2
ettercap -- a ncurses-based sniffer/interceptor utility for switched LAN
4
Copyright (C) 2002 ALoR <alor@users.sourceforge.net>, NaGA <crwm@freemail.it>
6
This program is free software; you can redistribute it and/or modify
7
it under the terms of the GNU General Public License as published by
8
the Free Software Foundation; either version 2 of the License, or
9
(at your option) any later version.
11
This program is distributed in the hope that it will be useful,
12
but WITHOUT ANY WARRANTY; without even the implied warranty of
13
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14
GNU General Public License for more details.
16
You should have received a copy of the GNU General Public License
17
along with this program; if not, write to the Free Software
18
Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
20
$Id: ec_main.c,v 1.49 2003/07/04 20:41:42 alor Exp $
25
#include <sys/ioctl.h>
27
#if defined (HAVE_TERMIOS_H) && !defined (CYGWIN)
33
#include "missing/getopt.h"
36
#include <ec_version.h>
38
#include <ec_simple.h>
39
#include <ec_signal.h>
40
#include <ec_parser.h>
41
#include <ec_filterdrop.h>
42
#include <ec_thread.h>
43
#include <ec_plugins.h>
46
#include <ec_interface.h>
51
#include <ec_gtk_splash.h>
56
HOST *Host_In_LAN = NULL; // ec_main.h
57
int number_of_hosts_in_lan;
59
CONNECTION *Conn_Between_Hosts = NULL; // ec_main.h
60
int number_of_connections = -1;
62
PASSIVE_DATA *Passive_Host; // ec_main.h
63
int number_of_passive_hosts;
65
CURRENT_SNIFFED_DATA current_illithid_data;
70
extern char image_path[100];
75
int pipe_with_illithid_data = -1;
76
int pipe_with_plugins = -1;
80
char active_dissector = 1; // ec_main.h
81
char filter_on_source = 0;
82
char filter_on_dest = 0;
86
void Main_Usage(void);
87
void Main_Interactive(void);
88
void Main_Normal(void);
89
void Main_CheckForRun(char *program_argv0);
90
void Main_CheckForFilters(void);
91
void Main_ParseParameters(char *first, char *second, char *third, char *fourth);
92
void Main_Check_NewRelease(void);
93
#if DEVEL_RELEASE == 1
94
void Main_Devel_Release(void);
96
//-----------------------------------
98
int main(int argc, char *argv[])
101
DEBUG_MSG("Main -- here we go !!");
103
ECThread_register(pthread_self(), "ettercap");
105
Main_CheckForRun(argv[0]); // it is ok ?
107
Signal_SigBuster(); // signal masking
109
#if DEVEL_RELEASE == 1
110
Main_Devel_Release();
117
for(i=0; i<argc; i++)
118
DEBUG_MSG("Main_ParameterList - [%d] %s", i, argv[i]);
122
Options.delay = DEFAULT_DELAY; // the default delay between arp replies (ec_doppleganger)
123
Options.storm_delay = DEFAULT_STORM_DELAY; // the default delay between arp request on start up (ec_inet)
124
Options.buflen = DEFAULT_BUFLEN;
125
Options.refresh_delay = DEFAULT_REFRESH_DELAY;
127
if (Parser_ParseOptions(argc, argv) == 1) // config file
128
Parser_ParseConfFile(optarg);
130
if (Options.normal) Options.buflen = 0; // No connection buffer for command line mode
134
if(!gtk_init_check(&argc, &argv))
135
Error_msg("Unable to load GTK interface.");
139
#if DEVEL_RELEASE == 1
140
fprintf (stdout, "\n\033[01m\033[1m%s %s beta %s (c) 2002 %s\033[0m\n\n", PROGRAM, VERSION, RELEASE_DATE, AUTHORS);
142
