This file is indexed.

/etc/ettercap/etter.conf is in ettercap-common 1:0.8.2-10build4.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below.

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
############################################################################
#                                                                          #
#  ettercap -- etter.conf -- configuration file                            #
#                                                                          #
#  Copyright (C) ALoR & NaGA                                               #
#                                                                          #
#  This program is free software; you can redistribute it and/or modify    #
#  it under the terms of the GNU General Public License as published by    #
#  the Free Software Foundation; either version 2 of the License, or       #
#  (at your option) any later version.                                     #
#                                                                          #
#                                                                          #
############################################################################

[privs]
ec_uid = 65534                # nobody is the default
ec_gid = 65534                # nobody is the default

[mitm]
arp_storm_delay = 10          # milliseconds
arp_poison_smart = 0          # boolean
arp_poison_warm_up = 1        # seconds
arp_poison_delay = 10         # seconds
arp_poison_icmp = 1           # boolean
arp_poison_reply = 1          # boolean
arp_poison_request = 0        # boolean
arp_poison_equal_mac = 1      # boolean
dhcp_lease_time = 1800        # seconds
port_steal_delay = 10         # seconds
port_steal_send_delay = 2000  # microseconds
ndp_poison_warm_up = 1        # seconds
ndp_poison_delay = 5          # seconds
ndp_poison_send_delay = 1500  # microseconds
ndp_poison_icmp = 1           # boolean
ndp_poison_equal_mac = 1      # boolean
icmp6_probe_delay = 3         # seconds

[connections]
connection_timeout = 300      # seconds
connection_idle = 5           # seconds
connection_buffer = 10000     # bytes
connect_timeout = 5           # seconds

[stats]
sampling_rate = 50            # number of packets 

[misc]
close_on_eof = 1              # boolean value
store_profiles = 1            # 0 = disabled; 1 = all; 2 = local; 3 = remote
aggressive_dissectors = 1     # boolean value
skip_forwarded_pcks = 1       # boolean value
checksum_check = 0            # boolean value
submit_fingerprint = 0        # boolean valid (set if you want ettercap to submit unknown finger prints)
checksum_warning = 0          # boolean value (valid only if checksum_check is 1)
sniffing_at_startup = 1       # boolean value

############################################################################
#
# You can specify what DISSECTORS are to be enabled or not...
#
# e.g.:     ftp = 21            enabled on port 21 (tcp is implicit)
#           ftp = 2345          enabled on non standard port
#           ftp = 21,453        enabled on port 21 and 453
#           ftp = 0             disabled
#
#  NOTE: some dissectors have multiple default ports, if you specify a new
#        one, all the default ports will be overwritten
#
#

#dissector                 default port

[dissectors]
ftp = 21                   # tcp    21
ssh = 22                   # tcp    22
telnet = 23                # tcp    23
smtp = 25                  # tcp    25
dns = 53                   # udp    53
dhcp = 67                  # udp    68
http = 80                  # tcp    80
ospf = 89                  # ip     89  (IPPROTO 0x59)
pop3 = 110                 # tcp    110
#portmap = 111              # tcp / udp 
vrrp = 112                 # ip     112 (IPPROTO 0x70)
nntp = 119                 # tcp    119
smb = 139,445              # tcp    139 445
imap = 143,220             # tcp    143 220
snmp = 161                 # udp    161
bgp = 179                  # tcp    179
ldap = 389                 # tcp    389
https = 443                # tcp    443
ssmtp = 465                # tcp    465
rlogin = 512,513           # tcp    512 513
rip = 520                  # udp    520
nntps = 563                # tcp    563
ldaps = 636                # tcp    636
telnets = 992              # tcp    992
imaps = 993                # tcp    993
ircs = 994                 # tcp    993
pop3s = 995                # tcp    995
socks = 1080               # tcp    1080
radius = 1645,1646         # udp    1645 1646
msn = 1863                 # tcp    1863
cvs = 2401                 # tcp    2401
mysql = 3306               # tcp    3306
icq = 5190                 # tcp    5190
ymsg = 5050                # tcp    5050
mdns = 5353                # udp    5353
vnc = 5900,5901,5902,5903  # tcp    5900 5901 5902 5903
x11 = 6000,6001,6002,6003  # tcp    6000 6001 6002 6003
irc = 6666,6667,6668,6669  # tcp    6666 6667 6668 6669
gg = 8074	           # tcp    8074
proxy = 8080               # tcp    8080
rcon = 27015,27960         # udp    27015 27960
ppp = 34827                # special case ;) this is the Net Layer code
TN3270 = 23,992            # tcp    23 992

