ETTERCAP - The Easy Tutorial - Ettercap์€ ๋ฌด์—‡์ธ๊ฐ€?

Ettercap Ettercap์€ ๋ฌด์—‡์ธ๊ฐ€?
์ตœ์ข… ์—…๋ฐ์ดํŠธ: Jul 21 2011


Tool
Install
Ergonomy
Forum



Details Ettercap์€ ๋ฌด์—‡์ธ๊ฐ€?
์„ค์น˜๋ฐฉ๋ฒ•
ARP ํฌ์ด์ฆˆ๋‹
์ค‘๊ฐ„์ž ๊ณต๊ฒฉ (MITM, Man-in-the-middle Attack)
ํ†ต๊ณ„
๋Œ€์‘์ฑ…

Korean translation by Youngbin Benjamin Im helped by powerhan96.



โš ๏ธโš ๏ธโš ๏ธ
Please check our page about COVID-19!!
100 Questions and answers about Coronavirus.

โš ๏ธโš ๏ธโš ๏ธ
Merci de consulter notre page sur la COVID-19 !!
227 questions et rรฉponses sur le Coronavirus.


Ettercap



Ettercap์€ LAN ์ƒ์—์„œ โ€œ์ค‘๊ฐ„์ž ๊ณต๊ฒฉโ€์„ ์‰ฝ๊ฒŒ ํ•  ์ˆ˜ ์žˆ๋„๋ก ๋งŒ๋“ค์–ด์ง„ ํ”„๋กœ๊ทธ๋žจ์œผ๋กœ Alberto Ornaghi (ALoR) ์™€ Marco Valleri (NaGA)์— ์˜ํ•ด ์ œ์ž‘ ๋˜์—ˆ๋‹ค. ๋ช…๋ นํ–‰ ์ธ์ž๋ฐฉ์‹(CLI)์— ์ต์ˆ™ํ•˜์ง€ ์•Š์€ ์‚ฌ์šฉ์ž๋“ค๋„ ์‰ฝ๊ฒŒ ์‚ฌ์šฉํ•  ์ˆ˜ ์žˆ๋„๋ก ํŽธ๋ฆฌํ•œ ๊ทธ๋ž˜ํ”ฝ ์ธํ„ฐํŽ˜์ด์Šค๋ฅผ ์ œ๊ณตํ•˜๋Š” ๊ฒƒ์ด ํŠน์ง•์ด๋‹ค.

Ettercap์€ ์ž๊ธฐ ์ž์‹ ์„ ์ค‘๊ฐ„์ž๋กœ ๋ณ€ํ˜•์‹œํ‚ค๋Š” ๋ฐฉ๋ฒ•์œผ๋กœ ARP ํ”„๋กœํ† ์ฝœ์„ ๊ณต๊ฒฉํ•œ๋‹ค. ์ด๊ฒƒ์„ ํฌ์ด์ฆˆ๋‹์ด๋ผ๊ณ  ํ•˜๋Š”๋ฐ, ํ•œ๋ฒˆ ํฌ์ด์ฆˆ๋‹์ด ์™„๋ฃŒ๋˜๋ฉด Ettercap์„ ํ†ตํ•ด ๋‹ค์Œ๊ณผ ๊ฐ™์€ ๊ฒฐ๊ณผ๋ฅผ ์–ป์„ ์ˆ˜ ์žˆ๋‹ค.
- ํ˜„์žฌ ์ฒด๊ฒฐ๋œ ์—ฐ๊ฒฐ ์ƒ์—์„œ ๋ฐ์ดํ„ฐ๋ฅผ ๊ฐ์—ผ, ๋ณ€์กฐ, ์‚ญ์ œ
- FTP, HTTP, POP, SSH1 ๋“ฑ์˜ ํ”„๋กœํ† ์ฝœ ์ƒ์—์„œ ๋น„๋ฐ€๋ฒˆํ˜ธ ์กฐํšŒ
- ํŠน์ • ๋Œ€์ƒ์˜ HTTPS ์„น์…˜ ์ƒ์— ์œ„์กฐ๋œ SSL ์ธ์ฆ ์ „๋‹ฌ
- ๊ธฐํƒ€โ€ฆ

ํ”Œ๋Ÿฌ๊ทธ์ธ์„ ํ†ตํ•ด ๊ธฐ๋Šฅํ™•์žฅ์ด ๊ฐ€๋Šฅํ•˜๋ฉฐ DNS ์Šคํ‘ธํ•‘ ํ”Œ๋Ÿฌ๊ทธ์ธ๊ณผ ๊ฐ™์€ ๋‹ค์–‘ํ•œ ํ”Œ๋Ÿฌ๊ทธ์ธ์ด ์žˆ๋‹ค.