fprintf (stdout, "\n\033[01m\033[1m%s %s (c) 2002 %s\033[0m\n\n", PROGRAM, VERSION, AUTHORS);
147
Main_Check_NewRelease();
149
if (!strcmp(Options.netiface, "")) // set the default interface
151
if (Inet_FindIFace(Options.netiface) == -1)
152
Error_msg("No suitable Network Interface found !!");
154
else if ( Inet_CorrectIface(Options.netiface) < 0)
156
Error_msg("%s (%s)", strerror(errno), Options.netiface);
158
Error_msg("%s is NOT a valid network interface for ettercap !!", Options.netiface);
161
if (Options.filter) Main_CheckForFilters();
163
pipe(pipe_inject); // create the pipes with illithid
169
fprintf (stdout, "Your IP: %s with MAC: %s on Iface: %s\n", Inet_MyIPAddress(), Inet_MyMACAddress(), Options.netiface);
182
void Main_Usage(void)
185
DEBUG_MSG("Main_Usage");
187
fprintf (stdout, "\nUsage: %s [OPTION] [HOST:PORT] [HOST:PORT] [MAC] [MAC]\n\n", PROGRAM);
189
fprintf (stdout, "Sniffing method:\n");
190
fprintf (stdout, " -a, --arpsniff ARPBASED sniffing (specifying two hosts)\n");
191
fprintf (stdout, " SMARTARP (specifying one host but with the list)\n");
192
fprintf (stdout, " PUBLICARP (specifying only one host silently)\n");
193
fprintf (stdout, " in silent mode : must specify both IP and MAC\n");
194
fprintf (stdout, " i.e.: ettercap -Nza IP IP MAC MAC (ARPBASED)\n");
195
fprintf (stdout, " ettercap -Na IP MAC (SMARTARP)\n");
196
fprintf (stdout, " ettercap -Nza IP MAC (PUBLICARP)\n");
197
fprintf (stdout, " -s, --sniff IPBASED sniffing\n");
198
fprintf (stdout, " you can specify the ANY ip that means ALL hosts\n");
199
fprintf (stdout, " e.g.: ettercap -Nzs ANY:80 (sniff only http)\n");
200
fprintf (stdout, " -m, --macsniff MACBASED sniffing \n");
201
fprintf (stdout, " e.g.: ettercap -zm MAC1 MAC2\n");
202
fprintf (stdout, " ettercap -Nm MAC\n");
204
fprintf (stdout, "\nOff Line Sniffing:\n");
205
fprintf (stdout, " -T, --readpcapfile OFFLINE sniffing (read packets from a file)\n");
206
fprintf (stdout, " e.g.: ettercap -T file_dumped_from_tcpdump\n");
207
fprintf (stdout, " -Y, --writepcapfile DUMP packets to a pcap compatible file format\n");
208
fprintf (stdout, " e.g.: ettercap -NzsY file_to_be_dumped\n");
210
fprintf (stdout, "\nGeneral options:\n");
211
fprintf (stdout, " -N, --simple NON-interactive mode (without ncurses)\n");
213
fprintf (stdout, " -G, --gtk GTK mode (gui for X11)\n");
215
fprintf (stdout, " -z, --silent silent mode (no arp storm on start up)\n");
216
fprintf (stdout, " -O, --passive passive scanning of the LAN\n");
217
fprintf (stdout, " -b, --broadping broadcast ping instead of arp storm on start up\n");
218
fprintf (stdout, " -D, --delay <n sec> the delay between arp replies when poisoning (default is 30 sec)\n");
219
fprintf (stdout, " -Z, --stormdelay <n usec> the delay between arp requests on startup (def is 1500 usec)\n");
220
fprintf (stdout, " -B, --bufferlen <n pck> the lenght of each connection buffer. \n"
221
" 0 for no connection buffer (def is 3)\n");
222
fprintf (stdout, " -r, --refresh <n sec> clear internal lists after n sec (def is 300)\n");
223
fprintf (stdout, " -S, --spoof <IP> on start up send requests with this IP\n");
224
fprintf (stdout, " -H, --hosts <IP1[;IP2][;..]> on start up scan only these hosts\n");
225
