
285 | + else | |
286 | + AC_MSG_RESULT(no) | |
287 | + fi | |
288 | + fi | |
289 | + | |
290 | +fi | |
291 | + | |
292 | +if test "$OS" = "CYGWIN"; then | |
293 | + | |
294 | + AC_MSG_CHECKING(for WinPcap developer's pack) | |
295 | + AC_ARG_WITH(wpdpack, | |
296 | + [ --with-wpdpack=DIR use WinPcap developer's pack in DIR], | |
297 | + [ AC_MSG_RESULT($withval) | |
298 | + if test -f $withval/include/packet32.h -a -f $withval/lib/packet.a; then | |
299 | + COPTS="$COPTS -I$withval/include" | |
300 | + LIBS="$LIBS -L$withval/lib -lpacket -lws2_32" | |
301 | + else | |
302 | + AC_MSG_ERROR(packet32.h or packet.a not found in $withval) | |
303 | + fi ], | |
304 | + [ for dir in ${prefix} ${HOME}/WPdpack ; do | |
305 | + if test -f ${dir}/include/packet32.h -a -f ${dir}/lib/packet.a; then | |
306 | + COPTS="$COPTS -I${dir}/include" | |
307 | + LIBS="$LIBS -L${dir}/lib -lpacket -lws2_32" | |
308 | + have_pcap=yes | |
309 | + break; | |
310 | + fi | |
311 | + done | |
312 | + if test "$have_pcap" != yes; then | |
313 | + AC_MSG_ERROR(WinPcap developer's pack not found) | |
314 | + fi | |
315 | + AC_MSG_RESULT(yes) ]) | |
316 | + | |
317 | +fi | |
318 | + | |
319 | +dnl =========================== | |
320 | +dnl Check for programs path | |
321 | +dnl =========================== | |
322 | + | |
323 | +AC_PATH_PROG(WGET_PATH, "wget") | |
324 | + if test -n "$WGET_PATH"; then | |
325 | + AC_DEFINE_UNQUOTED(WGET_PATH, "$WGET_PATH") | |
326 | + else | |
327 | + AC_DEFINE_UNQUOTED(WGET_PATH, "") | |
328 | + fi | |
329 | + | |
330 | + | |
331 | +dnl ===================== | |
332 | +dnl Check for headers | |
333 | +dnl ===================== | |
334 | + | |
335 | +AC_HEADER_STDC | |
336 | +AC_HEADER_DIRENT | |
337 | +AC_HEADER_TIME | |
338 | +AC_CHECK_HEADERS(getopt.h) | |
339 | +AC_CHECK_HEADERS(fcntl.h termios.h ctype.h) | |
340 | +AC_CHECK_HEADERS(sys/time.h sys/utsname.h) | |
341 | +AC_CHECK_HEADERS(ifaddrs.h) | |
342 | + | |
343 | +dnl These are required !! | |
344 | +AC_CHECK_HEADERS(unistd.h stdlib.h signal.h stdarg.h sys/ioctl.h,, | |
345 | + AC_MSG_WARN(**************************************************); | |
346 | + AC_MSG_WARN(* REQUIRED !! I cant believe U don't have this !!*); | |
347 | + AC_MSG_WARN(**************************************************); | |
348 | + exit) | |
349 | + | |
350 | +AC_CHECK_HEADERS(dirent.h errno.h,, | |
351 | + AC_MSG_WARN(***************); | |
352 | + AC_MSG_WARN(* REQUIRED !! *); | |
353 | + AC_MSG_WARN(***************); | |
354 | + exit) | |
355 | + | |
356 | +AC_CHECK_HEADERS(net/ethernet.h net/if_arp.h net/if.h) | |
357 | +AC_CHECK_HEADERS(netinet/ip.h netinet/ip_icmp.h netinet/tcp.h) | |
358 | +AC_CHECK_HEADERS(sys/sockio.h) | |
359 | + | |
360 | + | |
361 | +dnl ================================================================== | |
362 | +dnl Checks for typedefs, structures, and compiler characteristics. | |
363 | +dnl ================================================================== | |
364 | + | |
365 | +AC_STRUCT_TM | |
366 | +EC_SOCKLEN_CHECK | |
367 | +AC_TYPE_PID_T | |
368 | +AC_TYPE_SIZE_T | |
369 | +AC_C_CONST | |
370 | +AC_LBL_SOCKADDR_SA_LEN | |
371 | +AC_LBL_UNALIGNED_ACCESS | |
372 | + | |
373 | +dnl ===================== | |
374 | +dnl Check for libs | |
375 | +dnl ===================== | |
376 | + | |
377 | +AC_FUNC_MALLOC | |
378 | +AC_FUNC_MEMCMP | |
379 | +AC_TYPE_SIGNAL | |
380 | +AC_FUNC_VPRINTF | |
381 | +EC_PTHREAD_CHECK() | |
382 | +AC_SEARCH_LIBS(log,c m) | |
383 | +AC_SEARCH_LIBS(pow,c m) | |
384 | +AC_SEARCH_LIBS(gethostbyname,c nsl,,AC_MSG_ERROR(libnsl not found.)) | |
385 | +AC_SEARCH_LIBS(socket,c socket,,AC_MSG_ERROR(libsocket not found.)) | |
386 | +AC_SEARCH_LIBS(dn_expand,c resolv,,) | |
387 | +AC_CHECK_FUNCS(getifaddrs) | |
388 | +AC_CHECK_FUNCS(gettimeofday) | |
389 | +AC_CHECK_FUNCS(vsnprintf) | |
390 | +AC_CHECK_FUNCS(select strdup strerror strstr strsignal) | |
391 | +AC_CHECK_FUNCS(uname) | |
392 | + | |
393 | + | |
394 | +dnl =============================== | |
395 | +dnl Check for non standard libs | |
396 | +dnl =============================== | |
397 | + | |
398 | +MISSING="" | |
399 | +MISSLIBS="" | |
400 | + | |
401 | +AC_CHECK_FUNCS(getopt_long,,MISSING="$MISSING ./src/missing/getopt.c ./src/missing/getopt1.c" | |
402 | + MISSLIBS="$MISSLIBS ./src/missing/getopt.o ./src/missing/getopt1.o") | |
403 | +AC_CHECK_FUNCS(strlcat,,MISSING="$MISSING ./src/missing/strlcat.c" | |
404 | + MISSLIBS="$MISSLIBS ./src/missing/strlcat.o") | |
405 | +AC_CHECK_FUNCS(strlcpy,,MISSING="$MISSING ./src/missing/strlcpy.c" | |
406 | + MISSLIBS="$MISSLIBS ./src/missing/strlcpy.o") | |
407 | +AC_CHECK_FUNCS(strsep,,MISSING="$MISSING ./src/missing/strsep.c" | |
408 | + MISSLIBS="$MISSLIBS ./src/missing/strsep.o") | |
409 | +AC_CHECK_FUNCS(memmem,,MISSING="$MISSING ./src/missing/memmem.c" | |
410 | + MISSLIBS="$MISSLIBS ./src/missing/memmem.o") | |
411 | +AC_CHECK_FUNCS(inet_aton,,MISSING="$MISSING ./src/missing/inet_aton.c" | |
412 | + MISSLIBS="$MISSLIBS ./src/missing/inet_aton.o") | |
413 | +AC_CHECK_FUNCS(scandir,,MISSING="$MISSING ./src/missing/scandir.c" | |
414 | + MISSLIBS="$MISSLIBS ./src/missing/scandir.o") | |
415 | + | |
416 | +AC_SUBST(MISSING) | |
417 | +AC_SUBST(MISSLIBS) | |
418 | + | |
419 | + | |
420 | +dnl ======================================= | |
421 | +dnl Check user defined --enable-FEATURE | |
422 | +dnl ======================================= | |
423 | + | |
424 | +EC_MESSAGE(Checking user defined options) | |
425 | + | |
426 | +dnl ----------------------- | |
427 | +dnl -- NCURSES INTERFACE -- | |
428 | +dnl ----------------------- | |
429 | + | |
430 | +check_ncurses=0 | |
431 | +AC_MSG_CHECKING([if --enable-ncurses option is specified]) | |
432 | +AC_ARG_ENABLE(ncurses, [ --enable-ncurses enable the ncurses interface.], | |
433 | +[ case "$enableval" in | |
434 | + yes) | |
435 | + AC_MSG_RESULT(yes.) | |
436 | + check_ncurses=1 | |
437 | + ;; | |
