Softpedia >Windows >Network Tools >Misc. Networking Tools >ettercap >  Changelog

ettercap Changelog

What's new in ettercap 0.8.3.1

Aug 1, 2020
  • Fix SSL protocol failure with older TLS client/server versions (min. TLS1.0)
  • Fix blackholing SSL packets when specific redirection is used
  • Fix TLS 1.3 interception issues (replace fake certificate with proper key length)
  • Fix segmentation fault when parsing HTTP NTLM handshake (fixes #922)
  • Fix crash if one redirect command is not enabled
  • Fix build on MacOSX detecting new dependency HarfBuzz
  • Fix warnings when parsing etter.(m)dns file when built w/o IPv6 support
  • Fix capture delay with libpcap v1.9.1 (fixes #974)
  • Fix segmentation fault when etterlog concatinate files
  • Fix compiling with GCC version / defaulting to -fno-common
  • Fix bad UDP length for packets changed with replace()
  • Fix passing --lua-args arguments to LUA scripts
  • Fix MSVC build when macro ORDER_ADD_{SHORT,LONG} is being used
  • Fix references to old sourceforce.org website in the code and documentation
  • Fix fingerprint_submit (still missing its server counterpart)
  • Take over client-side SNI extension in ClientHello in SSL interception (req. OpenSSL 1.1.1)
  • Take over SAN certificate extension from server certificate in SSL interception
  • Use server certificate sign algorithm to sign fake certificate defaulting to SHA256
  • CLI provided plugins are now also autostarted in graphical UI
  • Added --plugin-list CLI parameter
  • New execreplace etterfilter command
  • Update bundled OUI mac addresses
  • Update LuaJIT from 2.0.4 to 2.0.5
  • Update libnet from 1.1.6 to 1.2
  • Update check from 0.10.0 to 0.15.0
  • Update curl from 7.44.0 to 7.71.1
  • Separate etter.dns and etter.mdns examples in dedicated examples file
  • Remove source IP specification from customizable SSL redirects
  • Remove of deprecated redirect commands from etter.conf
  • Remove Easter Egg (Sorry ALoR and NaGA)

New in ettercap 0.8.3 (Mar 4, 2020)

  • Fix binary comparsion and assignment in etterfilter
  • Fixed packetbuffer racecond. in BRIDGE mode (e.g. Message too long)
  • Non-aligned filters are no longer supported (recompilation with etterfilter required)
  • Fixed sslstrip plugin startup issue due to regex compilation error
  • Fixed lots of build warnings
  • Proper separation of library and executable code
  • Fixed heap-buffer-overflow in write_output in etterfilter
  • ip_addr sanity check when etterlog processes info logfile
  • Lots of buffer under-/overflow conditions fixed
  • CVE-2017-6430 (Fix invalid read on crafted file in etterfilter)
  • fix dns_spoof plugin when used in bridge mode
  • SSL redirects are now customizable at runtime
  • GeoIP detection / support using CMake
  • Rework of GTK3 UI - modern GNOME3 look
  • New Kerberos 5 downgrade plugin
  • GTK3 is the new default GTK_BUILD_TYPE
  • OSPF dissector supports more authentication methods in hash-cracker friendly format
  • Rework of Oracle O5LOGON dissector
  • Multi-threaded name resolution
  • Updated etter.finger.mac
  • GTK2 phase out initialized
  • Usage of deprecated inet_aton replaced with current successor functions

New in ettercap 0.8.2 (Mar 24, 2015)

  • Bug Fix:
  • Fixed some openssl deprecated functions usage
  • Fixed log file ownership
  • Fixed mixed output print
  • Fixed drop_privs function usage
  • Fixed nopromisc option usage.
  • Fixed missing break in parser code.
  • Improved redirect commands
  • Fix truncated VLAN packet headers
  • Fix ettercap.rc file (windows only)
  • Various cmake fixes
  • A ton of BSD bug fixes
  • Simplify macosx cmake files
  • Fix incorrect sequence number after TCP injection
  • Fix pcap length, and aligment problems with libpcap
  • Bug fixes and gtk code refactor (gtk box wrapper)
  • Fix some ipv6 send issues
  • Fixed sleep time on Windows (high CPU usage)
  • Fixed many CVE vulnerabilities (some of them already fixed in 0.8.1)
  • CVE-2014-6395 (Length Parameter Inconsistency)
  • CVE-2014-6396 (Arbitrary write)
  • CVE-2014-9376 (Negative index/underflow)
  • CVE-2014-9377 (Heap overflow)
  • CVE-2014-9378 (Unchecked return value)
  • CVE-2014-9379 (Incorrect cast)
  • CVE-2014-9380 (Buffer over-read)
  • CVE-2014-9381 (Signedness error)
  • New Features:
  • Updated etter.finger.mac
  • Add TXT and ANY query support on dns_spoof
  • New macosx travis-ci build!
  • Enable again PDF generation
  • Removed:
  • Remove gprof support

