7
=========================================
9
!! fixed resource depletion issue
10
!! buffer access out-of-bounds issues
11
!! fixed DNS dissector not working on 64bit systems
12
!! multiple buffer overflows
13
!! multiple memory leaks
14
!! multiple files with obsolete code
15
!! fixed SEND L3 errors experienced by some users
16
!! fixed a compilation error under Mac OS X Lion
17
!! updated build system
18
(Please see bug track for issue specifics)
22
+ added the radius dissector
23
+ go into unoffensive mode if libnet initialization fails
24
!! etterfilter now accepts empty blocks
25
!! the log files are closed on SIGTERM
26
!! fixed a compilation error under Mac OS X Tiger
27
!! fixed an improper handling of wdg_dynlist callback
28
!! fixed bound checking in some dissectors
33
+ added the INC (+=) and DEC (-=) operators to the filter engine
34
!! fixed the compilation of some plugins
35
!! fixed a segfault in the isolate plugin
36
!! fixed a bug in the dhcp spoofing module
37
!! fixed a serious security bug (a format bug in the curses gui)
42
+ the hosts scan can now be canceled by the user (ctrl+q)
43
+ the netmask for the scan can now be specified within the GUI
44
+ checksum_check was renamed to checksum_warning
45
and a new option to prevent the check was introduced
46
(see the man page etter.conf(5) for details)
47
+ added the help menu (inline man pages)
48
+ wins support for the dns_spoof plugin
49
+ new plugin: repoison_arp
50
!! do not drop privs under windows (useless)
51
!! fixed the mmap problem under windows
52
!! fixed file operation under windows (O_BINARY related)
53
!! fixed the IRC password collector (\r \n related)
54
!! fixes the dumping of the profiles to a file (fingerprint not recorded)
55
!! the remote flag is now reset when the arp poisoning is stopped
56
!! fixed the ebcdic visualization
57
!! fixed the autoadd plugin when a target is ANY
62
+ added the -s options to issue commands to the gui (useful in scripts)
63
+ added the -I options to show the list of NICs
64
+ ported to windows (mingw)
65
+ added a new plugin: isolate
66
+ updated os and mac fingerprints
67
!! fixed compilation of strtok_r under solaris
68
!! fixed a pthread problem under mac os X
69
!! fixed the compilation with gcc 3.5.x
70
!! fixed message box character wrapping (gtk)
75
+ implemented a thread safe strtok
76
+ prepared the source for a smooth mingw porting
77
!! fixed numeric sorting in gtk interface
78
!! autoadd plugin does not add the local address
79
!! dump profiles to file now dumps even host without any open port
80
!! fixed compilation under freebsd 4.9
85
+ WEP decryption for WiFi packets
86
+ support for prism2 headers
87
+ added the -I search option in etterlog
88
+ you can now apply filters on pcapfiles and dump the results
89
+ you can now specify an alternative config file with -a
90
!! log to file works again
91
!! fixed a segfault dumping profiles to file
92
!! fixed a segfault when opening not-readable dirs from the curses GUI
93
!! fixed uninitialized data that caused segfault in the dhcp dissector
94
!! etterlog -c respect the -f specification
95
!! fixed some problems with non blocking ssl sockets
96
!! "should be checksum" is now correct
99
NG-0.7.0_pre2 20040517
101
+ added support for UTF-8 strings
102
+ telnet collector enhancements (catches cisco login)
106
+ the live connections list can be purged by the user
107
+ SSL support for the following dissector:
115
+ support for vlan tagging (802.1q header)
116
+ support for rawip file dumps
117
+ multiple selections in the GTK ui for targets and hosts
119
!! fixed the $prefix issue in the configure
120
!! fixed a linking problem against openssl
121
!! some fixes in the man pages
122
!! compiles against old openssl 0.9.6x
123
!! better error handling on file creation failure
124