438 | + no) AC_MSG_RESULT(no.) | |
439 | + ;; | |
440 | +esac ], | |
441 | + AC_MSG_RESULT(yes. enabled by default.) | |
442 | + check_ncurses=1 | |
443 | +) | |
444 | + | |
445 | +ac_cv_ec_ncurses=no | |
446 | +ac_cv_ec_form=no | |
447 | + | |
448 | +if test $check_ncurses -ne 0; then | |
449 | + ncurses_warn=0 | |
450 | + curses_warn=0 | |
451 | + | |
452 | + AC_CHECK_HEADERS(ncurses.h,,ncurses_warn=1) | |
453 | + AC_CHECK_LIB(ncurses,newpad,,ncurses_warn=1) | |
454 | + | |
455 | + if test $ncurses_warn -ne 1; then | |
456 | + AC_DEFINE(HAVE_NCURSES,1) | |
457 | + ac_cv_ec_ncurses=yes | |
458 | + else | |
459 | + AC_CHECK_HEADERS(curses.h,,curses_warn=1) | |
460 | + AC_CHECK_LIB(curses,newpad,,curses_warn=1) | |
461 | + AC_CHECK_LIB(curses,mvwgetnstr,,curses_warn=1) | |
462 | + | |
463 | + if test $curses_warn -ne 1; then | |
464 | + AC_DEFINE(HAVE_NCURSES,1) | |
465 | + ac_cv_ec_ncurses=yes | |
466 | + else | |
467 | + AC_MSG_WARN(***********************************************) | |
468 | + AC_MSG_WARN(* NCURSES are NOT available in your system !! *) | |
469 | + AC_MSG_WARN(* Interactive mode will not be supported! *) | |
470 | + AC_MSG_WARN(***********************************************) | |
471 | + fi | |
472 | + fi | |
473 | + | |
474 | + form_warn=0 | |
475 | + | |
476 | + if test "$ncurses_warn$curses_warn" = "00"; then | |
477 | + AC_CHECK_HEADERS(form.h,,form_warn=1) | |
478 | + AC_CHECK_LIB(form,form_win,,form_warn=1) | |
479 | + | |
480 | + if test $form_warn -ne 1; then | |
481 | + AC_DEFINE(HAVE_FORM,1) | |
482 | + ac_cv_ec_form=yes | |
483 | + else | |
484 | + AC_MSG_WARN(**********************************************) | |
485 | + AC_MSG_WARN(* FORM are NOT available in your system !! *) | |
486 | + AC_MSG_WARN(* some interface will be less pleasureful... *) | |
487 | + AC_MSG_WARN(**********************************************) | |
488 | + fi | |
489 | + fi | |
490 | +fi | |
491 | + | |
492 | + | |
493 | + | |
494 | + | |
495 | +dnl ----------- | |
496 | +dnl -- DEBUG -- | |
497 | +dnl ----------- | |
498 | + | |
499 | +AC_MSG_CHECKING([if --enable-debug option is specified]) | |
500 | +AC_ARG_ENABLE(debug, [ --enable-debug create a file for debugging messages.], | |
501 | +[ case "$enableval" in | |
502 | + yes) | |
503 | + DEBUG="-DDEBUG" | |
504 | + CFLAGS="-g -ggdb -Wmissing-prototypes -Werror -Wall" | |
505 | + AC_MSG_RESULT(yes) | |
506 | + ac_cv_ec_debug=yes | |
507 | + ;; | |
508 | + no) AC_MSG_RESULT(no.) | |
509 | + CFLAGS="-O3 -funroll-loops -fomit-frame-pointer -Wall" | |
510 | + ac_cv_ec_debug=no | |
511 | + ;; | |
512 | +esac ], | |
513 | + AC_MSG_RESULT(no. disabled by default.) | |
514 | + CFLAGS="-O3 -funroll-loops -fomit-frame-pointer -Wall" | |
515 | + ac_cv_ec_debug=no | |
516 | +) | |
517 | +AC_SUBST(DEBUG) | |
518 | + | |
519 | +dnl ------------- | |
520 | +dnl -- PLUGINS -- | |
521 | +dnl ------------- | |
522 | + | |
523 | +check_plugins=0 | |
524 | +AC_MSG_CHECKING([if --enable-plugins option is specified]) | |
525 | +AC_ARG_ENABLE(plugins, [ --enable-plugins enable the use of plugins in ettercap.], | |
526 | +[ case "$enableval" in | |
527 | + yes) | |
528 | + AC_MSG_RESULT(yes.) | |
529 | + check_plugins=1 | |
530 | + ;; | |
531 | + no) AC_MSG_RESULT(no.) | |
532 | + ac_cv_ec_plugin=no | |
533 | + ;; | |
534 | +esac ], | |
535 | + AC_MSG_RESULT(yes. enabled by default.) | |
536 | + check_plugins=1 | |
537 | +) | |
538 | + | |
539 | + | |
540 | +if test $check_plugins -ne 0; then | |
541 | + plugins_warn=0 | |
542 | + AC_CHECK_HEADERS(dlfcn.h,,plugins_warn=1) | |
543 | + AC_SEARCH_LIBS(dlopen, dl c,,plugins_warn=1) | |
544 | + | |
545 | + if test $plugins_warn -ne 1; then | |
546 | + AC_DEFINE(PERMIT_PLUGINS,1) | |
547 | + ac_cv_ec_plugin=yes | |
548 | + AC_MSG_CHECKING([for gcc option to produce PIC]) | |
549 | + if test "$OS" = "MACOSX"; then | |
550 | + PICFLAG="-bundle -undefined $ac_cv_ec_undefined -bundle_loader ../../ettercap" | |
551 | + elif test "$OS" = "SOLARIS"; then | |
552 | + PICFLAG="-fPIC -DPIC -shared" | |
553 | + elif test "$OS" = "CYGWIN"; then | |
554 | + PICFLAG="-DPIC -shared" | |
555 | + else | |
556 | + LIBS="$LIBS -rdynamic" | |
557 | + PICFLAG="-fPIC -DPIC -shared" | |
558 | + fi | |
559 | + AC_MSG_RESULT($PICFLAG) | |
560 | + AC_SUBST(PICFLAG) | |
561 | + else | |
562 | + AC_MSG_WARN(***********************************************) | |
563 | + AC_MSG_WARN(* Plugins are NOT supported by your system !! *) | |
564 | + if test "$OS" = "MACOSX"; then | |
565 | + AC_MSG_WARN(* *) | |
566 | + AC_MSG_WARN(* You have to install the dlcompat library... *) | |
567 | + fi | |
568 | + AC_MSG_WARN(***********************************************) | |
569 | + ac_cv_ec_plugin=no | |
570 | + fi | |
571 | +fi | |
572 | + | |
573 | + | |
574 | +dnl --------- | |
575 | +dnl -- SSH -- | |
576 | +dnl --------- | |
577 | + | |
578 | +check_ssh=0 | |
579 | +AC_ARG_WITH(openssl, [ --with-openssl=DIR use OpenSSL in DIR], | |
580 | +[ case "$withval" in | |
581 | + no) | |
582 | + AC_MSG_CHECKING(for OpenSSL) | |
583 | + AC_MSG_RESULT(no) | |
584 | + ac_cv_ec_ssh=no | |
585 | + ;; | |
586 | + *) | |
587 | + AC_MSG_CHECKING(for OpenSSL in $withval) | |
588 | + check_ssh=1 | |
589 | + ssl_path=$withval | |
590 | + ;; | |
591 | + esac ], | |
592 | + [ AC_MSG_CHECKING(for OpenSSL in ${prefix}) | |
593 | + check_ssh=1 | |
594 | + ssl_path=${prefix} | |
595 | + ] | |
596 | +) | |
597 | + | |
598 | + | |
599 | +if test $check_ssh -ne 0; then | |
600 | + | |
601 | + if test -f $ssl_path/include/openssl/ssl.h; then | |
602 | + COPTS="$COPTS -I$ssl_path/include" | |
603 | + LIBS="$LIBS -L$ssl_path/lib -lssl -lcrypto" | |
604 | + AC_DEFINE(HAVE_OPENSSL,1) | |
605 | + ac_cv_ec_ssh=yes | |
606 | + AC_MSG_RESULT(yes) | |
607 | + elif test -f $ssl_path/ssl/include/openssl/ssl.h; then | |
608 | + COPTS="$COPTS -I$ssl_path/ssl/include" | |
609 | + LIBS="$LIBS -L$ssl_path/ssl/lib -lssl -lcrypto" | |