New in ettercap 0.8.1 (Oct 17, 2014)

  • Bug Fix:
  • Fixed incorrect checksum computation on 64-bit systems
  • Fixed DNS resolution problems
  • Fixed hurd build failure (not specific to hurd but hurd seems the first OS defining ESUCCESS in glibc)
  • Fixed rpath handling
  • Fixed scan host crash with recent kernels
  • Fixed etter{log,filter} library path
  • O5LOGON dissector fixes for stealth mode scans
  • Fix constants to allow full hexadecimal characterset. Useful for filtering on ESP SPIs
  • Fixed some incoherencies in gbls pointers in utils and core
  • Fixed dhcp spoofing automatically start in text ui
  • Many fixes in filter compiler
  • Fixed lua installation path
  • Many ipv6 fixes and improvements
  • Fixed tests build failures
  • Fixed many iconv detection problems
  • Fixed many ctime problems
  • Fixed many dissector ports
  • Fixed timers incoherences
  • Fixed powerpc build failure
  • Fixed uniqueness of our include guards
  • Fixed cmake warnings, by correctly linking our libraries
  • Fixed clean target
  • Fixed COOKIE_PATTERN string
  • A ton of kfreebsd, freebsd, and MacOS fixes and build fixes
  • Fixed with a new "regain_privs" the ip forwarding restore
  • Fixed another scan crash
  • Fixed host list updated (delegated to the main thread)
  • Fixed etter.conf.v6 and etter.conf.v4 installation
  • Fixed (removed) some old code
  • Fixed (removed) some dbus interfaces listed in ettercap
  • Fixed some libraries link issues
  • Fixed various polkit installation directory issues
  • Fixed plugin path issues
  • Fixed bundled libs building order
  • Fixed undefined ips added to the host list (e.g. 0.0.0.0 in dhcp discover)
  • Fixed macosx builds
  • Moved check framework in bundled_libs directory
  • Fixed crash on scan for hosts, by adding a mutex
  • Fixed libettercap.so linking, by removing curses and gtk stuff
  • Fixed ip_add_to_int32 macro
  • Fixed a ton of warnings in gtk, curses and core
  • Fixed some documentation
  • Fixed tests with eglibc >= 2.17
  • Fixed check framework find, with fallback in the bundled one if not available
  • Fixed bug in etter.finger.mac parsing
  • Fixed ssl checks on cmake, now it is mandatory
  • Fixed scan for hosts progress bar
  • Fixed linux.org ip address on etter.dns conf file
  • Fixed some memory leakages
  • Fixed missing RelWithDebInfo on Cmake
  • Fixed typos
  • Fixed some performance issues in scan for hosts function
  • Fixed race condition when scan progress was canceled
  • Fixed cmake flags passing
  • Fixed IPv6 build
  • Fixed debug messages
  • New Features:
  • experimental ESP detection/filtering
  • make etter{log,filter} ipv6 compatible
  • Enabled multithread scan for Curses interface
  • New appdata xml file
  • New experimental GTK3 support!
  • New threaded host resolution!
  • Many build and runtime performances improvements
  • Ettercap builds on windows (MingW) again!
  • New arp "smart" poisoning!
  • New base64 encode and decode functions
  • New execinject etterfilter command
  • New ipv6 hidden scan mode
  • New support for multiple plugins in UI mode
  • New uninstall target
  • Gnu/Hurd support!
  • Automatically refresh plugin list
  • Threading some plugins
  • A new function for self-destruct plugins
  • New INSTALL_EXEDIR cmake option, now you can have "ettercap" and the other binaries in two different directories!
  • New Null/Loopback decoder!
  • Added automatic irc notifications!
  • Added some debug and fortify-source flags
  • Added some travis builds!
  • Updated etter.finger.mac
  • Added support for parsing RIPv2 and OSPF MD5 authentication packets
  • Updated curl and check bundled libraries
  • updated etter.filter.examples file
  • updated TODO list
  • etterfilter now is IPv6 ready!
  • Documentation updated
  • Man pages updated
  • New nd-poisoning!
  • Increased IPv6 probe delay from 2 seconds to 3
  • Removed:
  • Removed hex_encode stuff
  • Removed ec_pap.c since it was already implemented in ec_ppp.c
  • Removed duplicate code, in favour of libettercap usage