์ค‘๊ฐ„์ž ๊ณต๊ฒฉ์ด๋ž€?
์ค‘๊ฐ„์ž ๊ณต๊ฒฉ์€ ์•„๋ž˜ ๊ทธ๋ฆผ์—์„œ์™€ ๊ฐ™์ด ์„œ๋กœ ํ†ต์‹ ์ค‘์ธ ๋‘ ๋Œ€์˜ PC ์ค‘๊ฐ„์— ๊ณต๊ฒฉ์ž์˜ PC๋ฅผ ์œ„์น˜์‹œํ‚ค๋Š” ๊ฒƒ์œผ๋กœ ์‹œ์ž‘๋œ๋‹ค.
์ค‘๊ฐ„์ž ๊ณต๊ฒฉ์€ ์•„๋ž˜ ๊ทธ๋ฆผ์—์„œ์™€ ๊ฐ™์ด ์„œ๋กœ ํ†ต์‹ ์ค‘์ธ ๋‘ ๋Œ€์˜ PC ์ค‘๊ฐ„์— ๊ณต๊ฒฉ์ž์˜ PC๋ฅผ ์œ„์น˜์‹œํ‚ค๋Š” ๊ฒƒ์œผ๋กœ ์‹œ์ž‘๋œ๋‹ค. ์ด๋Ÿฐ ๊ตฌ์กฐ๊ฐ€ ๊ฐ–์ถฐ์ง€๊ณ  ๋‚˜๋ฉด ๊ณต๊ฒฉ์ž๋Š” ๋‹ค์–‘ํ•œ ๋ฐฉ๋ฒ•์œผ๋กœ ์•„์ฃผ ์œ„ํ—˜ํ•œ ๊ณต๊ฒฉ์„ ์‹œ๋„ํ•  ์ˆ˜ ์žˆ๋Š” ์ƒํƒœ๊ฐ€ ๋˜๋Š”๋ฐ ์ด๋Š” ๋‘ PC๊ฐ€ ์ฃผ๊ณ  ๋ฐ›๋Š” ๋ชจ๋“  ๋ฉ”์‹œ์ง€๊ฐ€ ๊ณต๊ฒฉ์ž์˜ PC๋ฅผ ๊ฒฝ์œ ํ•˜๊ธฐ ๋•Œ๋ฌธ์— ๊ฐ€๋Šฅํ•˜๋ฉฐ ์ด๋Ÿฐ ํ˜•ํƒœ์˜ ๊ณต๊ฒฉ์šฉ PC๋ฅผ ์ค‘๊ฐ„์ž(man in the middle)๋ผ๊ณ  ํ•œ๋‹ค.

์ค‘๊ฐ„์ž๊ฐ€ ๋˜๊ธฐ ์œ„ํ•œ ๋ฐฉ๋ฒ•์€ ์—ฌ๋Ÿฌ ๊ฐ€์ง€๊ฐ€ ์žˆ๋‹ค. ๋ณธ ์„ค๋ช…์„œ์—์„œ๋Š” ARP ํ”„๋กœํ† ์ฝœ์„ ์ด์šฉํ•œ ๊ณต๊ฒฉ์„ ๊ธฐ์ค€์œผ๋กœ ์„ค๋ช…ํ•  ๊ฒƒ์ด๋‹ค.