610 | + AC_DEFINE(HAVE_OPENSSL,1) | |
611 | + ac_cv_ec_ssh=yes | |
612 | + AC_MSG_RESULT(yes) | |
613 | + elif test -f /usr/include/openssl/ssl.h; then | |
614 | + LIBS="$LIBS -lssl -lcrypto" | |
615 | + AC_DEFINE(HAVE_OPENSSL,1) | |
616 | + ac_cv_ec_ssh=yes | |
617 | + AC_MSG_RESULT(yes) | |
618 | + else | |
619 | + AC_MSG_RESULT(no) | |
620 | + ac_cv_ec_ssh=no | |
621 | + AC_MSG_WARN(**********************************************) | |
622 | + AC_MSG_WARN(* OpenSSL is NOT installed in your system !! *) | |
623 | + AC_MSG_WARN(* SSH support will NOT be available... *) | |
624 | + AC_MSG_WARN(**********************************************) | |
625 | + fi | |
626 | + | |
627 | + AC_PATH_PROG(OPENSSL_PATH, "openssl",, "$PATH:/usr/local/ssl/bin") | |
628 | + if test -n "$OPENSSL_PATH"; then | |
629 | + AC_DEFINE_UNQUOTED(OPENSSL_PATH, "$OPENSSL_PATH") | |
630 | + else | |
631 | + AC_DEFINE_UNQUOTED(OPENSSL_PATH, "") | |
632 | + fi | |
633 | + | |
634 | +fi | |
635 | + | |
636 | + | |
637 | +dnl ----------- | |
638 | +dnl -- HTTTS -- | |
639 | +dnl ----------- | |
640 | + | |
641 | +AC_MSG_CHECKING([if --enable-https option is specified]) | |
642 | +AC_ARG_ENABLE(https, [ --enable-https permit https dissection (invasive).], | |
643 | +[ case "$enableval" in | |
644 | + yes) | |
645 | + if test "$OS" = "MACOSX" -o "$OS" = "SOLARIS" -o "$OS" = "CYGWIN"; then | |
646 | + AC_MSG_RESULT(NOT available on this OS) | |
647 | + ac_cv_ec_https=no | |
648 | + else | |
649 | + AC_DEFINE(PERMIT_HTTPS,1) | |
650 | + AC_MSG_RESULT(yes) | |
651 | + ac_cv_ec_https=yes | |
652 | + fi | |
653 | + ;; | |
654 | + no) AC_MSG_RESULT(no) | |
655 | + ac_cv_ec_https=no | |
656 | + ;; | |
657 | + esac ], | |
658 | + if test "$OS" = "MACOSX" -o "$OS" = "SOLARIS" -o "$OS" = "CYGWIN"; then | |
659 | + AC_MSG_RESULT(NOT available on this OS) | |
660 | + ac_cv_ec_https=no | |
661 | + elif test "$OS" = "OPENBSD" -o "$OS" = "FREEBSD" -o "$OS" = "NETBSD"; then | |
662 | + AC_MSG_RESULT(no.) | |
663 | + ac_cv_ec_https=no | |
664 | + AC_MSG_WARN(***************************************************) | |
665 | + AC_MSG_WARN(* HTTPS dissection in in ALPHA state under BSD... *) | |
666 | + AC_MSG_WARN(* I discourage you to enable it. *) | |
667 | + AC_MSG_WARN(* But if you want use at your own risk *) | |
668 | + AC_MSG_WARN(***************************************************) | |
669 | + else | |
670 | + AC_MSG_RESULT(yes. enabled by default.) | |
671 | + AC_DEFINE(PERMIT_HTTPS,1) | |
672 | + ac_cv_ec_https=yes | |
673 | + fi | |
674 | + | |
675 | +) | |
676 | + | |
677 | + | |
678 | +dnl =============== | |
679 | +dnl FINISHED !! | |
680 | +dnl =============== | |
681 | + | |
682 | +AC_SUBST(COPTS) | |
683 | + | |
684 | +EC_MESSAGE(Writing output files) | |
685 | + | |
686 | +PLUGINS=`ls ./plugins | grep -v -E "Make|CVS" | awk ' { printf "%s ", $1 } '` | |
687 | +AC_SUBST(PLUGINS) | |
688 | + | |
689 | +makeplug=`ls ./plugins | grep -v -E "Make|CVS" | awk '{ printf("plugins/%s/Makefile ", $1) }'` | |
690 | + | |
691 | +AC_OUTPUT(ettercap.spec ettercap.8 Makefile $makeplug plugins/Makefile) | |
692 | + | |
693 | + | |
694 | +dnl =============== | |
695 | +dnl THE SUMMARY | |
696 | +dnl =============== | |
697 | + | |
698 | + | |
699 | +EC_MESSAGE(Ettercap has been configured as follow) | |
700 | + | |
701 | +echo "==================================================" | |
702 | +echo | |
703 | + EC_CHECK_OPTION(" Install directory: ",${prefix}) | |
704 | +echo | |
705 | +echo | |
706 | + EC_CHECK_OPTION(" DEBUG mode ....... ",${ac_cv_ec_debug}) | |
707 | + EC_CHECK_OPTION(" NCURSES support .. ",${ac_cv_ec_ncurses}) | |
708 | + EC_CHECK_OPTION(" FORM support ..... ",${ac_cv_ec_form}) | |
709 | + EC_CHECK_OPTION(" PLUGIN support ... ",${ac_cv_ec_plugin}) | |
710 | + EC_CHECK_OPTION(" SSH support ...... ",${ac_cv_ec_ssh}) | |
711 | + EC_CHECK_OPTION(" HTTPS support .... ",${ac_cv_ec_https}) | |
712 | +echo | |
713 | +echo "==================================================" | |
714 | +echo | |
715 | +echo | |
716 | +echo For a list of all possible make processes, type \`${SB}make help${EB}\` | |
717 | +echo | |
718 | +echo | |
719 | + | |
720 | + | |
721 | + | |
449fed60 | 722 | +EC_CHECK_DATE() |
2e13c635 MM |
723 | + |
724 | diff -uNr ettercap-0.6.4.orig/ettercap.8 ettercap-0.6.4/ettercap.8 | |
725 | --- ettercap-0.6.4.orig/ettercap.8 Thu Jan 1 01:00:00 1970 | |
726 | +++ ettercap-0.6.4/ettercap.8 Sat Feb 16 16:50:12 2002 | |
1d0ff707 | 727 | @@ -0,0 +1,552 @@ |
728 | +.\" ettercap -- a ncurses-based sniffer/interceptor utility for switched LAN | |
729 | +.\" | |
730 | +.\" Copyright (C) 2001 ALoR <alor@users.sourceforge.net>, NaGA <crwm@freemail.it> | |
731 | +.\" | |
732 | +.\" This program is free software; you can redistribute it and/or modify | |
733 | +.\" it under the terms of the GNU General Public License as published by | |
734 | +.\" the Free Software Foundation; either version 2 of the License, or | |
735 | +.\" (at your option) any later version. | |
736 | +.\" | |
737 | +.\" This program is distributed in the hope that it will be useful, | |
738 | +.\" but WITHOUT ANY WARRANTY; without even the implied warranty of | |
739 | +.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
740 | +.\" GNU General Public License for more details. | |
741 | +.\" | |
742 | +.\" You should have received a copy of the GNU General Public License | |
743 | +.\" along with this program; if not, write to the Free Software | |
744 | +.\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. | |
745 | +.de Sp | |
746 | +.if n .sp | |
747 | +.if t .sp 0.4 | |
748 | +.. | |
749 | +.TH ETTERCAP "8" "20010906" "ettercap 0.5.4" | |
750 | +.SH NAME | |
751 | +.B ettercap 0.5.4 \- A multipurpose sniffer over switched LANs | |
752 | + | |
753 | +.SH SYNOPSIS | |
754 | +.B ettercap | |
755 | +[\fIOPTIONS\fR] [\fIHOST:PORT\fR] [\fIHOST:PORT\fR] [\fIMAC\fR] [\fIMAC\fR] | |
756 | + | |