New in ettercap 0.8.0 (Oct 31, 2013)

  • Bug Fix:
  • Fixed some problems in fork and execve usage in case of command failure (sslstrip)
  • Fixed dropping privileges for remote_browser plugin ran as root
  • Fixed infinite loop when a http GET was issued on the attacker browser, while remote_browser was active
  • Fixed some "atexit" bad references
  • Fixed plugin load on text interface, if no number were entered
  • Fixed problem spotted when ethtool wasn't installed on the machine
  • Fixed old "ethereal" references
  • Fixed missing newlines in printf
  • Switching to ps2pdf as default (from ps2pdf13), it should point to ps2pdf14 on all distros
  • Fix cmake file, dropped MACPORTS_BASE_DIRECTORY
  • Fix problem in "stopping attacks" window not properly shown in gtk
  • Fix problem in wrong pcap file saving
  • Fix issue in send_udp function
  • Fix problem in libnet rc detection
  • Fix restore ip_forward by retrying up to 5 times
  • Fix socket issues
  • Fix for hex format display
  • New send_tcp function, taking payload and length
  • Fixed memory leak in remote browser plugin
  • Fixed comparison bug in ec_decode
  • Fixed UI input for GTK
  • Fixed some memory leaks
  • Fixed man pages and AUTHORS file
  • Fixes in sslstrip plugin
  • Many etter.dns fixes
  • Many documentation fixes
  • A ton of refactors/fixes in Cmake scripts
  • Fix GTK crash when scanning hosts
  • Fix build failure on Mac OS X 10.6
  • Crash fix in target selection
  • Disabled UID change for remote browser plugin
  • Fixed remote browser plugin
  • A ton of fixes in protocols and dissectors (dhcp, http, ppp, mpls)
  • New Features:
  • New ettercap logo
  • Renamed help menu to "?", to avoid double "H" shortcut
  • New WARN_MSG warning message
  • Added message in DHCP spoofing when no mitm has started
  • New horizontal scrollbar for messages in gtk view
  • Disabled offload warning messages (only in Release mode)
  • New ettercap-pkexec, policy and ettercap.desktop files for launching ettercap -G as a normal user with sudo privileges
  • Automatic host list refresh in GTK GUI after scanning
  • New fraggle plugin attack
  • New fields in etter.fields file
  • Cherry picked debian patches (svg icon)
  • Added content print on http dissector
  • Added support for negative dns replies
  • Creation of (experimental) unit tests
  • Creation of (experimental) libettercap
  • Now you can build just the ettercap library (libettercap) without any GUIs
  • Added travis-ci support
  • DNS spoofing for IPv6 addresses
  • PDF Docs generation is not optional
  • Added SRV query handling to DNS spoof
  • New mDNS spoof plugin
  • New low level decoders
  • New decoder for ip over pppoe
  • Added PPP DLT to interfaces
  • Add experimental Lua support to Ettercap
  • New Bundle libnet and curl
  • Full support for wifi decrypting (wep and wpa)
  • Removed:
  • Disabled update feature (not working anymore and not secure)
  • Deprecated napster dissector

New in ettercap 0.7.6 (Aug 23, 2013)

