ETTERCAP - The Easy Tutorial - Ettercap์€ ๋ฌด์—‡์ธ๊ฐ€?

Ettercap Ettercap์€ ๋ฌด์—‡์ธ๊ฐ€?
์ตœ์ข… ์—…๋ฐ์ดํŠธ: Jul 21 2011


Tool
Install
Ergonomy
Forum



Details Ettercap์€ ๋ฌด์—‡์ธ๊ฐ€?
์„ค์น˜๋ฐฉ๋ฒ•
ARP ํฌ์ด์ฆˆ๋‹
์ค‘๊ฐ„์ž ๊ณต๊ฒฉ (MITM, Man-in-the-middle Attack)
ํ†ต๊ณ„
๋Œ€์‘์ฑ…

Korean translation by Youngbin Benjamin Im helped by powerhan96.




If you like our tutorials, don't hesitate to support us and visit our sponsors!
Si vous aimez nos tutoriaux, n'hรฉsitez pas ร  nous supporter et visiter nos sponsors!


Ettercap



Ettercap์€ LAN ์ƒ์—์„œ โ€œ์ค‘๊ฐ„์ž ๊ณต๊ฒฉโ€์„ ์‰ฝ๊ฒŒ ํ•  ์ˆ˜ ์žˆ๋„๋ก ๋งŒ๋“ค์–ด์ง„ ํ”„๋กœ๊ทธ๋žจ์œผ๋กœ Alberto Ornaghi (ALoR) ์™€ Marco Valleri (NaGA)์— ์˜ํ•ด ์ œ์ž‘ ๋˜์—ˆ๋‹ค. ๋ช…๋ นํ–‰ ์ธ์ž๋ฐฉ์‹(CLI)์— ์ต์ˆ™ํ•˜์ง€ ์•Š์€ ์‚ฌ์šฉ์ž๋“ค๋„ ์‰ฝ๊ฒŒ ์‚ฌ์šฉํ•  ์ˆ˜ ์žˆ๋„๋ก ํŽธ๋ฆฌํ•œ ๊ทธ๋ž˜ํ”ฝ ์ธํ„ฐํŽ˜์ด์Šค๋ฅผ ์ œ๊ณตํ•˜๋Š” ๊ฒƒ์ด ํŠน์ง•์ด๋‹ค.

Ettercap์€ ์ž๊ธฐ ์ž์‹ ์„ ์ค‘๊ฐ„์ž๋กœ ๋ณ€ํ˜•์‹œํ‚ค๋Š” ๋ฐฉ๋ฒ•์œผ๋กœ ARP ํ”„๋กœํ† ์ฝœ์„ ๊ณต๊ฒฉํ•œ๋‹ค. ์ด๊ฒƒ์„ ํฌ์ด์ฆˆ๋‹์ด๋ผ๊ณ  ํ•˜๋Š”๋ฐ, ํ•œ๋ฒˆ ํฌ์ด์ฆˆ๋‹์ด ์™„๋ฃŒ๋˜๋ฉด Ettercap์„ ํ†ตํ•ด ๋‹ค์Œ๊ณผ ๊ฐ™์€ ๊ฒฐ๊ณผ๋ฅผ ์–ป์„ ์ˆ˜ ์žˆ๋‹ค.
- ํ˜„์žฌ ์ฒด๊ฒฐ๋œ ์—ฐ๊ฒฐ ์ƒ์—์„œ ๋ฐ์ดํ„ฐ๋ฅผ ๊ฐ์—ผ, ๋ณ€์กฐ, ์‚ญ์ œ
- FTP, HTTP, POP, SSH1 ๋“ฑ์˜ ํ”„๋กœํ† ์ฝœ ์ƒ์—์„œ ๋น„๋ฐ€๋ฒˆํ˜ธ ์กฐํšŒ
- ํŠน์ • ๋Œ€์ƒ์˜ HTTPS ์„น์…˜ ์ƒ์— ์œ„์กฐ๋œ SSL ์ธ์ฆ ์ „๋‹ฌ
- ๊ธฐํƒ€โ€ฆ

ํ”Œ๋Ÿฌ๊ทธ์ธ์„ ํ†ตํ•ด ๊ธฐ๋Šฅํ™•์žฅ์ด ๊ฐ€๋Šฅํ•˜๋ฉฐ DNS ์Šคํ‘ธํ•‘ ํ”Œ๋Ÿฌ๊ทธ์ธ๊ณผ ๊ฐ™์€ ๋‹ค์–‘ํ•œ ํ”Œ๋Ÿฌ๊ทธ์ธ์ด ์žˆ๋‹ค.

