Merge pull request #80 from eaescob/master

updated changelog and new ssl mitm cmd line options

CHANGELOG

@@ -5,6 +5,29 @@ Legenda:
          !! bug fixed
 
 =========================================
+0.7.5.2-Assimilation 20130229
+   !! applied patch to fix CVE-2012-0722
+   !! fixed username detection in TN3270 dissector
+    + Added new private-key and certificate-file options for SSL MiTM
+
+0.7.5.1-Assimilation 20130103
+   !! fixed set_blocking() method preventing SSL MiTM from working
+   !! changed SSLStrip plugin to use PCRE
+   !! more improvements to SSLStrip plugin
+    + Added MySQL 5.x dissector
+    + Added O5Logon dissector
+    + Added iSCSI CHAP dissector
+    + Added TN3270 dissector
+    + Added MongoDB dissector
+
+0.7.5-Assimilation 20121015
+   !! fixed more memory leaks
+   !! improved GTK GUI
+   !! changed build system to CMake.
+    + Added IPv6 poisoning and capture.
+    + Added NBNS spoof plugin.
+    + Added SSLStrip Plugin (EXPERIMENTAL)
+
 0.7.4-Lazarus	20111202
    !! fixed resource depletion issue
    !! buffer access out-of-bounds issues

include/ec_globals.h

@@ -84,6 +84,8 @@ struct ec_options {
    char *target1;
    char *target2;
    char *script;
+   char *ssl_cert;
+   char *ssl_pkey;
    FILE *msg_fd;
    int (*format)(const u_char *, size_t, u_char *);
    regex_t *regex;

man/ettercap.8.in

@@ -196,6 +196,9 @@ cat tmp.new >> etter.ssl.crt
 rm \-f tmp.new tmp.csr
 .PP
 NOTE: SSL mitm is not available (for now) in bridged mode.
+.PP
+NOTE: You can use the --certificate/--private-key long options if you want to specify
+a different file rather than the etter.ssl.crt file.
 
 
 .SH OPTIONS
@@ -545,6 +548,10 @@ This option will print the list of all available network interfaces that can be
 used within ettercap. The option is particularly useful under windows where the
 name of the interface is not so obvious as under *nix.
 
+.TP
+\fB\-Y\fR, \fB\-\-secondary <interface list>\fR
+Specify a list of (or single) secondary interfaces to capture packets from.
+
 .TP
 \fB\-A\fR, \fB\-\-address <ADDRESS>\fR
 Use this <ADDRESS> instead of the one autodetected for the current iface. This
@@ -680,7 +687,13 @@ example:
 \fB\-a\fR, \fB\-\-config <CONFIG>\fR
 Loads an alternative config file instead of the default in /etc/etter.conf.
 This is useful if you have many preconfigured files for different situations.
+.TP
+\fB\-\-certificate <FILE>\fR
+Tells Ettercap to use the specified certificate file for the SSL MiTM attack.
 
+.TP
+\fB\-\-private-key <FILE>\fR
+Tells Ettercap to use the specified private key file for the SSL MiTM attack.
 
 
 .TP

src/ec_parser.c

@@ -74,6 +74,8 @@ void ec_usage(void)
    fprintf(stdout, "  -f, --pcapfilter <string>   set the pcap filter <string>\n");
    fprintf(stdout, "  -R, --reversed              use reversed TARGET matching\n");
    fprintf(stdout, "  -t, --proto <proto>         sniff only this proto (default is all)\n");
+   fprintf(stdout, "      --certificate <file>    certificate file to use for SSL MiTM\n");
+   fprintf(stdout, "      --private-key <file>    private key file to use for SSL MiTM\n");
 
    fprintf(stdout, "\nUser Interface Type:\n");
    fprintf(stdout, "  -T, --text                  use text only GUI\n");
@@ -181,6 +183,8 @@ void parse_options(int argc, char **argv)
       { "broadcast", required_argument, NULL, 'b' },
       { "promisc", no_argument, NULL, 'p' },
       { "gateway", required_argument, NULL, 'Y' },
+      { "certificate", required_argument, NULL, 0 },
+      { "private-key", required_argument, NULL, 0 },
 
 
       { 0 , 0 , 0 , 0}
@@ -196,12 +200,15 @@ void parse_options(int argc, char **argv)
    GBL_FORMAT = &ascii_format;
    GBL_OPTIONS->ssl_mitm = 1;
    GBL_OPTIONS->broadcast = 0;
+   GBL_OPTIONS->ssl_cert = NULL;
+   GBL_OPTIONS->ssl_pkey = NULL;
 
 /* OPTIONS INITIALIZED */
 
    optind = 0;
+   int option_index = 0;
 
-   while ((c = getopt_long (argc, argv, "A:a:bB:CchDdEe:F:f:GhIi:j:k:L:l:M:m:n:oP:pQqiRr:s:STt:UuV:vW:w:Y:z", long_options, (int *)0)) != EOF) {
+   while ((c = getopt_long (argc, argv, "A:a:bB:CchDdEe:F:f:GhIi:j:k:L:l:M:m:n:oP:pQqiRr:s:STt:UuV:vW:w:Y:z", long_options, &option_index)) != EOF) {
       /* used for parsing arguments */
       char *opt_end = optarg;
       while (opt_end && *opt_end) opt_end++;
@@ -412,6 +419,19 @@ void parse_options(int argc, char **argv)
                   clean_exit(0);
                   break;
 