  • Bug Fix:
  • Fixed some parsing errors
  • Fixes to TN3270 dissector and SSL Strip
  • PostgreSQL dissector: Update output format to reflect release syntax or John the Ripper 1.7.9-Jumbo-8. The old format is still supported, but deprecated.
  • Fixed memory leak in SSL Strip plugin
  • Fixed check in invalid ip header
  • Fixed QoS packets handling (they aren't dropped anymore)
  • Fix in o5logon Heap Corruption
  • New and updated OUI file
  • Some memory leaks fixed
  • Fixed some bugs in return values and fstat failures handling
  • Fixed a bug in some password display (didn't get null terminated)
  • Many fixes in gcc warnings when building
  • Better cmake module to find curl and libnet
  • Fixed bug in filters load
  • Fixes in HTTP and HTTPs protocols
  • Fixed UI deadlock
  • Fixes in tcp and http handling (infinite loop and crash)
  • Better reads in BGP to avoid invalid reads
  • New Features:
  • New logo
  • Added ascii FQDN support to DHCP ACK
  • Added UA parsing to http packets
  • Added support for IPv4 and IPv6 Tunnels
  • New mDNS dissector
  • Added PPI support (per packet information) for wireless captures
  • Ensure that we find required packages with cmake
  • New clean-all cmake target
  • Print a message when done reading PCAP file
  • Removed:
  • Removed 'u' and 'p' fields from etter.fields file

New in ettercap 0.7.4 (Jan 4, 2012)

  • fixed resource depletion issue
  • buffer access out-of-bounds issues
  • DNS dissector not working on 64bit systems
  • multiple buffer overflows
  • multiple memory leaks
  • multiple files with obsolete code
  • fixed SEND L3 errors experienced by some users
  • fixed a compilation error under Mac OS X Lion
  • updated build system

New in ettercap 0.7.3 (Jan 4, 2012)

  • added the INC (+=) and DEC (-=) operators to the filter engine
  • fixed the compilation of some plugins
  • fixed a segfault in the isolate plugin
  • fixed a bug in the dhcp spoofing module
  • fixed a serious security bug

New in ettercap 0.7.2 (Jan 4, 2012)

  • the hosts scan can now be canceled by the user (ctrl+q)
  • the netmask for the scan can now be specified within the GUI
  • checksum_check was renamed to checksum_warning and a new
  • option to prevent the check was introduced
  • (see the man page etter.conf(5) for details)
  • added the help menu (inline man pages)
  • wins support for the dns_spoof plugin
  • new plugin: repoison_arp
  • do not drop privs under windows (useless)
  • fixed the mmap problem under windows
  • fixed file operation under windows (O_BINARY related)
  • fixed the IRC password collector (\r \n related)
  • fixes the dumping of the profiles to a file (fingerprint not recorded)
  • the remote flag is now reset when the arp poisoning is stopped
  • fixed the ebcdic visualization
  • fixed the autoadd plugin when a target is ANY

New in ettercap 0.7.1 (Jan 4, 2012)

  • added the -s options to issue commands to the gui (useful in scripts)
  • added the -I options to show the list of NICs
  • ported to windows (mingw)
  • added a new plugin: isolate
  • updated os and mac fingerprints
  • fixed compilation of strtok_r under solaris
  • fixed a pthread problem under mac os X
  • fixed the compilation with gcc 3.5.x
  • fixed message box character wrapping (gtk)

New in ettercap 0.7.0 (Jan 4, 2012)

  • implemeted a thread safe strtok
  • prepared the source for a smooth mingw porting
  • fixed numeric sorting in gtk interface
  • autoadd plugin does not add the local address
  • dump profiles to file now dumps even host without any open port
  • fixed compilation under freebsd 4.9

New in ettercap 0.7.0 RC 1 (Jan 4, 2012)

  • WEP decryption for WiFi packets
  • support for prism2 headers
  • added the -I search option in etterlog
  • you can now apply filters on pcapfiles and dump the results
  • you can now specify an alternative config file with -a
  • log to file works again
  • fixed a segfault dumping profiles to file
  • fixed a segfault when opening not-readable dirs from the curses GUI
  • fixed uninitialized data that caused segfault in the dhcp dissector
  • etterlog -c respect the -f specification
  • fixed some problems with non blocking ssl sockets
  • "should be checksum" is now correct

New in ettercap 0.7.0 PreRelease 2 (Jan 4, 2012)

