What's new in ettercap 0.8.3.1
Aug 1, 2020
- Fix SSL protocol failure with older TLS client/server versions (min. TLS1.0)
- Fix blackholing SSL packets when specific redirection is used
- Fix TLS 1.3 interception issues (replace fake certificate with proper key length)
- Fix segmentation fault when parsing HTTP NTLM handshake (fixes #922)
- Fix crash if one redirect command is not enabled
- Fix build on MacOSX detecting new dependency HarfBuzz
- Fix warnings when parsing etter.(m)dns file when built w/o IPv6 support
- Fix capture delay with libpcap v1.9.1 (fixes #974)
- Fix segmentation fault when etterlog concatinate files
- Fix compiling with GCC version / defaulting to -fno-common
- Fix bad UDP length for packets changed with replace()
- Fix passing --lua-args arguments to LUA scripts
- Fix MSVC build when macro ORDER_ADD_{SHORT,LONG} is being used
- Fix references to old sourceforce.org website in the code and documentation
- Fix fingerprint_submit (still missing its server counterpart)
- Take over client-side SNI extension in ClientHello in SSL interception (req. OpenSSL 1.1.1)
- Take over SAN certificate extension from server certificate in SSL interception
- Use server certificate sign algorithm to sign fake certificate defaulting to SHA256
- CLI provided plugins are now also autostarted in graphical UI
- Added --plugin-list CLI parameter
- New execreplace etterfilter command
- Update bundled OUI mac addresses
- Update LuaJIT from 2.0.4 to 2.0.5
- Update libnet from 1.1.6 to 1.2
- Update check from 0.10.0 to 0.15.0
- Update curl from 7.44.0 to 7.71.1
- Separate etter.dns and etter.mdns examples in dedicated examples file
- Remove source IP specification from customizable SSL redirects
- Remove of deprecated redirect commands from etter.conf
- Remove Easter Egg (Sorry ALoR and NaGA)
New in ettercap 0.8.3 (Mar 4, 2020)
- Fix binary comparsion and assignment in etterfilter
- Fixed packetbuffer racecond. in BRIDGE mode (e.g. Message too long)
- Non-aligned filters are no longer supported (recompilation with etterfilter required)
- Fixed sslstrip plugin startup issue due to regex compilation error
- Fixed lots of build warnings
- Proper separation of library and executable code
- Fixed heap-buffer-overflow in write_output in etterfilter
- ip_addr sanity check when etterlog processes info logfile
- Lots of buffer under-/overflow conditions fixed
- CVE-2017-6430 (Fix invalid read on crafted file in etterfilter)
- fix dns_spoof plugin when used in bridge mode
- SSL redirects are now customizable at runtime
- GeoIP detection / support using CMake
- Rework of GTK3 UI - modern GNOME3 look
- New Kerberos 5 downgrade plugin
- GTK3 is the new default GTK_BUILD_TYPE
- OSPF dissector supports more authentication methods in hash-cracker friendly format
- Rework of Oracle O5LOGON dissector
- Multi-threaded name resolution
- Updated etter.finger.mac
- GTK2 phase out initialized
- Usage of deprecated inet_aton replaced with current successor functions
New in ettercap 0.8.2 (Mar 24, 2015)
- Bug Fix:
- Fixed some openssl deprecated functions usage
- Fixed log file ownership
- Fixed mixed output print
- Fixed drop_privs function usage
- Fixed nopromisc option usage.
- Fixed missing break in parser code.
- Improved redirect commands
- Fix truncated VLAN packet headers
- Fix ettercap.rc file (windows only)
- Various cmake fixes
- A ton of BSD bug fixes
- Simplify macosx cmake files
- Fix incorrect sequence number after TCP injection
- Fix pcap length, and aligment problems with libpcap
- Bug fixes and gtk code refactor (gtk box wrapper)
- Fix some ipv6 send issues
- Fixed sleep time on Windows (high CPU usage)
- Fixed many CVE vulnerabilities (some of them already fixed in 0.8.1)
- CVE-2014-6395 (Length Parameter Inconsistency)
- CVE-2014-6396 (Arbitrary write)
- CVE-2014-9376 (Negative index/underflow)
- CVE-2014-9377 (Heap overflow)
- CVE-2014-9378 (Unchecked return value)
- CVE-2014-9379 (Incorrect cast)
- CVE-2014-9380 (Buffer over-read)
- CVE-2014-9381 (Signedness error)
- New Features:
- Updated etter.finger.mac
- Add TXT and ANY query support on dns_spoof
- New macosx travis-ci build!