ARP ํ”„๋กœํ† ์ฝœ์€ 3๋ ˆ์ด์–ด ํ”„๋กœํ† ์ฝœ๋กœ์จ IP ์ฃผ์†Œ(์˜ˆ:192.168.1.1)๋ฅผ ๋ฌผ๋ฆฌ์ ์ธ ๋„คํŠธ์›Œํฌ ์นด๋“œ ์ฃผ์†Œ๋‚˜ MAC ์ฃผ์†Œ(์˜ˆ:0fe1.2ab6.2398)๋กœ ๋ณ€ํ™˜ํ•˜๋Š” ์—ญํ• ์„ ํ•œ๋‹ค.
ํ•˜๋‚˜์˜ ์žฅ์น˜๊ฐ€ ํŠน์ • ๋„คํŠธ์›Œํฌ ์ž์›์— ์ ‘๊ทผํ•˜๊ธฐ ์œ„ํ•ด์„œ๋Š” ์šฐ์„ , ์ฃผ์–ด์ง„ IP์™€ ์ผ์น˜ํ•˜๋Š” MAC์ฃผ์†Œ ์ฐพ๊ธฐ ์œ„ํ•ด ๋‹ค๋ฅธ ์—ฌ๋Ÿฌ ์žฅ์น˜๋กœ MAC์ •๋ณด๋ฅผ ์•Œ๋ ค๋‹ฌ๋ผ๋Š” ์š”์ฒญ์„ ๋ณด๋‚ด๊ณ , ๊ทธ ์‘๋‹ต์„ ๋ฐ›์•„ ARP ์บ์‹œ์— ์ €์žฅํ•œ ํ›„, ๋‹ค์Œ ๋™์ผํ•œ ์ฃผ์†Œ๋กœ ์ ‘๊ทผํ•  ๋•Œ ์บ์‹œ์˜ ์ •๋ณด๋ฅผ ์ด์šฉํ•˜์—ฌ ๋นจ๋ฆฌ ์ฐพ์„ ์ˆ˜ ์žˆ๊ฒŒ ํ•˜๋Š” ๊ณผ์ •์„ ๊ฑฐ์นœ๋‹ค. ๊ณต๊ฒฉ์˜ ์‹œ์ž‘์€ ์ด์™€ ๊ฐ™์ด IP์ฃผ์†Œ์™€ ์ผ์น˜ํ•˜๋Š” MAC์ฃผ์†Œ๋ฅผ ์š”์ฒญํ•˜๋Š” ์ˆœ๊ฐ„ ์ผ์–ด๋‚œ๋‹ค. ๊ณต๊ฒฉ์ž๋Š” ์ •์ƒ์ ์ธ ์š”์ฒญ์„ ๊ฐ€๋กœ์ฑ„์–ด ๊ณต๊ฒฉ์ž์˜ MAC์ฃผ์†Œ๊ฐ€ ํฌํ•จ๋œ ํŒจํ‚ท์„ ์š”์ฒญํ•œ IP์™€ ํ•จ๊ป˜ ์š”์ฒญ์ž์—๊ฒŒ ๋ณด๋‚ธ๋‹ค. ์ด๋ ‡๊ฒŒ ๋˜๋ฉด ์š”์ฒญ์ž๋Š” ์š”์ฒญํ•œ IP์ฃผ์†Œ์™€ ๊ณต๊ฒฉ์ž์˜ MAC์ฃผ์†Œ๋ฅผ ๊ฐ€์ง€๊ฒŒ ๋œ๋‹ค. ์ด๋Ÿฌํ•œ ๊ณต๊ฒฉ์„ โ€œARP ํฌ์ด์ฆˆ๋‹โ€ ๋˜๋Š” โ€œARP ์Šคํ‘ธํ•‘โ€์ด๋ผ ๋ถ€๋ฅด๋ฉฐ ๊ณต๊ฒฉ์ž์™€ ํ”ผํ•ด์ž๋Š” ๊ฐ™์€ ๋ธŒ๋กœ๋“œ์บ์ŠคํŠธ ๋„๋ฉ”์ธ ๋‚ด์— ์กด์žฌํ•ด์•ผ ํ•œ๋‹ค. ์ฆ‰ ๋™์ผํ•œ ํ•˜์œ„ ๋„คํŠธ์›Œํฌ์— ์กด์žฌํ•ด์•ผ ํ•œ๋‹ค. (์˜ˆ: 192.168.1.1 255.255.255.0)
์•„๋ž˜ ๊ทธ๋ฆผ์—์„œ์™€ ๊ฐ™์ด 192.168.1.2๋ฅผ ๊ฐ€์ง„ PC๊ฐ€ ๋กœ์ปฌ ๋„คํŠธ์›Œํฌ๋ฅผ ํ†ตํ•ด ์ธํ„ฐ๋„ท ์ž์›์— ์ ‘๊ทผํ•˜๋Š” ์‹ค์ œ ์ƒํ™ฉ์„ ํ† ๋Œ€๋กœ ์„ค๋ช…์„ ์ง„ํ–‰ํ•  ๊ฒƒ์ด๋‹ค. ARP ํฌ์ด์ฆˆ๋‹ ๊ณต๊ฒฉ์ด ์‹œ์ž‘๋˜๊ณ  ๋‚˜๋ฉด, Ettercap์ด ์„ค์น˜๋œ 192.168.1.100 IP์ฃผ์†Œ๋ฅผ ๊ฐ€์ง„ PC๊ฐ€ ์ค‘๊ฐ„์ž๋กœ ์„ค์ •๋œ๋‹ค.

ettercap man in the middle attack

                                         

Ettercap PC๊ฐ€ ํ•˜๋Š” ์—ญํ• ์„ ์ž ์‹œ ์ง‘๊ณ  ๋„˜์–ด๊ฐ€์ž.