!! fingerprint submissions works again
125
!! fixed the configure checks for libpcap and libnet
126
!! ec[ip] files are now platform independent
127
!! fixed the "etter.ssl.crt not found" bug
128
!! the arp_cop plugin now does not report the ettercap poisoning
129
!! the filters are respected even logging to a eci file
130
!! profiles in the eci file are not duplicated if arp poisoning
133
NG-0.7.0_pre1 20040415
135
+ rewrite from scratch (the code is now cleaner and well commented)
136
+ it now requires libpcap and libnet
137
+ support for unconfigured network interfaces
138
+ automake and libtool are now used for the configuration process
139
+ etterlog utility for logfiles parsing
140
+ etterfilter utility to compile advanced content filters
141
+ root privs dropped after initialization
142
+ big endian arch support (sparc64)
143
+ layer 3 routing (forwarding packets)
144
+ new media support for:
149
+ linux cooked interfaces
150
+ unified sniffing (you can use external hijacker)
152
+ advanced ARP poisoning engine (with many-to-many support)
156
+ multiple target selection
157
+ pcap filter on capture
158
+ regex packet matching
159
+ hook points per packet type (TCP, UDP... )
160
+ quiet mode (don't print packet content)
161
+ enhanced passive open port discoverer
162
+ randomized ARP scan
163
+ cached dns resolution (increase speed and stealth)
164
+ enhanced statistics on ettercap performances
165
+ extended headers for every packet
166
+ passive DNS answer caching
167
+ global conf file always loaded to tweak internal variables
168
+ etter.conf supports dissectors on multiple ports
169
+ possibility to sniff on loopback
170
+ autoupdate from website for passive databases
171
+ non root users can use ettercap to read from files
172
+ unoffensive mode (doesn't forward packets)
173
+ user messages can be logged
174
+ dissector enhancements in:
175
+ POP (APOP and AUTH LOGIN/PLAIN support)
176
+ X11 (banner discovery)
177
+ TELNET (collect even failed attempts)
180
+ HalfLife and Quake3 were unified
182
+ SSH (blowfish support)
183
+ SSL (totally reworked, runs on all platforms)
184
+ HTTP has gained performance overhaul
190
+ plugins were unified, no more distinctions between standalone and hooking
192
+ finger (SYN+ACK fingerprinting on remote hosts)
193
+ smb_clear, smb_down (attacks against the SMB protocol)
194
+ curses interface improvements:
195
+ resizable under X11
196
+ mouse event are supported
197
+ customizable colors
198
+ completely new menu-driven interface
199
+ totally redesigned GTK+ interface
200
+ you can filter data with a visualization regexp
201
+ profiles can be dumped to a file
202
+ A lot of new bugs^H^H^H^H random features to be discovered ;)
203
!! offline sniffing actually does not bind to any NICs
204
- packet factory was removed
205
- some plugins were not ported
207
+++ too many other improvements to be listed here +++
212
+ Plugins now works with GTK+ interface
213
+ Updated the passive OS fingerprint database (1279 records)
214
!! Fixed internal refreshing (for huge traffic loads)
215
!! Fixed wifi-dump support
216
!! Fixed doppelganger re-arp
217
!! Fixed a problem with signed char under mac G3
218
!! Fixed some possible buffer overflows
223
+ Buffered Data Connections (only for ncurses)
224
+ New Sniffing method (Port Stealing)
225
+ Updated the passive OS fingerprint database (1189 records)
226
+ enhanced smb dissector
227
+ enhanced troll plugin against request caching
228
+ NEW PLUGIN: Confusion,Hunter, SMB suite
229
+ partial wifi-dump support (experimental)
230
!! Fixed demonization problem
231
!! Fixed StateMachine problem
232
!! a bouch of bug fix
237
+ GTK+ 2.0 interface (experimental) (--enable-devel)
238
+ Windows Plugins porting
239
+ Updated the passive OS fingerprint database (1093 records)
240
+ Dissector Proxy 8080
242