์ค‘๊ฐ„์ž ๊ณต๊ฒฉ์ด๋ž€?
์ค‘๊ฐ„์ž ๊ณต๊ฒฉ์€ ์•„๋ž˜ ๊ทธ๋ฆผ์—์„œ์™€ ๊ฐ™์ด ์„œ๋กœ ํ†ต์‹ ์ค‘์ธ ๋‘ ๋Œ€์˜ PC ์ค‘๊ฐ„์— ๊ณต๊ฒฉ์ž์˜ PC๋ฅผ ์œ„์น˜์‹œํ‚ค๋Š” ๊ฒƒ์œผ๋กœ ์‹œ์ž‘๋œ๋‹ค.
์ค‘๊ฐ„์ž ๊ณต๊ฒฉ์€ ์•„๋ž˜ ๊ทธ๋ฆผ์—์„œ์™€ ๊ฐ™์ด ์„œ๋กœ ํ†ต์‹ ์ค‘์ธ ๋‘ ๋Œ€์˜ PC ์ค‘๊ฐ„์— ๊ณต๊ฒฉ์ž์˜ PC๋ฅผ ์œ„์น˜์‹œํ‚ค๋Š” ๊ฒƒ์œผ๋กœ ์‹œ์ž‘๋œ๋‹ค. ์ด๋Ÿฐ ๊ตฌ์กฐ๊ฐ€ ๊ฐ–์ถฐ์ง€๊ณ  ๋‚˜๋ฉด ๊ณต๊ฒฉ์ž๋Š” ๋‹ค์–‘ํ•œ ๋ฐฉ๋ฒ•์œผ๋กœ ์•„์ฃผ ์œ„ํ—˜ํ•œ ๊ณต๊ฒฉ์„ ์‹œ๋„ํ•  ์ˆ˜ ์žˆ๋Š” ์ƒํƒœ๊ฐ€ ๋˜๋Š”๋ฐ ์ด๋Š” ๋‘ PC๊ฐ€ ์ฃผ๊ณ  ๋ฐ›๋Š” ๋ชจ๋“  ๋ฉ”์‹œ์ง€๊ฐ€ ๊ณต๊ฒฉ์ž์˜ PC๋ฅผ ๊ฒฝ์œ ํ•˜๊ธฐ ๋•Œ๋ฌธ์— ๊ฐ€๋Šฅํ•˜๋ฉฐ ์ด๋Ÿฐ ํ˜•ํƒœ์˜ ๊ณต๊ฒฉ์šฉ PC๋ฅผ ์ค‘๊ฐ„์ž(man in the middle)๋ผ๊ณ  ํ•œ๋‹ค.

์ค‘๊ฐ„์ž๊ฐ€ ๋˜๊ธฐ ์œ„ํ•œ ๋ฐฉ๋ฒ•์€ ์—ฌ๋Ÿฌ ๊ฐ€์ง€๊ฐ€ ์žˆ๋‹ค. ๋ณธ ์„ค๋ช…์„œ์—์„œ๋Š” ARP ํ”„๋กœํ† ์ฝœ์„ ์ด์šฉํ•œ ๊ณต๊ฒฉ์„ ๊ธฐ์ค€์œผ๋กœ ์„ค๋ช…ํ•  ๊ฒƒ์ด๋‹ค.

