Resurrection: sniffing tool Ettercap has returned
More than six years after the arrival of 0.73, the Ettercap developers have released version 0.74 of their open source security tool for man-in-the-middle attacks on LAN. Although the only change was the removal of several small bugs, many are excited just to see that Ettercap has been revived after such a long time. Fittingly, the developers named the new version Lazarus.
Ettercap is still the tool of choice for pen testers who want to redirect connections in switched LANs via their own computers. The H's associates at heise Security also use the tool to test manufacturers' security claims and analyse secure data transfers.
Ettercap combines ARP spoofing with an automatic search for specific information in data streams. For man-in-the-middle attacks, the tool can also breach SSL connections by creating its own certificate and presenting it to the browser. Ettercap supports HTTP(S), POP3, SMTP, IMAP and other protocols.
The original developers, Alberto Ornaghi (ALoR) and Marco Valleri (NaGA), developed Ettercap while at university but afterwards did not have enough time to devote to it because of their jobs and families. The baton has now been passed to Emilio Escobar and Eric Milam (J0hnnyBrav0), who say that they already have a long to-do list, including a number of new functions.
Further details about the update can be found in the change log. Source code for version 0.7.4 of Ettercap is available to download from the project's site. Hosted on SourceForge, Ettercap is licensed under the GPLv2.