+ Enhanced poisoning method (solaris issue)
243
+ NEW PLUGIN: troll, PPTP suite
244
+ text and ebcdic view from command line
245
+ lc-convert utility (share dir)
246
!! Fixed a LIBS problem under MacOSX (-lpoll)
247
!! Fixed the VNC dissector
248
!! A bouch of bug fix (too many to list here)
253
+ Updated the passive OS fingerprint database (853 records)
254
!! Fixed the strlcpy bug in the the telnet dissector (oops alor mistake)
255
!! Fixed a possible sigfault in the rlogin dissector
256
!! Fixed the exit_func for Mac OS X
262
+ Sparc architecture support even for all other OSes
264
+ Increased the speed of arp storm under windows
265
+ Added the ability to bind a port on which ettercap forwards the sniffed traffic
266
+ The -H option now supports range ip
267
+ NEW PLUGIN: lamia (become root of a switches spanning tree)
268
+ Updated the passive OS fingerprint database (825 records)
269
!! Fixed the pthread_join problem under MacOSX
270
!! Fixed the -w options (openssl path related bug)
271
!! Fixed the conflicting options -Y and -a
272
!! Fixed the FindIface function under BSD
277
+ Windows (CYGWIN) porting
278
+ Dumping to and sniffing from tcpdump file format is now supported
279
+ Sniffing from command line now capture UDP+TCP packet by default
280
+ Logging engine doesn't log the same user/pass/ip twice
281
+ Under *BSD and MacOSX ettercap now uses only one bpf
282
+ Added the -J options (onlyposion) to allow multitarget arp sniffing
284
- roper (Tries to stop ISAKMP for IPSEC traffic)
285
+ NEW password collector for: QUAKE 3, ICQ v7, MSN, YMSG
286
+ DISSECTORS enhanced: HTTPS - IMAP - NAPSTER (opennap) - IRC
288
- leech (now it rearps the victim after isolation)
289
+ DOCUMENTATION translated in Polish and Dutch
290
!! Better handling of CTRL+C
291
!! Fixed a bug the the dlsym on OpenBSD 3.0 (plugin related)
292
!! Fixed a bug in the handling of debug file
293
!! Fixed the "not scrolling" JOINED visualization
298
+ You can sniff traffic from a remote cisco router
299
and make mitm attacks on it using GRE tunnels.
300
+ Added some bits for the passive OS fingerprint database.
301
Now even the length of the packet make sense.
302
+ The sniffing interface now supports JOINED view
304
- thief (dumps all files from HTTP)
305
- zaratan (redirect GRE tunnels)
306
+ ICQ dissector now searches for passwords on all ports
307
+ Updated the passive OS fingerprint database (675 records)
308
+ Changed arg 2 of Plugin_HookPoint for PCK_RECEIVED_RAW
309
!! Under OpenBSD the pflog interface is ignored
310
!! Fixed the DATA_PATH issue in the phantom plugin
311
!! Fixed an unsigned short in state_machine
312
!! Fixed some plugins that don't recognize the 'yes' answer
313
!! Fixed the plugins symbol problem on Mac OS X (strip -x)
314
!! Fixed the possibility of remote exploitation on interface with MTU > 1500
319
!! Fixed the truncation of passwords in some dissectors
320
!! Fixed the -undefined error problem for Mac OS X (darwin 1.4.x / 5.1)
325
+ Grell dissector (HTTPS) now handles proxy auth
326
+ Grell dissector (HTTPS) now correctly handles SSL & TLS
327
+ Better connection status handling
328
+ Updated the passive OS fingerprint database (530 records)
329
- Removed the --enable-suid option, so it is clear that ettercap is only for root
330
!! Fixed a bug that implied to send on the net every packet sniffed from it (introduced in ettercap 0.6.2)
331
!! Fixed the ENOBUFS error on BSD
332
!! Fixed a bug for the compilation with --disable-plugins
333
!! Fixed a bug for the compilation on Mac OS X without dlcompat libs
334
!! Fixed the configure script to handle the -bundle_loader option under Mac OS X
335
!! Fixed the command line format bug exploit (`ettercap %x%x%x%x%x`) !!
336
!! Fixed many security threats in the code
341
+ Ettercap is now a multi-thread single process.