757 | +.SH DESCRIPTION | |
758 | +Ettercap was born as a sniffer for switched LAN (and obviously even "hubbed" one), | |
759 | +but during the development process it has gained more and more feature that have | |
760 | +changed it to a powerful and flexible tool for man-in-the-middle attacks. | |
761 | +It supports active and passive dissection of many protocols (even ciphered ones) | |
762 | +and includes many feature for network and host analysis (such as OS fingerprint). | |
763 | +.PP | |
764 | +It has five sniffing methods: | |
765 | +.br | |
766 | ++ IPBASED, the packets are filtered matching IP:PORT source and IP:PORT dest | |
767 | +.br | |
768 | ++ MACBASED, packets filtered matching the source and dest MAC address. (useful | |
769 | +to sniff connections through gateway) | |
770 | +.br | |
771 | ++ ARPBASED, uses arp poisoning to sniff in switched LAN between two hosts | |
772 | +(full-duplex m-i-t-m). | |
773 | +.br | |
774 | ++ SMARTARP, uses arp poisoning to sniff in switched LAN from a victim host to all other | |
775 | +hosts knowing the entire list of the hosts (full-duplex m-i-t-m). | |
776 | +.br | |
777 | ++ PUBLICARP, uses arp poison to sniff in switched LAN from a victim host to all other | |
778 | +hosts (half-duplex). | |
779 | +.br | |
780 | +With this method the ARP replies are sent in broadcast, but if ettercap has the complete | |
781 | +host list (on start up it has scanned the LAN) SMARTARP method is automatically selected, | |
782 | +and the arp replies are sent to all the hosts but the victim, avoiding conflicting MAC | |
783 | +addresses as reported by win2K. | |
784 | +.PP | |
785 | +The most relevant ettercap features are: | |
786 | +.PP | |
787 | +.B Characters injection in an established connection : | |
788 | +you can inject character to server (emulating commands) or to client (emulating replies) | |
789 | +maintaining the connection alive !! | |
790 | +.PP | |
791 | +.B SSH1 support : | |
792 | +you can sniff User and Pass, and even the data of an SSH1 connection. ettercap is the | |
793 | +first software capable to sniff an SSH connection in FULL-DUPLEX | |
794 | +.PP | |
795 | +.B HTTPS support : | |
796 | +you can sniff http SSL secured data... and even if the connection is made through a PROXY | |
797 | +.PP | |
798 | +.B Plug-ins support : | |
799 | +You can create your own plugin using the ettercap's API. | |
800 | +.PP | |
801 | +.B Password collector for : | |
802 | +TELNET, FTP, POP, RLOGIN, SSH1, ICQ, SMB, MySQL, HTTP, NNTP, X11, NAPSTER, IRC, RIP, BGP, | |
803 | +SOCKS 5, IMAP 4, VNC (other protocols coming soon...) | |
804 | +.PP | |
805 | +.B Packet filtering/dropping: | |
806 | +You can set up a filter chain that search for a particular string (even hex) in the TCP | |
807 | +or UDP payload and replace it with yours or drop the entire packet. | |
808 | +.PP | |
809 | +.B OS fingerprint: | |
810 | +you can fingerprint the OS of the victim host and even its network adapter (it uses the | |
811 | +nmap (c) Fyodor database) | |
812 | +.PP | |
813 | +.B Kill a connection: | |
814 | +from the connections list you can kill all the connections you want | |
815 | +.PP | |
816 | +.B Packet factory: | |
817 | +You can create and sent packet forged on the fly. The factory let you to forge from Ethernet | |
818 | +header to application level. | |
819 | + | |
820 | +.PP | |
821 | +.SH OPTIONS | |
822 | +Options that make sense together can generally be combined. ettercap will warn the user | |
823 | +about unsupported option combinations. | |
824 | +.TP | |
825 | +.B SNIFFING METHODS | |
826 | +.TP | |
827 | +\fB\-a\fR, \fB\-\-arpsniff\fR | |
828 | +ARP BASED sniffing | |
829 | +.br | |
830 | +This is THE sniffing method for switched LAN, and if you want to use the man-in-the-middle | |
831 | +technique you have to use it. In conjunction with the silent mode (-z option) you must | |
832 | +specify two IP and two MAC for ARPBASED (full-duplex) or one IP and one MAC for PUBLICARP | |
833 | +(half-duplex). in PUBLICARP the ARP replies are sent in broadcast, but if ettercap has | |
834 | +the complete host list (on start up it has scanned the LAN) SMARTARP method is automatically | |
835 | +selected, and the arp replies are sent to all the hosts but the victim, and an hash table | |
836 | +is created to re-route back the packet form victim to client obtaining in this way a full-duplex | |
837 | +man in the middle attack. | |
838 | +.br | |
839 | +Filters that have as action a replacement or a drop, can be used only with ARPBASED | |
840 | +sniffing because it is necessary to re-adjust the sequence number in full-duplex in order | |
841 | +to maintain the connection alive. | |
842 | +.TP | |
843 | +\fB\-s\fR, \fB\-\-sniff\fR | |
844 | +IP BASED sniffing | |
845 | +.br | |
846 | +This is the good old style sniffing method. It rocks on "hubbed" LAN, but useless on switched | |
847 | +ones. You can choose the target specifying only source, only dest, with or without port, or | |
848 | +nothing (to sniff all connections). A special ip "ANY" means from or to every host. | |
849 | +.TP | |
850 | +\fB\-m\fR, \fB\-\-macsniff\fR | |
851 | +MAC BASED sniffing (you must select two host for this) | |
852 | +.br | |
853 | +Very useful to sniff TCP traffic with remote hosts. On hubbed LANs if you want to sniff a | |
854 | +connection through a gateway is useless to specify the victim's ip and the gateway's ip, | |
855 | +because the packet are for an external host, not for the gateway. So you can use this method. | |
856 | +Simply specify the victim's MAC and the gateway's MAC and you will see all the connections | |
857 | +from and to the Internet. | |
858 | + | |
859 | + | |
860 | +.TP | |
861 | +.B GENERAL OPTIONS | |
862 | +.TP | |
863 | +\fB\-N\fR, \fB\-\-simple\fR | |
864 | +NON interactive mode (without ncurses) | |
865 | +.br | |
866 | +This method is useful if you want to launch ettercap from a script or if you already | |