  • added support for UTF-8 strings
  • telnet collector enhacements (catches cisco login)
  • added new plugins:
  • find_ettercap
  • autoadd
  • the live connections list can be purged by the user
  • SSL support for the following dissector:
  • imaps
  • ircs
  • ldaps
  • nntps
  • pop3s
  • ssmtp
  • telnets
  • support for vlan tagging (802.1q header)
  • support for rawip file dumps
  • multiple selections in the GTK ui for targets and hosts
  • wifi enhancements
  • fixed the $prefix issue in the configure
  • fixed a linking problem against openssl
  • some fixes in the man pages
  • compiles against old openssl 0.9.6x
  • better error handling on file creation failure
  • fingerprint submissions works again
  • fixed the configure checks for libpcap and libnet
  • ec[ip] files are now platform independent
  • fixed the "etter.ssl.crt not found" bug
  • the arp_cop plugin now does not report the ettercap poisoning
  • the filters are respected even logging to a eci file
  • profiles in the eci file are not duplicated if arp poisoning

New in ettercap 0.7.0 PreRelease 1 (Jan 4, 2012)

  • rewrite from scratch (the code is now cleaner and well commented)
  • it now requirese libpcap and libnet
  • support for unconfigured network interfaces
  • automake and libtool are now used for the configuration process
  • etterlog utility for logfiles parsing
  • etterfilter utility to compile advanced content filters
  • root privs dropped after initialization
  • big endian arch support (sparc64)
  • layer 3 routing (forwarding packets)
  • new media support for:
  • wifi
  • token ring
  • fddi
  • ppp
  • linux cooked interfaces
  • unified sniffing (you can use external hijacker)
  • new MITM methods:
  • advanced ARP poisoning engine (with many-to-many support)
  • ICMP redirect
  • DCHP spoofing
  • port stealing
  • multiple target selection
  • pcap filter on capture
  • regex packet matching
  • hook points per packet type (TCP, UDP... )
  • quiet mode (don't print packet content)
  • enhanced passive open port discoverer
  • randomized ARP scan
  • cached dns resolution (increase speed and stealth)
  • enhanced statistics on ettercap performances
  • extended headers for every packet
  • passive DNS answer caching
  • global conf file always loaded to tweak internal variables
  • etter.conf supports dissectors on multiple ports
  • possibility to sniff on loopback
  • autoupdate from website for passive databases
  • non root users can use ettercap to read from files
  • unoffensive mode (doesn't forward packets)
  • user messages can be logged
  • dissector enhancements in:
  • POP (APOP and AUTH LOGIN/PLAIN support)
  • X11 (banner discovery)
  • TELNET (collect even failed attempts)
  • SNMP fixes
  • MySQL fixes
  • HalfLife and Quake3 were unified
  • SMB
  • SSH (blowfish support)
  • SSL (totally reworked, runs on all platforms)
  • HTTP has gained performance overhaul
  • ...many others
  • new dissectors:
  • SMTP
  • CVS
  • OSPF, VRRP
  • plugins were unified, no more distinctions between standalone and hooking
  • new plugins:
  • finger (SYN+ACK fingerprinting on remote hosts)
  • smb_clear, smb_down (attacks against the SMB protocol)
  • curses interface improvements:
  • resizable under X11
  • mouse event are supported
  • customizable colors
  • completely new menu-driven interface
  • totally redesigne GTK+ interface
  • you can filter set a visualization regexp
  • profiles can be dumped to a file
  • A lot of new bugs^H^H^H^H random features to be discovered ;)
  • offline sniffing actually does not bind to any NICs
  • packet factory was removed
  • some plugins were not ported

New in ettercap 0.6b (Jan 4, 2012)

  • Plugins now works with GTK+ interface
  • Updated the passive OS fingerprint database (1279 records)
  • Fixed internal refreshing (for huge traffic loads)
  • Fixed wifi-dump support
  • Fixed doppleganger re-arp
  • Fixed a problem with signed char under mac G3
  • Fixed some possible buffer overflows

New in ettercap 0.6a (Jan 4, 2012)

  • Buffered Data Connections (only for ncurses)
  • New Sniffing method (Port Stealing)
  • Updated the passive OS fingerprint database (1189 records)
  • enhanced smb dissector
  • enhanced troll plugin against request caching
  • NEW PLUGIN: Confusion,Hunter, SMB suite
  • partial wifi-dump support (experimental)
  • Fixed demonization problem
  • Fixed StateMachine problem
  • A bounch of bug fix