342
+ The connection handling engine was enhanced and sped up
343
+ Now filtered (replaced) data can exceed the MTU
344
+ Completely new plugin conception (hooking plugin)
345
+ Better handling for unknown passive fingerprints
346
+ Possibility to load/save the hosts list from/to a file (-j -k options)
347
- the -k (newcert) options was renamed to -w
348
+ Updated the passive OS fingerprint database (501 records)
349
+ Updated the active OS fingerprint database (2001/10/14)
350
+ New 'TEXT only' view on sniffed data
351
+ NEW password collector for: HALF LIFE, NFS, SNMP, LDAP
352
+ ENHANCEMENT in the password collector for: MySQL
353
+ NEW PLUGIN : dwarf (logs all POP and SMTP activity)
354
!! Fixed a bug when recognizing HUB or SWITCH
355
!! Fixed a bug in the banshee plugin
356
!! Fixed a bug in the filtering engine from command line
357
!! Fixed a sigfault in the HTTP dissector
358
!! Plugins are now installed in {prefix}/lib/ettercap, not in share/ettercap
359
!! ettercap is now installed in the more appropriate {prefix}/sbin/
360
!! now the configure script doesn't require root privileges to run
361
!! configure now handles correctly the --datadir=DIR and --libdir=DIR directive.
366
+ Passive scanning of the LAN
367
+ Plugins ported to Mac OS X (darwin)
368
+ Doppelganger now uses the new REQUEST ARP POISON (see readme)
369
+ Grell (HTTPS) now supports virtual hosts
370
+ The Logging engine for the simple mode was rewritten from scratch
371
+ Now MAC sniffing can have only one parameter
372
+ Updated the active OS fingerprint database
373
+ Updated the MAC fingerprint database
374
+ NEW PLUGIN : beholder and basilisk
375
+ PLUGIN enhanced: imp and triton
376
!! configure script tuned up. now it compiles missing libs only if needed
377
!! Fixed a bug preventing SSL sniffing
378
!! Fixed a problem in illithid related to the smart arp sniffing
379
!! Fixed a compilation problem for FreeBSD 4.0 (getifaddrs related)
380
!! Fixed a compilation problem for MacOsX (termios related)
381
!! Fixed a ioctl() problem in phantom plugin on *BSD and MacOsX
385
+ Porting for Mac Os X (darwin 1.3.x)
386
+ Reverse IP matching (-R option)
387
+ Spoofing of the source ip on start up
388
+ Customizable delay between arp request on startup
389
+ Added the Inet_CloseRawSock API (for debugging purpose)
390
+ Better handling of SIGSEGV and SIGBUS (for debugging purpose)
391
+ Updated the OS fingerprint database
392
+ ENHANCEMENT in the password collector for: IRC
393
+ PLUGIN enhanced: triton
394
+ NEW PLUGIN : arpcop, phantom, imp
395
!! Fixed the "make_label" compilation problem
396
!! Fixed a sigfault on OS fingerprinting
397
!! Fixed ip_forwarding restoring bug
398
!! Fixed some ncurses visualization errors
402
+ Plugins ported to OpenBSD
403
+ Porting for NetBSD 1.5
404
+ Added FreeBSD 4 support for source MAC address spoofing
405
+ Illithid (the sniffer engine) totally rewritten and tuned up
406
+ Doppelganger (the arp poisoner) totally rewritten and tuned up
407
+ New programmable filtering engine (see README for details)
408
+ Filter can be used in command line mode (-F option)
409
+ Possibility to scan only chosen IPs (-H option)
410
+ Possibility to select the delay between arp replies (-D option)
411
+ Checking for the latest ettercap version (-v option)
412
+ More accurate and faster start up host scanning
413
+ Connection killing method enhanced
414
+ New and more detailed man pages
415
+ ENHANCEMENT in the password collector for: HTTP (<form> parsing)
416
+ NEW PLUGIN : spectre, triton
417
!! Fixed the interface shutdown bug... yeah !
418
!! Fixed "can't find grell_ssl.crt" error message in the rpm version.