867 | +know some informations of your target or if you want to launch ettercap in background | |
868 | +collecting data or password for you (in combination with the --quiet option). | |
869 | +.br | |
870 | +Some features are not available in this method, obviously the ones which requires | |
871 | +interaction with the user, such as characters injection. But others (for example filtering) | |
872 | +are fully supported, so you can set up ettercap to poison two host (a victim and its gateway) | |
873 | +and to filter all its connection on the port 80 and replace some string with others, | |
874 | +all its traffic to the Internet will be changed as you wish. | |
875 | +.TP | |
876 | +\fB\-z\fR, \fB\-\-silent\fR | |
877 | +start in silent mode (no arp storm on start up) | |
878 | +.br | |
879 | +If you want to launch ettercap with a non invasive method (some NIDS may raise a warn | |
880 | +if they detects too much arp request). You have to know all the requested data of the | |
881 | +target in order to use this options. For example if you want to poison two host, you need | |
882 | +the two IP and the two MAC addresses of the victims. | |
883 | +If you select ipsniff or macsniff this method is automatically selected, because you don't | |
884 | +need to know the list of the host in the LAN. | |
885 | +.br | |
886 | +To know the entire list of the hosts use "ettercap -Nl", but remember that it is a invasive | |
887 | +method. | |
888 | +.TP | |
889 | +\fB\-b\fR, \fB\-\-broadping\fR | |
890 | +use a broadcast ping instead of arp storm on start up. | |
891 | +.br | |
892 | +this method is less intrusive, but even less accurate. some hosts will not respond at the | |
893 | +broadcast ping (es. Windows) so they remain invisible to this method. Useful if you want to | |
894 | +scan a LAN with Linux hosts. As usual you can combine this option with --list to have a | |
895 | +list of the hosts "ettercap -Nlb" | |
896 | +.TP | |
897 | +\fB\-D\fR, \fB\-\-delay <n sec>\fR | |
898 | +the delay in seconds between the arp replies if you have selected an ARP poison sniffing | |
899 | +method. This is useful if you want to be less aggressive in the poisoning. On many OS the | |
900 | +default validity interval of the arp cache is more than a minute (on FreeBSD is 1200 sec). | |
901 | +.br | |
902 | +The default delay value is 30 sec. | |
903 | +.TP | |
904 | +\fB\-Z\fR, \fB\-\-stormdelay <n usec>\fR | |
905 | +the delay in micro-seconds between the arp request on arp storm at start up. | |
906 | +This is useful if you want to be less aggressive in the scanning. Many IDS will report | |
907 | +massive arp request, but if you send them in a slower rate, they will not report any strange | |
908 | +behavior. | |
909 | +.br | |
910 | +The default delay value is 1500 usec. | |
911 | +.TP | |
912 | +\fB\-S\fR, \fB\-\-spoof <IP>\fR | |
913 | +If you want to elude some IDS, you can specify a spoofed IP used to scan the LAN with | |
914 | +arp request. The source MAC can't be spoofed because a well configured switch will block | |
915 | +your request. | |
916 | +.TP | |
917 | +\fB\-H\fR, \fB\-\-hosts <IP1[,IP2][,IP3][,...]>\fR | |
918 | +on start up, scan only these hosts. | |
919 | +.br | |
920 | +this is useful if you want to use an ARP scanning of the LAN but only on certain IPs. | |
921 | +so you can benefit from a ARP scan but remaining less invasive. | |
922 | +Useful even if you want to do PUBLIC ARP but you want to poison only specific hosts. | |
923 | +since with a list PUBLIC ARP is automatically converted to SMARTARP, only these host | |
924 | +will be poisoned and you can leave untouched the arp caches of the other hosts. | |
925 | +.br | |
926 | +the IP list must be in dotted notation and separated by comma (without black spaces | |
927 | +between them), you can use wildcards. | |
928 | +.br | |
929 | +eg: 192.168.0.2? --> from 20 to 29 | |
930 | +.br | |
931 | + 192.168.0.1* --> host 1, from 10 to 19 and from 100 to 199 | |
932 | +.TP | |
933 | +\fB\-d\fR, \fB\-\-dontresolve\fR | |
934 | +don't resolve IPs on start up. this is useful if you experience an insane "Resolving | |
935 | +n hostnames..." message on start up. This is due to a very slow DNS in your environment. | |
936 | +.TP | |
937 | +\fB\-i\fR, \fB\-\-iface <IFACE>\fR | |
938 | +network interface to be used for all the operation. you can even specify network aliases | |
939 | +in order to scan a subnet with different ip form your current one. | |
940 | +.TP | |
941 | +\fB\-n\fR, \fB\-\-netmask <NETMASK>\fR | |
942 | +the netmask used to scan the LAN. (in dotted notation). the default is your current | |
943 | +ifconfig netmask. but your netmask is for example 255.255.0.0 I encourage you to specify | |
944 | +a more restrictive one, if you managed to do an ARP scanning on start up. | |
945 | +.TP | |
946 | +\fB\-e\fR, \fB\-\-etterconf <FILENAME>\fR | |
947 | +use the config file instead of command line options | |
948 | +.br | |
949 | +etter.conf example file is packaged in the tarball, refer to it to know how to write a | |
950 | +config file. all the instruction are written in this example. via the conf file you | |
951 | +can disable selectively one protocol dissector or move it on one other port. | |
952 | +.br | |
953 | +command line options and config file can be mixed for much flexibility, but remember | |
954 | +that the options in the config file override the command line, so if in etter.conf | |
955 | +you have specified IFACE: eth0, and you launch "ettercap -i eth1 -e etter.conf" | |
956 | +the selected iface will be eth0. | |
957 | +.br | |
958 | +NOTE: the "-e etter.conf" options has to be specified after all other options. | |
959 | +.TP | |
960 | +\fB\-v\fR, \fB\-\-version\fR | |
961 | +check for the latest ettercap version. | |
962 | +.br | |
963 | +All operation are under your control. Every step requires a user confirmation. | |