-
 
-
 
-
 
 
 
Ettercap์ด ์‹คํ–‰๋˜๋ฉด, IP ํฌ์›Œ๋”ฉ์˜ ์ฃผ์ฒด๊ฐ€ ์ปค๋„์—์„œ Ettercap์œผ๋กœ ๋„˜์–ด์˜จ๋‹ค. ์ฆ‰, ํŒจํ‚ท ํฌ์›Œ๋”ฉ์„ Ettercap์ด ์ง์ ‘ ๊ด€์žฅํ•œ๋‹ค.
ํŒจํ‚ท์˜ ๊ธฐ๊ณ„์  ์ฒ˜๋ฆฌ์‹œ๊ฐ„์œผ๋กœ ์ธํ•ด ๋‘ PC๊ฐ„์˜ ๋„คํŠธ์›Œํฌ ์„ฑ๋Šฅ์ด ์ €ํ•˜๋  ์ˆ˜ ์žˆ๋‹ค.
- Ettercap์€ ๋งํฌ ๊ณ„์ธต(๋ ˆ์ด์–ด 2)์˜ ์†Œ์ผ“์„ ์‚ฌ์šฉํ•ด์•ผ ํ•˜๋ฏ€๋กœ ๋ฃจํŠธ ๊ถŒํ•œ์ด ํ•„์š”ํ•˜๋ฉฐ, ์ดˆ๊ธฐํ™” ๋‹จ๊ณ„ ์ดํ›„์—๋Š” ๋” ์ด์ƒ ๋ฃจํŠธ ๊ถŒํ•œ์ด ํ•„์š”ํ•˜์ง€ ์•Š์œผ๋ฏ€๋กœ UID๋ฅผ 65535(nobody)๋กœ ๋‚ฎ์ถ˜๋‹ค. Ettercap์€ ๋กœ๊ทธ ํŒŒ์ผ์„ ์ƒ์„ฑํ•ด์•ผ ํ•˜๋ฏ€๋กœ ์‹คํ–‰/์“ฐ๊ธฐ ๊ถŒํ•œ์ด ์žˆ๋Š” ๋””๋ ‰ํ† ๋ฆฌ์—์„œ ์‹คํ–‰๋˜์–ด ์•ผ ํ•œ๋‹ค.
The goal of our tutorial is to provide warning about the danger of "man in the middle" attacks by ARP spoofing. ๋ณธ ์„ค๋ช…์„œ์˜ ์ตœ์ข… ๋ชฉ์ ์€ ARP ์Šคํ‘ธํ•‘์œผ๋กœ ์ธํ•œ ์ค‘๊ฐ„์ž ๊ณต๊ฒฉ์˜ ์œ„ํ—˜์„ฑ์„ ๊ฒฝ๊ณ ํ•˜๊ธฐ ์œ„ํ•จ์ด๋‹ค. [ARP ํฌ์ด์ฆˆ๋‹ ์„ค๋ช…์„œ]์—์„œ Ettercap์„ ์ค‘๊ฐ„์ž๋กœ ์„ค์ •ํ•˜๋Š” ๋ฐฉ๋ฒ•์— ๋Œ€ํ•ด ์„ค๋ช…ํ•œ ํ›„ [Filtering ์„ค๋ช…์„œ]์—์„œ ๋ช‡ ๊ฐ€์ง€ ๊ณต๊ฒฉ ๋ฐฉ๋ฒ•์„ ๋ณด์—ฌ์ค„ ๊ฒƒ์ด๋‹ค. ๋งˆ์ง€๋ง‰์œผ๋กœ, ์ด๋Ÿฌํ•œ ARP ํฌ์ด์ฆˆ๋‹ ๊ณต๊ฒฉ์— ๋Œ€ํ•œ [๋Œ€์ฑ…]์— ๋Œ€ํ•ด์„œ๋„ ๊ธฐ์ˆ ํ•  ๊ฒƒ์ด๋‹ค.



An interview about the Ettercap authors can be found on the newsforge website. It is slightly out of date (2004) but remains interesting.