fprintf (stdout, " -d, --dontresolve don't resolve the IPs (speed up the startup)\n");
226
fprintf (stdout, " -i, --iface <iface> network interface to be used\n");
227
fprintf (stdout, " -n, --netmask <netmask> the netmask used to scan the lan\n");
228
fprintf (stdout, " -e, --etterconf <filename> load options from a config file\n");
229
fprintf (stdout, " -j, --loadhosts <filename> load host/mac list from a file\n");
230
fprintf (stdout, " -k, --savehosts save host/mac list to a file\n");
231
fprintf (stdout, " -X, --forceip disable the spoofed ICMP before poisoning\n");
232
fprintf (stdout, " -v, --version check for the latest ettercap version\n");
233
fprintf (stdout, " -y, --yes in combination with -v auto answer yes\n");
234
fprintf (stdout, " -h, --help this help screen\n");
236
fprintf (stdout, "\nSilent mode options (combined with -N):\n");
237
fprintf (stdout, " -t, --proto <proto> sniff only <proto> connection (def. is tcp+udp)\n");
238
fprintf (stdout, " proto can be: tcp, udp or all\n");
239
fprintf (stdout, " -J, --onlypoison don't sniff, only do arp poisoning\n");
240
fprintf (stdout, " -R, --reverse sniff all the connection but the selected one\n");
241
#ifdef PERMIT_PLUGINS
242
fprintf (stdout, " -p, --plugin <name> run the \"name\" plugin (\"list\" for available ones)\n");
244
fprintf (stdout, " -l, --list list all hosts in the lan\n");
245
fprintf (stdout, " -C, --collect collect users and passwords only\n");
246
fprintf (stdout, " this options must be used with a sniffing method\n");
247
fprintf (stdout, " Eg: ettercap -NCzs\n");
248
fprintf (stdout, " -f, --fingerprint <host> do active OS fingerprinting on HOST\n");
249
fprintf (stdout, " -1, --hexview display data in hex mode\n");
250
fprintf (stdout, " -2, --textview display data in text mode\n");
251
fprintf (stdout, " -3, --ebcdicview display data in ebcdic mode\n");
252
fprintf (stdout, " -L, --logtofile logs all data to specific file(s)\n");
253
fprintf (stdout, " (for pcap use -Y)\n");
254
fprintf (stdout, " -q, --quiet \"demonize\" ettercap (useful with -L)\n");
255
fprintf (stdout, " -w, --newcert create a new SSL cert file for HTTPS dissector\n");
256
fprintf (stdout, " -F, --filter <filename> load \"filename\" as the filter chain file\n");
257
fprintf (stdout, " -c, --check check for other poisoners on the LAN\n");
258
fprintf (stdout, " -g, --linktype tries to indentify the LAN type (switch or hub)\n");
259
fprintf (stdout, "\n");
266
void Main_Interactive(void)
273
struct winsize ws = {0, 0, 0, 0};
275
DEBUG_MSG("Main_Interactive");
277
if ( ioctl(0, TIOCGWINSZ, &ws) < 0) // syscall for the window size
278
Error_msg("ec_main:%d ioctl(TIOCGWINSZ) | ERRNO : %d | %s", __LINE__, errno, strerror(errno));
280
if ( (ws.ws_row < 25) || (ws.ws_col < 80) )
283
short cols = ws.ws_col;
284
short rows = ws.ws_row;
286
DEBUG_MSG("Main_Interactive -- screen wide %dx%d (TIOCGWINSZ)", ws.ws_row, ws.ws_col);
288
if ((p = getenv("LINES")))
290
if ((p = getenv("COLUMNS")))
293
DEBUG_MSG("Main_Interactive -- screen wide %sx%s (getenv)", getenv("LINES"), getenv("COLUMNS"));
295
if (rows < 25 || cols < 80)
296
Error_msg("Screen must be at least 25x80 !!");
300
#ifdef PERMIT_PLUGINS
304
if (!Options.silent) printf("Building host list for netmask %s, please wait...\n", Inet_MySubnet());
