Packet Sniffing With Ettercap

Ettercap is a suite of attack tools which do a combination of attacks based on Packet Sniffing and Packet Injection. The tools are suited for a LAN environment and rely heavily on ARP Spoofing. Once  ARP which is at Layer 2 is compromied, higher unprotected protocols such as IP, TCP and UDP can be easily tampered with. Ettercap does just that. Once Ettercap hijacks Layer 2, it allows for mangling of packets at higher layers and helps performs website redirection, on the fly content changing and even Denial of Service attack on the victim computers.

In this video, the author starts from the absolute basics of using Ettercap. He then proceeds to ARP poison the network and inserts himself between the LAN gateway and the victim. The author then demonstrates how he captures the web mail username and password of the victim. In the next hack, he shows how to use Ettercap filters to redirect a victim to a different page that what he desires to view. The filter internally is actually a packet mangler code, which modifies the data on the fly and reinjects it back to the network. The fundamental principle is based on packet injection. A detailed programming video on how to create packet injectors is available here.

Milw0rm hosts one of the best Exploit databases on the web. The Exploits are separated by exploit type (local, remote, DoS, etc.).