- Enable again PDF generation
- Removed:
- Remove gprof support
New in ettercap 0.8.1 (Oct 17, 2014)
- Bug Fix:
- Fixed incorrect checksum computation on 64-bit systems
- Fixed DNS resolution problems
- Fixed hurd build failure (not specific to hurd but hurd seems the first OS defining ESUCCESS in glibc)
- Fixed rpath handling
- Fixed scan host crash with recent kernels
- Fixed etter{log,filter} library path
- O5LOGON dissector fixes for stealth mode scans
- Fix constants to allow full hexadecimal characterset. Useful for filtering on ESP SPIs
- Fixed some incoherencies in gbls pointers in utils and core
- Fixed dhcp spoofing automatically start in text ui
- Many fixes in filter compiler
- Fixed lua installation path
- Many ipv6 fixes and improvements
- Fixed tests build failures
- Fixed many iconv detection problems
- Fixed many ctime problems
- Fixed many dissector ports
- Fixed timers incoherences
- Fixed powerpc build failure
- Fixed uniqueness of our include guards
- Fixed cmake warnings, by correctly linking our libraries
- Fixed clean target
- Fixed COOKIE_PATTERN string
- A ton of kfreebsd, freebsd, and MacOS fixes and build fixes
- Fixed with a new "regain_privs" the ip forwarding restore
- Fixed another scan crash
- Fixed host list updated (delegated to the main thread)
- Fixed etter.conf.v6 and etter.conf.v4 installation
- Fixed (removed) some old code
- Fixed (removed) some dbus interfaces listed in ettercap
- Fixed some libraries link issues
- Fixed various polkit installation directory issues
- Fixed plugin path issues
- Fixed bundled libs building order
- Fixed undefined ips added to the host list (e.g. 0.0.0.0 in dhcp discover)
- Fixed macosx builds
- Moved check framework in bundled_libs directory
- Fixed crash on scan for hosts, by adding a mutex
- Fixed libettercap.so linking, by removing curses and gtk stuff
- Fixed ip_add_to_int32 macro
- Fixed a ton of warnings in gtk, curses and core
- Fixed some documentation
- Fixed tests with eglibc >= 2.17
- Fixed check framework find, with fallback in the bundled one if not available
- Fixed bug in etter.finger.mac parsing
- Fixed ssl checks on cmake, now it is mandatory
- Fixed scan for hosts progress bar
- Fixed linux.org ip address on etter.dns conf file
- Fixed some memory leakages
- Fixed missing RelWithDebInfo on Cmake
- Fixed typos
- Fixed some performance issues in scan for hosts function
- Fixed race condition when scan progress was canceled
- Fixed cmake flags passing
- Fixed IPv6 build
- Fixed debug messages
- New Features:
- experimental ESP detection/filtering
- make etter{log,filter} ipv6 compatible
- Enabled multithread scan for Curses interface
- New appdata xml file
- New experimental GTK3 support!
- New threaded host resolution!
- Many build and runtime performances improvements
- Ettercap builds on windows (MingW) again!
- New arp "smart" poisoning!
- New base64 encode and decode functions
- New execinject etterfilter command
- New ipv6 hidden scan mode
- New support for multiple plugins in UI mode
- New uninstall target
- Gnu/Hurd support!
- Automatically refresh plugin list
- Threading some plugins
- A new function for self-destruct plugins
- New INSTALL_EXEDIR cmake option, now you can have "ettercap" and the other binaries in two different directories!