305
number_of_hosts_in_lan = Inet_HostInLAN();
307
Interface_InitTitle(Host_In_LAN[0].ip, Host_In_LAN[0].mac, Inet_MySubnet());
308
Interface_InitScreen();
311
DEBUG_MSG("Ncurses not supported -- turning to non interactive mode...");
312
fprintf(stdout, "\nNcurses not supported -- turning to non interactive mode...\n\n");
321
DEBUG_MSG("GTK+ 2.0 not supported -- turning to non interactive mode...");
322
fprintf(stdout, "\nGTK+ 2.0 not supported -- turning to non interactive mode...\n\n");
327
DEBUG_MSG("Main_Interactive_END");
330
void Main_Normal(void)
333
DEBUG_MSG("Main_Normal");
336
#ifdef PERMIT_PLUGINS
337
if (Options.plugin || Options.arpsniff || Options.sniff || Options.macsniff)
341
if (Options.list || Options.check || Options.arpsniff ||
342
Options.sniff || Options.macsniff || Options.link ||
343
Options.passive || Options.hoststofile || Options.onlypoison)
345
printf("Building host list for netmask %s, please wait...\n", Inet_MySubnet());
346
number_of_hosts_in_lan = Inet_HostInLAN();
349
if (Options.hoststofile)
351
fprintf(stdout, "\nHost/MAC list dumped into file: %s\n\n", Inet_Save_Host_List());
359
Simple_CheckForPoisoner();
363
Simple_CheckForSwitch();
367
Simple_FingerPrint();
369
#ifdef PERMIT_PLUGINS
374
if (Options.arpsniff || Options.sniff || Options.macsniff || Options.onlypoison)
378
Simple_PassiveScan();
382
DEBUG_MSG("Main_Normal_END");
389
void Main_CheckForRun(char *program_argv0)
393
DEBUG_MSG("Main_CheckForRun -- [%s]", program_argv0);
397
Error_msg("Sorry UID %d, you must be root to run %s !!", getuid(), PROGRAM);
400
if (strchr(program_argv0, '/'))
401
program_argv0 = strrchr(program_argv0, '/') + 1;
403
for (i=0; i<strlen(program_argv0); i++)
404
program_argv0[i] = tolower(program_argv0[i]);
406
DEBUG_MSG("Main_CheckForRun -- [%s]", program_argv0);
408
if (!strstr(program_argv0, PROGRAM)) // just for script-kiddies ;)
409
Error_msg("Hey guy ! My name is \"%s\" ! I REALLY don't like \"%s\"...", PROGRAM, program_argv0);
415
void Main_CheckForFilters(void)
418
DEBUG_MSG("Main_CheckForFilters");
420
switch(FilterDrop_Validation(Filter_Array_Dest))
423
fprintf(stdout, "CAUTION: the source filter chain contains a loop...\n");
424
fprintf(stdout, "ettercap may hang up. please review your filter chain... [press RETURN to continue]\n\n");
428
Error_msg("CAUTION: a filter in the source chain has a jump outside the chain !!!\n"
429
"ettercap will sig fault. review your filter chain immediately !!\n\n");
432
switch( FilterDrop_Validation(Filter_Array_Dest))
435
fprintf(stdout, "CAUTION: the dest filter chain contains a loop...\n");
436
fprintf(stdout, "ettercap may hang up. please review your filter chain... [press RETURN to continue]\n\n");
440
Error_msg("CAUTION: a filter in the dest chain has a jump outside the chain !!!\n"
441
"ettercap will sig fault. review your filter chain immediately !!\n\n");
449
#if DEVEL_RELEASE == 1
450
void Main_Devel_Release(void)
453
fprintf (stdout, "\n\n");
454
fprintf (stdout, "==============================================================================\n");
455
fprintf (stdout, " %s %s IS STILL IN DEVELOPMENT STATE. ABSOLUTELY NO WARRANTY !\n\n", PROGRAM, VERSION);
456
