#67 DHCP spoofing fails in graphical mode
Version: ettercap NG-0.7.4.2
Platform: Linux
Context: While teaching network security
With the same network, DHCP spoofing fails in graphical mode and succeeds in text mode.
In graphical mode, I select Unfied spoofing, then Mitm => DHCP spoofing and enter the same parameters as in text mode (address pool, netmask, and DNS server). Nothing happens, ettercap does not seem to see DHCP discover and does not answer them (verified in Wireshark).
command used in text mode : # ettercap -T -i eth1 -M dhcp:10.0.0.50-60/255.0.0.0/8.8.8.8).
command used in graphical mode : # ettercap -G
Other attacks like ARP spoofing work fine in graphical mode.
Network setup: victims = windows seven, router + nat + dhcp server = CISCO 2800, ettercap machine = linux ubuntu 10.4.
Hi Eric.
Unfortunately there are two problems with your bug submission.
First: ettercap project has moved on github [1] and the bug now is better if reported on github too (if you submit a patch is easy to ask for a pull request)
Second: the version you are using is not mantained anymore (the main project has been inactive for 5 years with no upstream support and somebody on debian side pushed out two releases, I'm asking since in a year so many improvement has been done on ettercap to sync debian and every debian based distro to the new ettercap project) [2]
So this is my opinion: please try ettercap_rc development branch from github, if the problem persists report the same problem on github issue and I'll be so glad to help you, unfortunately (fortunately) so many bugs reported are already fixed upstream and we have fixed other bugs after a bug submission (and sometimes with a patch attached :P)
thanks for your report
[1] https://github.com/Ettercap/ettercap
[2] https://github.com/Ettercap/ettercap/issues/23
There is a versioning issue for sure. Please not if when you run ettercap it still references 2005, that is not our release.
We have committed 0.7.5 on github which we help will alleviate the versioning issues for distros.
Please note we have been approved as the upstream for all releases except Ubuntu at this point. Not sure why they are holding out...
Best Regards
Eric
Ubuntu syncs from debian, so the main goal is to get ettercap into debian, after 6 months or after a Sync Request ubuntu will be synced with not problem.
I think I can help in the ubuntu side :)
The 0.7.4.2 is taken on [1].
You see the version here [2]
[1] https://github.com/drizzt/ettercap
[2] https://github.com/drizzt/ettercap/blob/master/include/ec_version.h
Hi Gianfranco and Eric,
and thank you for your help on this. I have followed your advice, and tried more recent version 0.7.5 in a Fedora 17 running in some virtual machine.
The situation is worse: I can't get past the dialog that appears when I select "DHCP spoofing". No matter what I put in "IP pool (optonal)" field, I get two error messages, "DHCP spoofing parameter number 1 is incorrect." and "Incorrect number of token (///) in TARGET !!"
I had a look at the source code : "///" characters are added automatically, so it should be enough to enter e.g. an IP address in this field. Sorry in advance if I misunderstood something.
Eric
Ok I think I've got a clue (not sure)
please try to change the line
snprintf(tmp, strlen(p)+4, "/%s//", p);
into
snprintf(tmp, strlen(p)+5, "/%s//", p);
at
./src/mitm/ec_dhcp_spoofing.c:99
It will require me to recompile. I was using a package shipped with Fedora. Hold on, I will do it.
(btw, "+4" seems okay - three slashes and one ending NUL are 4)
Edit: uh-uh. Their source code is:
snprintf(tmp, strlen(p)+3, "/%s/", p);
After fixing it to
snprintf(tmp, strlen(p)+4, "/%s//", p);
the dialog works again.
In any case, this Fedora package is rather strange! It is labeled 0.7.5, but the tarball inside of it is ettercap-0.7.4.1-erc-c796e5.tar.bz2! ettercap -v reports 0.7.5 though. Lazy packaging?
This problem with Fedora being fixed, here are the good news: the DHCP spoofing works with 0.7.5 in graphical mode! Original problem solved.
Summing things up:
Last edit: Eric Bischoff 2012-10-16
See http://bugzilla.redhat.com/show_bug.cgi?id=867075 for the bug in Fedora Core 17.
So, if I understood well, you guys will be providing us with a beautiful 0.7.5 release in Debian and Ubuntu in a short term? :-)
Last edit: Eric Bischoff 2012-10-16
Same problem on Ubuntu raring, ettercap version 0.7.6.
Could you please report on
https://github.com/Ettercap/ettercap/issues
it will be easier to track the bug down.
thanks
Sure.
I'll be giving it a few more tests first, perharps I can get nearer the problem before I report it.
OK, I got version 0.7.6 to work under ubuntu raring.
The "trick" in the GUI version is to "start sniffing" before doing the MITM.
Why is that necessary ????
Last edit: Eric Bischoff 2013-06-28
Reported this last problem on github. See you there :-).
Last edit: Eric Bischoff 2013-06-28