964 | +With this option ettercap will connect to the http://ettercap.sourceforge.net:80 web | |
965 | +side and ask for the page /latest.php. then the result are parsed and compared with | |
966 | +your current version. If there is a newer version available, ettercap will ask you if | |
967 | +you want to wget it. (wget must be in the path). | |
968 | +.br | |
969 | +If you want to automatically answer yes at all the question add the option -y | |
970 | +.TP | |
971 | +\fB\-h\fR, \fB\-\-help\fR | |
972 | +prints the help screen with a short summary of the available options. | |
973 | + | |
974 | + | |
975 | + | |
976 | +.TP | |
977 | +.B SILENT MODE OPTIONS (only combined with -N) | |
978 | +.TP | |
979 | +\fB\-u\fR, \fB\-\-udp\fR | |
980 | +sniff only UDP packets (default is TCP). | |
981 | +This option is only useful in "simple" mode, if you start ettercap in interactive mode | |
982 | +both TCP and UDP are sniffed. | |
983 | +.TP | |
984 | +\fB\-R\fR, \fB\-\-reverse\fR | |
985 | +sniff all the connection but the selected one. This option is useful if you are using | |
986 | +ettercap on a remote machine and you want to sniff all the traffic but you connection from | |
987 | +local to remote, because including it will sniff even the ettercap output and it will be | |
988 | +screwed up... | |
989 | +.TP | |
990 | +\fB\-p\fR, \fB\-\-plugin <NAME>\fR | |
991 | +run the plugin "NAME". | |
992 | +.br | |
993 | +most plugins need a destination host. simply specify it after plugin name, in fact | |
994 | +hosts are parsed on command line as first the DEST and so the SOURCE. | |
995 | +.br | |
996 | +To have a list of the available plugins use "list" (without quotes) as plugin name. | |
997 | +.br | |
998 | +More detailed info about plugins and about how to write your own are found in the | |
999 | +README.PLUGINS file. | |
1000 | +.Sp | |
1001 | +Currently these plugins are shipped with the official distro: | |
1002 | +.Sp | |
1003 | + arpcop -- Report suspicious ARP replies (developed by acelent) | |
1004 | +.br | |
1005 | + banshee -- They kill without discretion... | |
1006 | +.br | |
1007 | + dummy -- Dummy plugin. It does nothing ! (only a template) | |
1008 | +.br | |
1009 | + golem -- nice D.O.S. BE CAREFUL !! | |
1010 | +.br | |
1011 | + leech -- Isolate a host from the LAN | |
1012 | +.br | |
1013 | + lurker -- try to search for other ettercap | |
1014 | +.br | |
1015 | + imp -- Retrieves some Windows names | |
1016 | +.br | |
1017 | + ooze -- Ping a host | |
1018 | +.br | |
1019 | + phantom -- Sniff/Spoof DNS requests | |
1020 | +.br | |
1021 | + shadow -- A very simple SYN/TCP port scanner | |
1022 | +.br | |
1023 | + spectre -- flood a switched LAN with random MAC addresses | |
1024 | +.br | |
1025 | + triton -- Try to discover the LAN's gateway | |
1026 | +.TP | |
1027 | +\fB\-l\fR, \fB\-\-list\fR | |
1028 | +lists all the hosts in the LAN, reporting each MAC address. | |
1029 | +.br | |
1030 | +Commonly combined options are -b (for broadcast ping) and -d (don't resolve hostname). | |
1031 | +.TP | |
1032 | +\fB\-C\fR, \fB\-\-collect\fR | |
1033 | +collect all users and password from the hosts specified on command line. | |
1034 | +.br | |
1035 | +Password collector are configured in the config file (etter.conf), if you want | |
1036 | +you can disable them selectively or move them on other port. This is useful if you | |
1037 | +don't want to sniff SSH connection (the key change alert will raise suspects) but | |
1038 | +want to sniff all other supported protocols. Or even if you know that a host has the | |
1039 | +telnet service on port 4567, simply move the telnet dissector on 4567/tcp | |
1040 | +.TP | |
1041 | +\fB\-f\fR, \fB\-\-fingerprint <HOST>\fR | |
1042 | +do OS fingerprinting on HOST. | |
1043 | +.br | |
1044 | +This option uses the same database and the same method used by | |
1045 | +.I nmap (c) Fyodor <fyodor@insecure.org> | |
1046 | +so I report a piece of its man page : | |
1047 | +.Sp | |
1048 | +This option activates remote host identification via TCP/IP fingerprinting. In other | |
1049 | +words, it uses a bunch of techniques to detect subtleties in the underlying operating | |
1050 | +system network stack of the computers you are scanning. It uses this information to | |
1051 | +create a 'fingerprint' which it compares with its database of known OS fingerprints | |
1052 | +(the nmap-os-fingerprints file) to decide what type of system you are scanning. | |
1053 | +.Sp | |
1054 | +the -f options even provides you the vendor of the network adapter of the scanned host. | |
1055 | +the info are stored in the mac-fingerprints database. | |
1056 | +.TP | |
1057 | +\fB\-x\fR, \fB\-\-hexview\fR | |
1058 | +to dump data in hex mode. | |
1059 | +.br | |
1060 | +TIP: while sniffing you can change the visualization mode by hitting 'a' for ascii or 'x' for hex. | |
1061 | +on line help is recalled by 'h'. | |
1062 | +.TP | |
1063 | +\fB\-L\fR, \fB\-\-logtofile\fR | |
1064 | +if used alone logs all data to specific file(s). it crates a separate file for each connection | |
1065 | +in the form "YYYYMMDD-P-IP:PORT-IP:PORT.log" | |
1066 | +.br | |
1067 | +if used with -C (collector) it creates a file with all the password sniffed in the session in | |
1068 | +the form "YYYYMMDD-collected-pass.log" | |
1069 | +.TP | |
1070 | +\fB\-q\fR, \fB\-\-quiet\fR | |
1071 | +"demonize" ettercap. | |
1072 | +.br | |
1073 | +useful if you want to log all data in background. this options will detach | |
1074 | +ettercap from the current tty and set it as a demon collecting data to files. it must be | |
1075 | +combined with -NL (or -NLC) otherwise it has no effects. Obviously the sniffing method | |
1076 | +is required, so you have to combine it with this option. | |
1077 | +.TP | |
1078 | +\fB\-k\fR, \fB\-\-newcert\fR | |
1079 | +create a new cert file for HTTPS man-in-the-middle. | |
1080 | +.br | |