423
+ Full-duplex HTTPS man-in-the-middle support
424
+ Support for HTTPS through a proxy
425
+ SSH sniffing even from command line
426
+ Enable/Disable dissectors via conf file
427
+ Public ARP in simple mode
428
+ Smart Public arp (all but the target)
429
+ Dump of the pass to a file from interactive mode
430
+ Packet Factory enhancement (now the payload can be loaded from a file)
431
+ The newest config.guess and config.sub are now included
432
+ Updated the OS fingerprint database (2001/06/04 09:40:50 fyodor)
433
+ NEW password collector for: HTTPS, PROXYHTTPS
434
+ ENHANCEMENT in the password collector for: SMB, HTTP, MySQL
435
+ FIXED password collector for: IRC
436
+ DOCUMENTATION translated in : French, Italian
437
! Fixed many many bug... but some still persist... ;)
442
+ Added a Protocol State Machine for dissectors
443
+ Added the rule "Log" to the filtering form
444
+ Packet Factory (create and send packets on the fly)
447
+ Plugins can be launched from connection list
448
+ NEW plugin : banshee
449
+ ENHANCEMENT in the password collector for: SOCKS 5, IMAP, VNC, SMB, MySQL
450
+ FIXED password collector for: SOCKS 5
455
+ You can specify the IP "ANY"
456
+ Logging all data to specific file(s)
457
+ Added the "demonization" feature (--quiet)
458
+ Packet filtering/dropping/search/replace
459
+ Improved the user/password hunting in datadecode module
460
+ Tuning of Doppelganger poison/rearp
461
+ NEW plugin : lurker
462
+ NEW password collector for: NNTP, X11, NAPSTER, IRC, RIP, BGP, SOCKS 5, IMAP 4, VNC
463
+ ENHANCEMENT in the password collector for: POP, SMB, MySQL
464
! fixed a bug in the fingerprint for *BSD
465
! fixed the handling of eth aliases
466
! fixed the activation/deactivation of Active Dissectors
471
+ Full duplex SSH man-in-the-middle support !!
472
+ new startup mode (--broadping -b).
473
+ new sniffing method (PublicARP)
474
+ Injector now supports escape sequences
475
+ netmask switch added
476
+ added support for getopt_long even on *BSD
477
+ NEW password collector for : SSH1, SMB, RLOGIN, HTTP, ICQ, MySQL
478
! fixed the "sendto() 1518 byte" bug
483
! fixed a nasty bug sniffing/sending big packets
484
! fixed telnet dissector
489
+ Ported on OpenBSD 2.7
492
+ Network Adapter Fingerprint
493
+ Password collector for: FTP, POP, TELNET
494
+ Injection interface redesigned
495
+ Possibility to check if you are in a switched lan or not.
501
+ Ported on FreeBSD 4.x
502
+ Plugin version control
503
+ Added -x option for hex mode in command line
504
- Removed -1 and -2 options (better getopt parsing)
505
+ Ability to sniff in all direction (no more two hosts limit)
506
+ Silent mode (--silent or -z) (no arp storm on start up)
511
+ Scrolling window for plugin output
512
+ detailed packets view in hex mode (SEQ, ACK and FLAGS)
513
+ identification of connections type (FTP, telnet, ecc)
514
+ ability to kill a connection from connection list
515
! sigfault when no plugin found and press return
521
+ Inet module totally rewritten and redesigned.
522
+ Downported to 2.0.x Linux Kernels (EXPERIMENTAL)
523
+ Added support for glibc 2.0.x 2.1.x 2.2.x
524
+ Scroll back in sniffing window (*very* *very* useful !!)
525
! after injection the connections are cleanly RSTted
530
+ detect if there is another man-in-the-middle in the LAN
531
+ full telnet injection support
532
! ettercap defaults to the first up and running iface
533
! removed possible sigfault making host list
534
! now works with openwall
540
* Initial public release...
542
+ Easy to use ncurses interface
543
+ Command line mode (without ncurses)
544
+ IP based sniffing (old style sniffing)
545
+ MAC based sniffing (for traffic between hosts and gateways)
546
+ ARP based sniffing (with arp poisoning for switched lan)
547
+ Characters injection in an established connection