# 
# you can change the colors of the curses GUI.
# here is a list of values:
#  0 Black     4 Blue
#  1 Red       5 Magenta
#  2 Green     6 Cyan
#  3 Yellow    7 White
#
[curses]
color_bg = 0
color_fg = 7 
color_join1 = 2 
color_join2 = 4 
color_border = 7
color_title = 3 
color_focus = 6 
color_menu_bg = 4
color_menu_fg = 6 
color_window_bg = 4 
color_window_fg = 7 
color_selection_bg = 6 
color_selection_fg = 6 
color_error_bg = 1 
color_error_fg = 3 
color_error_border = 3 

#
# This section includes all the configurations that needs a string as a
# parmeter such as the redirect command for SSL mitm attack.
#
[strings]

# the default encoding to be used for the UTF-8 visualization
utf8_encoding = "ISO-8859-1"

# the command used by the remote_browser plugin
remote_browser = "xdg-open http://%host%url"


#####################################
#       redir_command_on/off
#####################################
# you must provide a valid script for your operating system in order to have
# the SSL dissection available
# note that the cleanup script is executed without enough privileges (because
# they are dropped on startup). so you have to either: provide a setuid program
# or set the ec_uid to 0, in order to be sure the cleanup script will be
# executed properly
# NOTE: the script must fit into one line with a maximum of 255 characters

#---------------
#     Linux 
#---------------

# if you use ipchains:
   #redir_command_on = "ipchains -A input -i %iface -p tcp -s 0/0 -d 0/0 %port -j REDIRECT %rport"
   #redir_command_off = "ipchains -D input -i %iface -p tcp -s 0/0 -d 0/0 %port -j REDIRECT %rport"

# if you use iptables:
   #redir_command_on = "iptables -t nat -A PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"
   #redir_command_off = "iptables -t nat -D PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"

#---------------
#    Mac Os X
#---------------

# quick and dirty way:
   #redir_command_on = "ipfw -q add set %set fwd 127.0.0.1,%rport tcp from any to any %port in via %iface"
   #redir_command_off = "ipfw -q delete set %set"

# a better solution is to use a script that keeps track of the rules interted
# and then deletes them on exit:

 # redir_command_on:
 # ----- cut here -------
 #   #!/bin/sh
 #   if [ -a "/tmp/osx_ipfw_rules" ]; then
 #      ipfw -q add `head -n 1 osx_ipfw_rules` fwd 127.0.0.1,$1 tcp from any to any $2 in via $3 
 #   else
 #      ipfw add fwd 127.0.0.1,$1 tcp from any to any $2 in via $3 | cut -d " " -f 1 >> /tmp/osx_ipfw_rules
 #   fi
 # ----- cut here -------

 # redir_command_off:
 # ----- cut here -------
 #   #!/bin/sh
 #   if [ -a "/tmp/osx_ipfw_rules" ]; then
 #      ipfw -q delete `head -n 1 /tmp/osx_ipfw_rules`
 #      rm -f /tmp/osx_ipfw_rules
 #   fi
 # ----- cut here -------

#---------------
#   FreeBSD
#---------------

# Before OF can be used, make sure the kernel module has been loaded by
# `kldstat | grep pf.ko`. If the rusult is empty, you can load it by
# `kldload pf.ko` or add 'pf_enable="YES"' to the /etc/rc.conf and reboot.

# Check if the PF status is enabled by 
# `pfctl -si | grep Status | awk '{print $2;}'`. If "Disabled", enable it with
# `pfctl -e`.

   #redir_command_on = "(pfctl -sn 2> /dev/null; echo 'rdr pass on %iface inet proto tcp from any to any port %port -> localhost port %rport') | pfctl -f - 2> /dev/null"
   #redir_command_off = "pfctl -Psn 2> /dev/null | grep -v %port | pfctl -f - 2> /dev/null"


#---------------
#   Open BSD
#---------------

# unfortunately the pfctl command does not accepts direct rules adding
# you have to use a script which executed the following command:

 # ----- cut here -------
 #   #!/bin/sh
 #   rdr pass on $1 inet proto tcp from any to any port $2 -> localhost port $3 | pfctl -a sslsniff -f -
 # ----- cut here -------
 
# it's important to remember that you need "rdr-anchor sslsniff" in your
# pf.conf in the TRANSLATION section.

   #redir_command_on = "the_script_described_above %iface %port %rport"
   #redir_command_off = "pfctl -a sslsniff -Fn"

# also, if you create a group called "pfusers" and have EC_GID be that group,
# you can do something like:
#     chgrp pfusers /dev/pf
#     chmod g+rw /dev/pf
# such that all users in "pfusers" can run pfctl commands; thus allowing non-root
# execution of redir commands. 


##########
#  EOF   #
##########