1081 | +useful if you want to create a certfile with social engineered information... | |
1082 | +.br | |
1083 | +the new file is created in the current working directory. to permanently substitute the | |
1084 | +default cert file (etter.sll.crt) you have to overwrite /usr/share/ettercap/etter.ssl.crt | |
1085 | +.TP | |
1086 | +\fB\-F\fR, \fB\-\-filter <FILENAME>\fR | |
1087 | +load the filters chains from FILENAME | |
1088 | +.br | |
1089 | +the Filtering chains file is written in pseudo XML format. You can write by hand this | |
1090 | +file or (better) use the ncurses interface to let ettercap create it (press 'F' in the | |
1091 | +connection list interface). If you are skilled in XML parsing, you can write your own | |
1092 | +program to make a filter chain file. | |
1093 | +.Sp | |
1094 | +the rules are simple: | |
1095 | +.Sp | |
1096 | +If the proto <proto> AND the source port <source> AND the dest port <dest> AND the payload <search> | |
1097 | +match the rules, after the filter as done its action <action>, it jumps in the chain | |
1098 | +to the filter id specified in the <goto> field, else it jumps to <elsegoto>. | |
1099 | +If these field are left blank the chain is interrupted. Source and dest port equal to | |
1100 | +0 (zero) means ANY port. You can use wildcards in the search string (see README for detail) | |
1101 | +.Sp | |
1102 | +NOTE: with this options filter are enabled by default, if you want to | |
1103 | +disable them on the fly, press "S" (for source) or "D" (for dest) while sniffing | |
1104 | +.Sp | |
1105 | +NOTE: on command line the hosts are parsed as "ettercap -F etter.filter DEST SOURCE", so | |
1106 | +the first host is bound to the dest chain and the second to the source chain. | |
1107 | +.Sp | |
1108 | +VERY IMPORTANT: the source chain is applied to data COMING FROM source and NOT GOING TO | |
1109 | +source. keep this in mind !! the same is for dest... | |
1110 | +.TP | |
1111 | +\fB\-c\fR, \fB\-\-check\fR | |
1112 | +check if you were poisoned by other poisoners in the LAN | |
1113 | +.TP | |
1114 | +\fB\-t\fR, \fB\-\-linktype\fR | |
1115 | +check if you are on a switched LAN or not... Sometimes this discovery method can fail. | |
1116 | +don't trust it at 100% | |
1117 | + | |
1118 | + | |
1119 | +.SH TARGET SPECIFICATION | |
1120 | +The targets are parsed on command line in reverse order. The first host is the DEST and the | |
1121 | +second is the SOURCE. this doesn't care if you are sniffing in ip based mode, because | |
1122 | +source and dest are ignored, but if you are filtering the connection this is crucial for | |
1123 | +the binding of the related filter chain. | |
1124 | +.br | |
1125 | +The reverse order is due to a more intuitive interface for plugins. because some plugins | |
1126 | +need the dest host to be specified, it is simpler to type: | |
1127 | +"ettercap -Np ooze victim" than "ettercap -Np ooze NOONE victim". | |
1128 | +.br | |
1129 | +The targets can be specified in dotted notation (192.168.0.1) or with their symbolic name | |
1130 | +(victim.mynet.org). Only within the -H (--hosts) option you can use wildcards. | |
1131 | + | |
1132 | + | |
1133 | +.SH INTERACTIVE MODE | |
1134 | +The interactive mode (ncurses mode) is automatically selected if ettercap is launched | |
1135 | +without the option -N . Explain what you can do with it will take pages and pages... and I'm | |
1136 | +not a good writer... so if you don't know what can you do in some circumstances, simply | |
1137 | +press 'H' and a help screen will popup. there you can find a detailed list of all available | |
1138 | +commands. | |
1139 | + | |
1140 | + | |
1141 | +.SH EXAMPLES | |
1142 | +Here are some examples of using ettercap. | |
1143 | +.TP | |
1144 | +.B ettercap -b | |
1145 | +.Sp | |
1146 | +On startup use broadcast ping to scan the LAN instead of ARP request all the | |
1147 | +subnet IPs. | |
1148 | +.TP | |
1149 | +.B ettercap -H "192.168.0.?,192.168.0.3?,192.168.0.2*" | |
1150 | +.Sp | |
1151 | +On startup scan only the host 192.168.0.1-9, 192.168.0.30-39, 192.168.0.2, | |
1152 | +192.168.0.20-29 and 192.168.0.200-255. | |
1153 | +if the PUBLICARP method will be selected only these host will be poisoned. | |
1154 | +.TP | |
1155 | +.B ettercap -s 192.168.0.1 192.168.0.2 | |
1156 | +.Sp | |
1157 | +Enter the interactive mode and sniff only the connections between 192.168.0.1 and 192.168.0.2 | |
1158 | +.TP | |
1159 | +.B ettercap -Nzs -F etter.filter 192.168.0.1 192.168.0.2 | |
1160 | +.Sp | |
1161 | +Load filter from etter.filter and activate them on all the connection between 192.168.0.1 | |
1162 | +and 192.168.0.2 . Only Log action will be supported because it is a -s (ipsniffing) method. | |
1163 | +192.168.0.1 is bound to the dest chain and 192.168.0.2 to the source one. | |
1164 | +To enable even the replacement and drop actions you have to launch "ettercap -Nza -F | |
1165 | +etter.filter IP IP MAC MAC" | |
1166 | +.TP | |
1167 | +.B ettercap -zs -e etter.conf | |
1168 | +.Sp | |
1169 | +Use the ip based sniffing mode and load the other option from the config file (etter.conf). | |
1170 | +Note that options in the file override command line. | |
1171 | +.TP | |
1172 | +.B ettercap -Nzs victim.my.net ANY:80 | |
1173 | +.Sp | |
1174 | +Sniffs in console mode (non interactive) only the connection to and from "victim.my.net" | |
1175 | +starting or ending to all other hosts but on port 80 (www). data are dumped in ASCII | |
1176 | +mode. to dump in HEX mode add the -x option. | |
1177 | +.TP | |
1178 | +.B ettercap -NRzs remote.host.net:23 my.local.host.com | |
1179 | +.Sp | |
1180 | +Useful to sniffs in console mode (non interactive) all the connection on a remote LAN | |
1181 | +on which you are executing ettercap. this example will prevent to show your telnet (:23) | |
1182 | +connection from "my.local.host.com" to "remote.host.net". | |
1183 | +.TP | |
1184 | +.B ettercap -Nclt | |
1185 | +.Sp | |