fprintf (stdout, " if you are a betatester please report bugs to :\n");
457
fprintf (stdout, " http://ettercap.sourceforge.net/forum/viewforum.php?f=7\n\n");
458
fprintf (stdout, " or send an email to:\n");
459
fprintf (stdout, " alor@users.sourceforge.net\n");
460
fprintf (stdout, " crwm@freemail.it\n\n");
461
// fprintf (stdout, " if you are NOT a betatester, I don't know where you downloaded this release\n");
462
// fprintf (stdout, " but this is NOT for you, so don't blame us for any bugs or problems !\n");
463
fprintf (stdout, "==============================================================================\n");
464
fprintf (stdout, "\n\n");
470
void Main_Check_NewRelease(void)
478
char host[] = "ettercap.sourceforge.net";
479
char page[] = "/latest.php";
480
// char host[] = "zefiro.alor.org";
481
// char page[] = "/ettercap/latest.php";
483
DEBUG_MSG("Main_Check_NewRelease -- now is %s", VERSION);
485
memset(buffer, 0, sizeof(buffer));
487
fprintf (stdout, "\nCurrent version is : \033[01m\033[1m%s\033[0m\n", VERSION);
491
fprintf (stdout, "\n\nDo you want to check for the latest version ? (y/n) ");
499
fprintf(stdout, "\n\n");
501
if (answer == 'y' || answer == 'Y')
503
fprintf (stdout, "Connecting to http://%s...\n", host);
504
sock = Inet_OpenSocket(host, 80);
506
fprintf (stdout, "Requesting %s...\n\n", page);
507
snprintf(getmsg, sizeof(getmsg), "GET %s HTTP/1.0\r\n"
509
"User-Agent: %s (%s).\r\n"
510
"\r\n", page, host, PROGRAM, VERSION );
511
Inet_Http_Send(sock, getmsg);
513
DEBUG_MSG("Main_Check_NewRelease - SEND -----------------------\n\n%s\n\n", getmsg);
514
DEBUG_MSG("Main_Check_NewRelease - ENDSEND --------------------");
516
Inet_Http_Receive(sock, buffer, sizeof(buffer));
518
DEBUG_MSG("Main_Check_NewRelease - RECEIVE --------------------\n\n%s\n\n", buffer);
519
DEBUG_MSG("Main_Check_NewRelease - ENDRECEIVE -----------------");
521
Inet_CloseSocket(sock);
524
Error_msg("The server didn't respond");
526
ptr = strstr(buffer, "\r\n\r\n") + 4; // skip the headers.
527
if (strncmp(ptr, "LATEST: ", 8))
528
Error_msg("Error parsing the response... \n\n");
531
latest = strdup(strtok(ptr, "\n"));
532
if ( strncmp(latest, VERSION, 5) == 0)
533
Error_msg("You already have the latest ettercap release (\033[01m\033[1m%s\033[0m)\n\n", latest);
534
else if (strncmp(latest, VERSION, 5) < 0)
536
DEBUG_MSG("You have a newer release than the official one (%s)", latest);
537
fprintf(stdout, "You have a newer release (\033[01m\033[1m%s\033[0m) than the official one (\033[01m\033[1m%s\033[0m)\n\n", VERSION, latest);
538
fprintf(stdout, "\033[01m\033[1m%s\033[0m is currently under development... use at you own risk... ;)\n\n", VERSION);
543
fprintf(stdout, "The latest release is \033[01m\033[1m%s\033[0m\n\n", latest);
545
fprintf(stdout, "NEW in this release:\n%s\n\n", ptr);
548
fprintf(stdout, "Do you want to wget it ? (y/n)");
551
while ( (answer = getchar()) == '\n');
556
fprintf(stdout, "\n\n");
558
if (answer == 'y' || answer == 'Y')
561
snprintf(wget, sizeof(wget), "http://%s/download/ettercap-%s.tar.gz", host, latest);
562
if ( execl( WGET_PATH, "wget", wget, NULL) == -1 )
563
Error_msg("Cannot execute wget ! Auto update cannot download the file...\n");
573
// vim:ts=3:expandtab