ARP ํ”„๋กœํ† ์ฝœ์€ 3๋ ˆ์ด์–ด ํ”„๋กœํ† ์ฝœ๋กœ์จ IP ์ฃผ์†Œ(์˜ˆ:192.168.1.1)๋ฅผ ๋ฌผ๋ฆฌ์ ์ธ ๋„คํŠธ์›Œํฌ ์นด๋“œ ์ฃผ์†Œ๋‚˜ MAC ์ฃผ์†Œ(์˜ˆ:0fe1.2ab6.2398)๋กœ ๋ณ€ํ™˜ํ•˜๋Š” ์—ญํ• ์„ ํ•œ๋‹ค.
ํ•˜๋‚˜์˜ ์žฅ์น˜๊ฐ€ ํŠน์ • ๋„คํŠธ์›Œํฌ ์ž์›์— ์ ‘๊ทผํ•˜๊ธฐ ์œ„ํ•ด์„œ๋Š” ์šฐ์„ , ์ฃผ์–ด์ง„ IP์™€ ์ผ์น˜ํ•˜๋Š” MAC์ฃผ์†Œ ์ฐพ๊ธฐ ์œ„ํ•ด ๋‹ค๋ฅธ ์—ฌ๋Ÿฌ ์žฅ์น˜๋กœ MAC์ •๋ณด๋ฅผ ์•Œ๋ ค๋‹ฌ๋ผ๋Š” ์š”์ฒญ์„ ๋ณด๋‚ด๊ณ , ๊ทธ ์‘๋‹ต์„ ๋ฐ›์•„ ARP ์บ์‹œ์— ์ €์žฅํ•œ ํ›„, ๋‹ค์Œ ๋™์ผํ•œ ์ฃผ์†Œ๋กœ ์ ‘๊ทผํ•  ๋•Œ ์บ์‹œ์˜ ์ •๋ณด๋ฅผ ์ด์šฉํ•˜์—ฌ ๋นจ๋ฆฌ ์ฐพ์„ ์ˆ˜ ์žˆ๊ฒŒ ํ•˜๋Š” ๊ณผ์ •์„ ๊ฑฐ์นœ๋‹ค. ๊ณต๊ฒฉ์˜ ์‹œ์ž‘์€ ์ด์™€ ๊ฐ™์ด IP์ฃผ์†Œ์™€ ์ผ์น˜ํ•˜๋Š” MAC์ฃผ์†Œ๋ฅผ ์š”์ฒญํ•˜๋Š” ์ˆœ๊ฐ„ ์ผ์–ด๋‚œ๋‹ค. ๊ณต๊ฒฉ์ž๋Š” ์ •์ƒ์ ์ธ ์š”์ฒญ์„ ๊ฐ€๋กœ์ฑ„์–ด ๊ณต๊ฒฉ์ž์˜ MAC์ฃผ์†Œ๊ฐ€ ํฌํ•จ๋œ ํŒจํ‚ท์„ ์š”์ฒญํ•œ IP์™€ ํ•จ๊ป˜ ์š”์ฒญ์ž์—๊ฒŒ ๋ณด๋‚ธ๋‹ค. ์ด๋ ‡๊ฒŒ ๋˜๋ฉด ์š”์ฒญ์ž๋Š” ์š”์ฒญํ•œ IP์ฃผ์†Œ์™€ ๊ณต๊ฒฉ์ž์˜ MAC์ฃผ์†Œ๋ฅผ ๊ฐ€์ง€๊ฒŒ ๋œ๋‹ค. ์ด๋Ÿฌํ•œ ๊ณต๊ฒฉ์„ โ€œARP ํฌ์ด์ฆˆ๋‹โ€ ๋˜๋Š” โ€œARP ์Šคํ‘ธํ•‘โ€์ด๋ผ ๋ถ€๋ฅด๋ฉฐ ๊ณต๊ฒฉ์ž์™€ ํ”ผํ•ด์ž๋Š” ๊ฐ™์€ ๋ธŒ๋กœ๋“œ์บ์ŠคํŠธ ๋„๋ฉ”์ธ ๋‚ด์— ์กด์žฌํ•ด์•ผ ํ•œ๋‹ค. ์ฆ‰ ๋™์ผํ•œ ํ•˜์œ„ ๋„คํŠธ์›Œํฌ์— ์กด์žฌํ•ด์•ผ ํ•œ๋‹ค. (์˜ˆ: 192.168.1.1 255.255.255.0)
์•„๋ž˜ ๊ทธ๋ฆผ์—์„œ์™€ ๊ฐ™์ด 192.168.1.2๋ฅผ ๊ฐ€์ง„ PC๊ฐ€ ๋กœ์ปฌ ๋„คํŠธ์›Œํฌ๋ฅผ ํ†ตํ•ด ์ธํ„ฐ๋„ท ์ž์›์— ์ ‘๊ทผํ•˜๋Š” ์‹ค์ œ ์ƒํ™ฉ์„ ํ† ๋Œ€๋กœ ์„ค๋ช…์„ ์ง„ํ–‰ํ•  ๊ฒƒ์ด๋‹ค. ARP ํฌ์ด์ฆˆ๋‹ ๊ณต๊ฒฉ์ด ์‹œ์ž‘๋˜๊ณ  ๋‚˜๋ฉด, Ettercap์ด ์„ค์น˜๋œ 192.168.1.100 IP์ฃผ์†Œ๋ฅผ ๊ฐ€์ง„ PC๊ฐ€ ์ค‘๊ฐ„์ž๋กœ ์„ค์ •๋œ๋‹ค.

ettercap man in the middle attack

                                         

Ettercap PC๊ฐ€ ํ•˜๋Š” ์—ญํ• ์„ ์ž ์‹œ ์ง‘๊ณ  ๋„˜์–ด๊ฐ€์ž.