1186 | +This will provide you the entire list of hosts in the LAN. Will check if someone is | |
1187 | +poisoning you and will report its IP. Will tell you if you are on a switched LAN or not. | |
1188 | +.TP | |
1189 | +.B ettercap -NCLzs --quiet | |
1190 | +.Sp | |
1191 | +This will detach ettercap from console and log to a file all the collected password. | |
1192 | +Only works if the LAN is hubbed, or if collected password are directed to your host. | |
1193 | +.TP | |
1194 | +.B ettercap -NCza -D 100 192.168.0.1 192.168.0.2 55:23:A5:B4:C7:89 00:A3:56:FE:4F:6D | |
1195 | +.Sp | |
1196 | +Collect password to stdout on a switched LAN. this will poison the two host 192.168.0.1 | |
1197 | +and 192.168.0.2 each other. The delay between arp replies is set to 100 sec. | |
1198 | +.TP | |
1199 | +.B ettercap -Np triton | |
1200 | +.Sp | |
1201 | +Launch the plugin "triton" that will try to passively search for the LAN gateway. | |
1202 | +.TP | |
1203 | +.B ettercap -Np ooze victim.mynet.org | |
1204 | +.Sp | |
1205 | +Launch the plugin "ooze" that will portscan the host "victim.mynet.org" that will be translated | |
1206 | +with the right IP | |
1207 | + | |
1208 | +.SH PLATFORMS | |
1209 | +Linux 2.0.x 2.2.x 2.4.x | |
1210 | +.br | |
1211 | +FreeBSD 4.x | |
1212 | +.br | |
1213 | +OpenBSD 2.[789] | |
1214 | +.br | |
1215 | +NetBSD 1.5 | |
1216 | +.br | |
1217 | +Mac OS X (darwin 1.3) | |
1218 | + | |
1219 | + | |
1220 | +.SH FILES | |
1221 | +/usr/share/ettercap/etter.conf - the config file | |
1222 | +.br | |
1223 | +/usr/share/ettercap/etter.filter - the filter chains | |
1224 | +.br | |
1225 | +/usr/share/ettercap/etter.ssl.crt - the SSL certificate for HTTPS m-i-t-m | |
1226 | +.br | |
1227 | +/usr/share/ettercap/mac-fingerprints - the network adapter vendor database | |
1228 | +.br | |
1229 | +/usr/share/ettercap/nmap-os-fingerprints - the nmap (c) Fyodor os fingerprint | |
1230 | +.br | |
1231 | +/usr/doc/ettercap-0.5.4/* - the DOCUMENTATION | |
1232 | + | |
1233 | + | |
1234 | +.SH AUTHORS | |
1235 | +Alberto Ornaghi (ALoR) <alor@users.sourceforge.net> | |
1236 | +.br | |
1237 | +Marco Valleri (NaGA) <crwm@freemail.it> | |
1238 | + | |
1239 | + | |
1240 | +.SH AVAILABILITY | |
1241 | +http://ettercap.sourceforge.net/download/ | |
1242 | +.Sp | |
1243 | +Or if you want to do an automatic check of the latest version try "ettercap -vy" | |
1244 | + | |
1245 | + | |
1246 | +.SH BUGS | |
1247 | +Our software never has bugs. | |
1248 | +.br | |
1249 | +It just develops random features. ;) | |
1250 | +.PP | |
1251 | +.B KNOWN-BUGS | |
1252 | +.PP | |
1253 | +- It is better that you don't launch ettercap on a host that is a gateway | |
1254 | +because it needs to disable ip_forwarding, it may cause problem with routing. | |
1255 | +.PP | |
1256 | +- You cannot use plugins on yourself. outgoing link layer packets are not | |
1257 | +captured by the same socket, so they will be ignored. | |
1258 | +.PP | |
1259 | +- While poisoning on a switched LAN, ettercap won't sniff the traffic made | |
1260 | +by your host to others. the technical reason is: otherwise ettercap will | |
1261 | +forward your packets two time (and this is not good...) the artistic | |
1262 | +reason is: why sniffing yourself with a man-in-the-middle method ? use | |
1263 | +simple sniffing instead ! ;) | |
1264 | +.PP | |
1265 | +- While sniffing in Public ARP mode, ettercap can "view" only one way of | |
1266 | +the connection, so some protocol dissectors can fail... | |
1267 | +.PP | |
1268 | +- under X11 resizing the xterm can give a corrupted visualization of the | |
1269 | +interface. SIGWINCH is *partially* supported. | |
1270 | +.PP | |
1271 | +- ettercap doesn't handle fragmented packets... only the first segment | |
1272 | +will be displayed by the sniffer. However all the fragments are correctly | |
1273 | +forwarded. | |
1274 | +.PP | |
1275 | ++ please send bug-report, patches or suggestions to <alor@users.sourceforge.net> | |
1276 | +or visit http://ettercap.sourceforge.net/forum/ and post it in the BUGS section. | |
1277 | +.PP | |
1278 | ++ to report a bug, recompile ettercap with 'configure --enable-debug' | |
1279 | +and attach ettercap_debug.log to the mail in which U explain the problem. | |
2e13c635 MM |
1280 | diff -uNr ettercap-0.6.4.orig/ettercap.spec ettercap-0.6.4/ettercap.spec |
1281 | --- ettercap-0.6.4.orig/ettercap.spec Thu Jan 1 01:00:00 1970 | |
1282 | +++ ettercap-0.6.4/ettercap.spec Sat Feb 16 16:50:12 2002 | |
1d0ff707 | 1283 | @@ -0,0 +1,40 @@ |
1284 | +%define prefix /usr | |
1285 | + | |
1286 | +Summary: ettercap is a ncurses-based sniffer/interceptor utility | |
1287 | +Name: ettercap | |
1288 | +Version: 0.5.4 | |
1289 | +Release: 1 | |
1290 | +Serial: 20010906 | |
1291 | +Packager: ALoR <alor@users.sourceforge.net> | |
1292 | +Source: http://ettercap.sourceforge.net/download/%{name}-%{version}.tar.gz | |
1293 | +URL: http://ettercap.sourceforge.net/ | |
1294 | +License: GPL | |
1295 | +Group: Networking/Utilities | |
1296 | +Prefix: %{prefix} | |
1297 | +Buildroot: %{_tmppath}/%{name}-%{version}-root | |
1298 | + | |
1299 | +%description | |
1300 | +ettercap is a multipurpose sniffer/interceptor/logger for switched or "hubbed" LAN. | |
1301 | + | |
1302 | +%prep | |
1303 | +%setup -q | |
1304 | + | |
1305 | +%build | |
1306 | +./configure --prefix=%{prefix} --disable-debug --mandir=%{_mandir} | |
1307 | +make | |
1308 | +make plug-ins | |
1309 | + | |
1310 | +%install | |
1311 | +rm -rf $RPM_BUILD_ROOT | |
1312 | +make install DESTDIR=$RPM_BUILD_ROOT | |
1313 | +make plug-ins_install DESTDIR=$RPM_BUILD_ROOT | |
1314 | + | |
1315 | +%clean | |
1316 | +rm -rf $RPM_BUILD_ROOT | |
1317 | + | |
1318 | +%files | |
1319 | +%defattr(-,root,root) | |
1320 | +%{_mandir}/man8/* | |
1321 | +%doc COPYING README README.PLUGINS HISTORY CHANGELOG AUTHORS TODO THANKS KNOWN-BUGS PORTINGS | |
1322 | +%{prefix}/bin/* | |
1323 | +%{prefix}/share/ettercap/* |