- New Null/Loopback decoder!
- Added automatic irc notifications!
- Added some debug and fortify-source flags
- Added some travis builds!
- Updated etter.finger.mac
- Added support for parsing RIPv2 and OSPF MD5 authentication packets
- Updated curl and check bundled libraries
- updated etter.filter.examples file
- updated TODO list
- etterfilter now is IPv6 ready!
- Documentation updated
- Man pages updated
- New nd-poisoning!
- Increased IPv6 probe delay from 2 seconds to 3
- Removed:
- Removed hex_encode stuff
- Removed ec_pap.c since it was already implemented in ec_ppp.c
- Removed duplicate code, in favour of libettercap usage
New in ettercap 0.8.0 (Oct 31, 2013)
- Bug Fix:
- Fixed some problems in fork and execve usage in case of command failure (sslstrip)
- Fixed dropping privileges for remote_browser plugin ran as root
- Fixed infinite loop when a http GET was issued on the attacker browser, while remote_browser was active
- Fixed some "atexit" bad references
- Fixed plugin load on text interface, if no number were entered
- Fixed problem spotted when ethtool wasn't installed on the machine
- Fixed old "ethereal" references
- Fixed missing newlines in printf
- Switching to ps2pdf as default (from ps2pdf13), it should point to ps2pdf14 on all distros
- Fix cmake file, dropped MACPORTS_BASE_DIRECTORY
- Fix problem in "stopping attacks" window not properly shown in gtk
- Fix problem in wrong pcap file saving
- Fix issue in send_udp function
- Fix problem in libnet rc detection
- Fix restore ip_forward by retrying up to 5 times
- Fix socket issues
- Fix for hex format display
- New send_tcp function, taking payload and length
- Fixed memory leak in remote browser plugin
- Fixed comparison bug in ec_decode
- Fixed UI input for GTK
- Fixed some memory leaks
- Fixed man pages and AUTHORS file
- Fixes in sslstrip plugin
- Many etter.dns fixes
- Many documentation fixes
- A ton of refactors/fixes in Cmake scripts
- Fix GTK crash when scanning hosts
- Fix build failure on Mac OS X 10.6
- Crash fix in target selection
- Disabled UID change for remote browser plugin
- Fixed remote browser plugin
- A ton of fixes in protocols and dissectors (dhcp, http, ppp, mpls)
- New Features:
- New ettercap logo
- Renamed help menu to "?", to avoid double "H" shortcut
- New WARN_MSG warning message
- Added message in DHCP spoofing when no mitm has started
- New horizontal scrollbar for messages in gtk view
- Disabled offload warning messages (only in Release mode)
- New ettercap-pkexec, policy and ettercap.desktop files for launching ettercap -G as a normal user with sudo privileges
- Automatic host list refresh in GTK GUI after scanning
- New fraggle plugin attack
- New fields in etter.fields file
- Cherry picked debian patches (svg icon)
- Added content print on http dissector
- Added support for negative dns replies
- Creation of (experimental) unit tests
- Creation of (experimental) libettercap
- Now you can build just the ettercap library (libettercap) without any GUIs
- Added travis-ci support
- DNS spoofing for IPv6 addresses
- PDF Docs generation is not optional
- Added SRV query handling to DNS spoof
- New mDNS spoof plugin
- New low level decoders
- New decoder for ip over pppoe
- Added PPP DLT to interfaces
- Add experimental Lua support to Ettercap
- New Bundle libnet and curl
- Full support for wifi decrypting (wep and wpa)
- Removed:
- Disabled update feature (not working anymore and not secure)
- Deprecated napster dissector
New in ettercap 0.7.6 (Aug 23, 2013)
- Bug Fix:
- Fixed some parsing errors
- Fixes to TN3270 dissector and SSL Strip
- PostgreSQL dissector: Update output format to reflect release syntax or John the Ripper 1.7.9-Jumbo-8. The old format is still supported, but deprecated.
