Ettercap
Suatu tool untuk sniffing alias intip mengintip bagi para penggemar teknik “Man in the middle
attack”.
Ok kita akan pakai yang cli aja yah.
Code:
Ok kita akan pakai yang cli aja yah.
Code:
ettercap -h
ettercap NG-0.7.3 copyright 2001-2004 ALoR & NaGA
Usage: ettercap [OPTIONS] [TARGET1] [TARGET2]
TARGET is in the format MAC/IPs/PORTs (see the man for further detail)
Sniffing and Attack options:
-M, –mitm perform a mitm attack
-o, –only-mitm don’t sniff, only perform the mitm attack
-B, –bridge use bridged sniff (needs 2 ifaces)
-p, –nopromisc do not put the iface in promisc mode
-u, –unoffensive do not forward packets
-r, –read read data from pcapfile
-f, –pcapfilter set the pcap filter
-R, –reversed use reversed TARGET matching
-t, –proto
sniff only this proto (default is all)
-M, –mitm perform a mitm attack
-o, –only-mitm don’t sniff, only perform the mitm attack
-B, –bridge use bridged sniff (needs 2 ifaces)
-p, –nopromisc do not put the iface in promisc mode
-u, –unoffensive do not forward packets
-r, –read read data from pcapfile
-f, –pcapfilter set the pcap filter
-R, –reversed use reversed TARGET matching
-t, –proto
sniff only this proto (default is all)
User Interface Type:
-T, –text use text only GUI
-q, –quiet do not display packet contents
-s, –script issue these commands to the GUI
-C, –curses use curses GUI
-G, –gtk use GTK+ GUI
-D, –daemon daemonize ettercap (no GUI)
-T, –text use text only GUI
-q, –quiet do not display packet contents
-s, –script issue these commands to the GUI
-C, –curses use curses GUI
-G, –gtk use GTK+ GUI
-D, –daemon daemonize ettercap (no GUI)
Logging options:
-w, –write write sniffed data to pcapfile
-L, –log log all the traffic to this
-l, –log-info log only passive infos to this
-m, –log-msg log all the messages to this
-c, –compress use gzip compression on log files
-w, –write write sniffed data to pcapfile
-L, –log log all the traffic to this
-l, –log-info log only passive infos to this
-m, –log-msg log all the messages to this
-c, –compress use gzip compression on log files
Visualization options:
-d, –dns resolves ip addresses into hostnames
-V, –visual
set the visualization format
-e, –regex visualize only packets matching this regex
-E, –ext-headers print extended header for every pck
-Q, –superquiet do not display user and password
-d, –dns resolves ip addresses into hostnames
-V, –visual
set the visualization format
-e, –regex visualize only packets matching this regex
-E, –ext-headers print extended header for every pck
-Q, –superquiet do not display user and password
General options:
-i, –iface use this network interface
-I, –iflist show all the network interfaces
-n, –netmask force this on iface
-P, –plugin
launch this
-F, –filter load the filter (content filter)
-z, –silent do not perform the initial ARP scan
-j, –load-hosts load the hosts list from
-k, –save-hosts save the hosts list to
-W, –wep-key use this wep key to decrypt wifi packets
-a, –config use the alterative config file
-i, –iface use this network interface
-I, –iflist show all the network interfaces
-n, –netmask force this on iface
-P, –plugin
launch this
-F, –filter load the filter (content filter)
-z, –silent do not perform the initial ARP scan
-j, –load-hosts load the hosts list from
-k, –save-hosts save the hosts list to
-W, –wep-key use this wep key to decrypt wifi packets
-a, –config use the alterative config file
Standard options:
-U, –update updates the databases from ettercap website
-v, –version prints the version and exit
-h, –help this help screen
-U, –update updates the databases from ettercap website
-v, –version prints the version and exit
-h, –help this help screen
Ok misal kita tes untuk memantau jaringan kita:
Code:
Code:
ettercap -T
-DNS Poisoning dengan ettercap:
Contoh penggunaan:
Code:
Code:
ettercap -TQM arp:remote -P dns_spoof
- Plugin Remote Browser
digunakan untuk melihat aktivitas pengaksesan web target yang 1 subnet:
Code:
digunakan untuk melihat aktivitas pengaksesan web target yang 1 subnet:
Code:
contoh untuk melihat ip-ip subnet dengan nmap:
ettercap -T -Q -M arp:remote -i eth0 /target_ip/ /gateway_ip/ -P remote_browser
code:
code:
nmap -sS 111.94.8.*
Do you like this article? Share It!