-
 
-
 
-
 
 
 
Ettercap์ด ์‹คํ–‰๋˜๋ฉด, IP ํฌ์›Œ๋”ฉ์˜ ์ฃผ์ฒด๊ฐ€ ์ปค๋„์—์„œ Ettercap์œผ๋กœ ๋„˜์–ด์˜จ๋‹ค. ์ฆ‰, ํŒจํ‚ท ํฌ์›Œ๋”ฉ์„ Ettercap์ด ์ง์ ‘ ๊ด€์žฅํ•œ๋‹ค.
ํŒจํ‚ท์˜ ๊ธฐ๊ณ„์  ์ฒ˜๋ฆฌ์‹œ๊ฐ„์œผ๋กœ ์ธํ•ด ๋‘ PC๊ฐ„์˜ ๋„คํŠธ์›Œํฌ ์„ฑ๋Šฅ์ด ์ €ํ•˜๋  ์ˆ˜ ์žˆ๋‹ค.
- Ettercap์€ ๋งํฌ ๊ณ„์ธต(๋ ˆ์ด์–ด 2)์˜ ์†Œ์ผ“์„ ์‚ฌ์šฉํ•ด์•ผ ํ•˜๋ฏ€๋กœ ๋ฃจํŠธ ๊ถŒํ•œ์ด ํ•„์š”ํ•˜๋ฉฐ, ์ดˆ๊ธฐํ™” ๋‹จ๊ณ„ ์ดํ›„์—๋Š” ๋” ์ด์ƒ ๋ฃจํŠธ ๊ถŒํ•œ์ด ํ•„์š”ํ•˜์ง€ ์•Š์œผ๋ฏ€๋กœ UID๋ฅผ 65535(nobody)๋กœ ๋‚ฎ์ถ˜๋‹ค. Ettercap์€ ๋กœ๊ทธ ํŒŒ์ผ์„ ์ƒ์„ฑํ•ด์•ผ ํ•˜๋ฏ€๋กœ ์‹คํ–‰/์“ฐ๊ธฐ ๊ถŒํ•œ์ด ์žˆ๋Š” ๋””๋ ‰ํ† ๋ฆฌ์—์„œ ์‹คํ–‰๋˜์–ด ์•ผ ํ•œ๋‹ค.
The goal of our tutorial is to provide warning about the danger of "man in the middle" attacks by ARP spoofing. ๋ณธ ์„ค๋ช…์„œ์˜ ์ตœ์ข… ๋ชฉ์ ์€ ARP ์Šคํ‘ธํ•‘์œผ๋กœ ์ธํ•œ ์ค‘๊ฐ„์ž ๊ณต๊ฒฉ์˜ ์œ„ํ—˜์„ฑ์„ ๊ฒฝ๊ณ ํ•˜๊ธฐ ์œ„ํ•จ์ด๋‹ค. [ARP ํฌ์ด์ฆˆ๋‹ ์„ค๋ช…์„œ]์—์„œ Ettercap์„ ์ค‘๊ฐ„์ž๋กœ ์„ค์ •ํ•˜๋Š” ๋ฐฉ๋ฒ•์— ๋Œ€ํ•ด ์„ค๋ช…ํ•œ ํ›„ [Filtering ์„ค๋ช…์„œ]์—์„œ ๋ช‡ ๊ฐ€์ง€ ๊ณต๊ฒฉ ๋ฐฉ๋ฒ•์„ ๋ณด์—ฌ์ค„ ๊ฒƒ์ด๋‹ค. ๋งˆ์ง€๋ง‰์œผ๋กœ, ์ด๋Ÿฌํ•œ ARP ํฌ์ด์ฆˆ๋‹ ๊ณต๊ฒฉ์— ๋Œ€ํ•œ [๋Œ€์ฑ…]์— ๋Œ€ํ•ด์„œ๋„ ๊ธฐ์ˆ ํ•  ๊ฒƒ์ด๋‹ค.



An interview about the Ettercap authors can be found on the newsforge website. It is slightly out of date (2004) but remains interesting.





If you liked our tutorials, don't hesitate to support us and visit our sponsors!
Si vous aimez nos tutoriaux, n'hรฉsitez pas ร  nous supporter et visiter nos sponsors!