- Fixed memory leak in SSL Strip plugin
- Fixed check in invalid ip header
- Fixed QoS packets handling (they aren't dropped anymore)
- Fix in o5logon Heap Corruption
- New and updated OUI file
- Some memory leaks fixed
- Fixed some bugs in return values and fstat failures handling
- Fixed a bug in some password display (didn't get null terminated)
- Many fixes in gcc warnings when building
- Better cmake module to find curl and libnet
- Fixed bug in filters load
- Fixes in HTTP and HTTPs protocols
- Fixed UI deadlock
- Fixes in tcp and http handling (infinite loop and crash)
- Better reads in BGP to avoid invalid reads
- New Features:
- New logo
- Added ascii FQDN support to DHCP ACK
- Added UA parsing to http packets
- Added support for IPv4 and IPv6 Tunnels
- New mDNS dissector
- Added PPI support (per packet information) for wireless captures
- Ensure that we find required packages with cmake
- New clean-all cmake target
- Print a message when done reading PCAP file
- Removed:
- Removed 'u' and 'p' fields from etter.fields file
New in ettercap 0.7.4 (Jan 4, 2012)
- fixed resource depletion issue
- buffer access out-of-bounds issues
- DNS dissector not working on 64bit systems
- multiple buffer overflows
- multiple memory leaks
- multiple files with obsolete code
- fixed SEND L3 errors experienced by some users
- fixed a compilation error under Mac OS X Lion
- updated build system
New in ettercap 0.7.3 (Jan 4, 2012)
- added the INC (+=) and DEC (-=) operators to the filter engine
- fixed the compilation of some plugins
- fixed a segfault in the isolate plugin
- fixed a bug in the dhcp spoofing module
- fixed a serious security bug
New in ettercap 0.7.2 (Jan 4, 2012)
- the hosts scan can now be canceled by the user (ctrl+q)
- the netmask for the scan can now be specified within the GUI
- checksum_check was renamed to checksum_warning and a new
- option to prevent the check was introduced
- (see the man page etter.conf(5) for details)
- added the help menu (inline man pages)
- wins support for the dns_spoof plugin
- new plugin: repoison_arp
- do not drop privs under windows (useless)
- fixed the mmap problem under windows
- fixed file operation under windows (O_BINARY related)
- fixed the IRC password collector (\r \n related)
- fixes the dumping of the profiles to a file (fingerprint not recorded)
- the remote flag is now reset when the arp poisoning is stopped
- fixed the ebcdic visualization
- fixed the autoadd plugin when a target is ANY
New in ettercap 0.7.1 (Jan 4, 2012)
- added the -s options to issue commands to the gui (useful in scripts)
- added the -I options to show the list of NICs
- ported to windows (mingw)
- added a new plugin: isolate
- updated os and mac fingerprints
- fixed compilation of strtok_r under solaris
- fixed a pthread problem under mac os X
- fixed the compilation with gcc 3.5.x
- fixed message box character wrapping (gtk)
New in ettercap 0.7.0 (Jan 4, 2012)
- implemeted a thread safe strtok
- prepared the source for a smooth mingw porting
- fixed numeric sorting in gtk interface
- autoadd plugin does not add the local address
- dump profiles to file now dumps even host without any open port
- fixed compilation under freebsd 4.9
New in ettercap 0.7.0 RC 1 (Jan 4, 2012)
- WEP decryption for WiFi packets
- support for prism2 headers
- added the -I search option in etterlog
- you can now apply filters on pcapfiles and dump the results
- you can now specify an alternative config file with -a
- log to file works again
- fixed a segfault dumping profiles to file
- fixed a segfault when opening not-readable dirs from the curses GUI
- fixed uninitialized data that caused segfault in the dhcp dissector
- etterlog -c respect the -f specification
- fixed some problems with non blocking ssl sockets
- "should be checksum" is now correct
New in ettercap 0.7.0 PreRelease 2 (Jan 4, 2012)
- added support for UTF-8 strings
- telnet collector enhacements (catches cisco login)
- added new plugins:
- find_ettercap
- autoadd
- the live connections list can be purged by the user