+        /* Certificate and private key options */
+         case 0:
+		if (!strcmp(long_options[option_index].name, "certificate")) {
+			GBL_OPTIONS->ssl_cert = strdup(optarg);	
+		} else if (!strcmp(long_options[option_index].name, "private-key")) {
+			GBL_OPTIONS->ssl_pkey = strdup(optarg);
+		} else {
+			fprintf(stdout, "\nTry `%s --help' for more options.\n\n", GBL_PROGRAM);
+			clean_exit(-1);
+		}
+
+		break;
+
          case ':': // missing parameter
             fprintf(stdout, "\nTry `%s --help' for more options.\n\n", GBL_PROGRAM);
             clean_exit(-1);

src/ec_sslwrap.c

@@ -672,14 +672,17 @@ static int sslw_sync_ssl(struct accepted_entry *ae)
       return -EINVALID;
    }
 
-   /* Create the fake certificate */
-   ae->cert = sslw_create_selfsigned(server_cert);  
-   X509_free(server_cert);
+   if (!GBL_OPTIONS->ssl_cert) {
+   	/* Create the fake certificate */
+   	ae->cert = sslw_create_selfsigned(server_cert);  
+   	X509_free(server_cert);
 
-   if (ae->cert == NULL)
-      return -EINVALID;
-
-   SSL_use_certificate(ae->ssl[SSL_CLIENT], ae->cert);
+   	if (ae->cert == NULL)
+      		return -EINVALID;
+
+   	SSL_use_certificate(ae->ssl[SSL_CLIENT], ae->cert);
+
+   }
 
    if (sslw_ssl_accept(ae->ssl[SSL_CLIENT]) != ESUCCESS) 
       return -EINVALID;
@@ -1077,12 +1080,30 @@ static void sslw_init(void)
    ON_ERROR(ssl_ctx_client, NULL, "Could not create client SSL CTX");
    ON_ERROR(ssl_ctx_server, NULL, "Could not create server SSL CTX");
 
-   /* Get our private key from our cert file */
-   if (SSL_CTX_use_PrivateKey_file(ssl_ctx_client, INSTALL_DATADIR "/" EC_PROGRAM "/" CERT_FILE, SSL_FILETYPE_PEM) == 0) {
-      DEBUG_MSG("sslw -- SSL_CTX_use_PrivateKey_file -- trying ./share/%s",  CERT_FILE);
+   if(GBL_OPTIONS->ssl_pkey) {
+	/* Get our private key from the file specified from cmd-line */
+	DEBUG_MSG("Using custom private key %s", GBL_OPTIONS->ssl_pkey);
+	if (SSL_CTX_use_PrivateKey_file(ssl_ctx_client, GBL_OPTIONS->ssl_pkey, SSL_FILETYPE_PEM) == 0) {
+		FATAL_ERROR("Can't open \"%s\" file : %s", GBL_OPTIONS->ssl_pkey, strerror(errno));
+	}
+
+	if (GBL_OPTIONS->ssl_cert) {
+		if (SSL_CTX_use_certificate_file(ssl_ctx_client, GBL_OPTIONS->ssl_cert, SSL_FILETYPE_PEM) == 0) {
+			FATAL_ERROR("Can't open \"%s\" file : %s", GBL_OPTIONS->ssl_cert, strerror(errno));
+		}
+
+		if (!SSL_CTX_check_private_key(ssl_ctx_client)) {
+			FATAL_ERROR("Certificate \"%s\" does not match private key \"%s\"", GBL_OPTIONS->ssl_cert, GBL_OPTIONS->ssl_pkey);
+		}
+	}
+   } else {
+   	/* Get our private key from our cert file */
+   	if (SSL_CTX_use_PrivateKey_file(ssl_ctx_client, INSTALL_DATADIR "/" EC_PROGRAM "/" CERT_FILE, SSL_FILETYPE_PEM) == 0) {
+      		DEBUG_MSG("sslw -- SSL_CTX_use_PrivateKey_file -- trying ./share/%s",  CERT_FILE);
 
-      if (SSL_CTX_use_PrivateKey_file(ssl_ctx_client, "./share/" CERT_FILE, SSL_FILETYPE_PEM) == 0)
-         FATAL_ERROR("Can't open \"./share/%s\" file : %s", CERT_FILE, strerror(errno));
+      		if (SSL_CTX_use_PrivateKey_file(ssl_ctx_client, "./share/" CERT_FILE, SSL_FILETYPE_PEM) == 0)
+         		FATAL_ERROR("Can't open \"./share/%s\" file : %s", CERT_FILE, strerror(errno));
+   	}
    }
 
    dummy_ssl = SSL_new(ssl_ctx_client);