- SSL support for the following dissector:
- imaps
- ircs
- ldaps
- nntps
- pop3s
- ssmtp
- telnets
- support for vlan tagging (802.1q header)
- support for rawip file dumps
- multiple selections in the GTK ui for targets and hosts
- wifi enhancements
- fixed the $prefix issue in the configure
- fixed a linking problem against openssl
- some fixes in the man pages
- compiles against old openssl 0.9.6x
- better error handling on file creation failure
- fingerprint submissions works again
- fixed the configure checks for libpcap and libnet
- ec[ip] files are now platform independent
- fixed the "etter.ssl.crt not found" bug
- the arp_cop plugin now does not report the ettercap poisoning
- the filters are respected even logging to a eci file
- profiles in the eci file are not duplicated if arp poisoning
New in ettercap 0.7.0 PreRelease 1 (Jan 4, 2012)
- rewrite from scratch (the code is now cleaner and well commented)
- it now requirese libpcap and libnet
- support for unconfigured network interfaces
- automake and libtool are now used for the configuration process
- etterlog utility for logfiles parsing
- etterfilter utility to compile advanced content filters
- root privs dropped after initialization
- big endian arch support (sparc64)
- layer 3 routing (forwarding packets)
- new media support for:
- wifi
- token ring
- fddi
- ppp
- linux cooked interfaces
- unified sniffing (you can use external hijacker)
- new MITM methods:
- advanced ARP poisoning engine (with many-to-many support)
- ICMP redirect
- DCHP spoofing
- port stealing
- multiple target selection
- pcap filter on capture
- regex packet matching
- hook points per packet type (TCP, UDP... )
- quiet mode (don't print packet content)
- enhanced passive open port discoverer
- randomized ARP scan
- cached dns resolution (increase speed and stealth)
- enhanced statistics on ettercap performances
- extended headers for every packet
- passive DNS answer caching
- global conf file always loaded to tweak internal variables
- etter.conf supports dissectors on multiple ports
- possibility to sniff on loopback
- autoupdate from website for passive databases
- non root users can use ettercap to read from files
- unoffensive mode (doesn't forward packets)
- user messages can be logged
- dissector enhancements in:
- POP (APOP and AUTH LOGIN/PLAIN support)
- X11 (banner discovery)
- TELNET (collect even failed attempts)
- SNMP fixes
- MySQL fixes
- HalfLife and Quake3 were unified
- SMB
- SSH (blowfish support)
- SSL (totally reworked, runs on all platforms)
- HTTP has gained performance overhaul
- ...many others
- new dissectors:
- SMTP
- CVS
- OSPF, VRRP
- plugins were unified, no more distinctions between standalone and hooking
- new plugins:
- finger (SYN+ACK fingerprinting on remote hosts)
- smb_clear, smb_down (attacks against the SMB protocol)
- curses interface improvements:
- resizable under X11
- mouse event are supported
- customizable colors
- completely new menu-driven interface
- totally redesigne GTK+ interface
- you can filter set a visualization regexp
- profiles can be dumped to a file
- A lot of new bugs^H^H^H^H random features to be discovered ;)
- offline sniffing actually does not bind to any NICs
- packet factory was removed
- some plugins were not ported
New in ettercap 0.6b (Jan 4, 2012)
- Plugins now works with GTK+ interface
- Updated the passive OS fingerprint database (1279 records)
- Fixed internal refreshing (for huge traffic loads)
- Fixed wifi-dump support
- Fixed doppleganger re-arp
- Fixed a problem with signed char under mac G3
- Fixed some possible buffer overflows
New in ettercap 0.6a (Jan 4, 2012)
- Buffered Data Connections (only for ncurses)
- New Sniffing method (Port Stealing)
- Updated the passive OS fingerprint database (1189 records)
- enhanced smb dissector
- enhanced troll plugin against request caching
- NEW PLUGIN: Confusion,Hunter, SMB suite
- partial wifi-dump support (experimental)
- Fixed demonization problem
- Fixed StateMachine problem
- A bounch of bug fix