the connection list can be erased by the user

CHANGELOG

@@ -10,10 +10,11 @@ NG-0.7.0_pre2    200404??
 
    + telnet collector enhacements (catches cisco login)
    + added the find_ettercap plugin
+   + the live connections list can be purged by the user
    !! fixed the $prefix issue in the configure
    !! fixed a linking problem against openssl
    !! some fixes in the man pages
-   !! compiles against openssl 0.9.6x
+   !! compiles against old openssl 0.9.6x
 
 
 NG-0.7.0_pre1    20040415

TODO

@@ -26,7 +26,7 @@
    + BINDER
 
    + fix strange behaviour on http filtering
-   
+
    + ETTERLOG
       - make the ec* files platform independet
       - extract files from streams looking for mime content or protocol

include/ec_conntrack.h

@@ -1,5 +1,5 @@
 
-/* $Id: ec_conntrack.h,v 1.12 2004/03/18 15:29:11 alor Exp $ */
+/* $Id: ec_conntrack.h,v 1.13 2004/04/23 12:55:35 alor Exp $ */
 
 #ifndef EC_CONNTRACK_H
 #define EC_CONNTRACK_H
@@ -77,6 +77,7 @@ enum {
 /* exported functions */
 extern void * conntrack_print(int mode, void *list, char **desc, size_t len);
 extern EC_THREAD_FUNC(conntrack_timeouter); 
+extern void conntrack_purge(void);
 
 extern int conntrack_hook_packet_add(struct packet_object *po, void (*func)(struct packet_object *po));
 extern int conntrack_hook_packet_del(struct packet_object *po, void (*func)(struct packet_object *po));

man/ettercap.8.in

@@ -14,7 +14,7 @@
 .\"  along with this program; if not, write to the Free Software
 .\"  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
 .\"
-.\"  $Id: ettercap.8.in,v 1.64 2004/04/21 10:02:41 alor Exp $
+.\"  $Id: ettercap.8.in,v 1.65 2004/04/23 12:55:35 alor Exp $
 .\"
 .de Sp
 .if n .sp
@@ -664,7 +664,7 @@ This is the title, but the following will not be displayed.
 \fB\-d\fR, \fB\-\-dns\fR
 Resolve ip addresses into hostnames. 
 .Sp
-NOTE: this may seriously slow down ettercap while logging passive informations.
+NOTE: this may seriously slow down ettercap while logging passive information.
 Every time a new host is found, a query to the dns is performed. Ettercap keeps
 a cache for already resolved host to increase the speed, but new hosts need a
 new query and the dns may take up to 2 or 3 seconds to respond for an unknown

man/ettercap_curses.8.in

@@ -14,7 +14,7 @@
 .\"  along with this program; if not, write to the Free Software
 .\"  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
 .\"
-.\"  $Id: ettercap_curses.8.in,v 1.15 2004/04/12 10:43:13 alor Exp $
+.\"  $Id: ettercap_curses.8.in,v 1.16 2004/04/23 12:55:36 alor Exp $
 .\"
 .de Sp
 .if n .sp
@@ -27,11 +27,11 @@
 .SH GENERAL DESCRIPTION
 The curses GUI is quite simple and intuitive.
 .br
-It is menu-driven. Every flag or functions can be modified/called through the
-upper menu. All the user messages are printed in the bottom window. If you want
+It is menu-driven. Every flag or function can be modified/called through the
+upper menu. All user messages are printed in the bottom window. If you want
 to see the old messages, you can scroll the window buffer by pressing the UP,
 DOWN, PPAGE, NPAGE keys. 
-The middle part is used to display informations or dialogs for the user.
+The middle part is used to display information or dialogs for the user.
 .Sp
 The menus can be opened by pressing the relative hotkey. For the menus the
 hotkey is represented by the uppercase initial letter of the title (e.g. 'S'
@@ -43,19 +43,19 @@ means CTRL+f).
 You can switch the focus between the objects on the screen by pressing the TAB
 key or by clicking on it with the mouse (if you are running ettercap within an
 xterm). Mouse events are supported only through the xterm. You can use the mouse
-to select objects, open a menu, chose a function, scroll the elevators for the
+to select objects, open a menu, choose a function, scroll the elevators for the
 scrolling windows, etc etc.
 .Sp
-When you open more than one windows in the middle part, they will overlap. Use
+When you open multiple windows in the middle part, they will overlap. Use
 the TAB key to switch between them. Use CTRL+Q to close the focused window.
 .br
-You can also use CTRL+Q to close input dialog if you want to cancel the
+You can also use CTRL+Q to close the input dialog if you want to cancel the
 requested input. (i.e. you have selected the wrong function and you want to go
 back).
 .Sp
-To have a quick help of shortcut you can use against a particular window press
-the SPACE key. An help window will be displayed with a list of shortcut that
-can be used. If the window does not appear, no shortcut are available.
+To have a quick help on the shortcuts you can use against a particular window press
+the SPACE key. A help window will be displayed with a list of shortcuts that
+can be used. If the window does not appear, no shortcuts are available.
 
 
 .SH HOW TO SELECT IT
@@ -66,13 +66,13 @@ To use the ncurses GUI you have to:
 - run it with the -C flag 
 .Sp
 Passing the -C flag is sufficient, but if you want you can pass other flags
-that will be automatically set even for the curses GUI. You will be able to
+that will be automatically set for the ncurses GUI. You will be able to
 override them using the menu to change the options.
 
 
 .SH ONCE STARTED
 As soon as ettercap is launched with the Ncurses GUI, you will be prompted with
-multiple choices. The first screen let you select if you want to open a pcap
+multiple choices. The first screen lets you select if you want to open a pcap
 file or dump the sniffed traffic to a file, if you want unified sniffing or
 bridged one, permits you to set a pcap file on the captured traffic and enables
 you to log all the sniffed data.
@@ -81,7 +81,7 @@ Once you have selected a sniffing method (from file, unified or bridged) this
 screen will not be reachable anymore. The only way is to restart ettercap.
 
 
-Let analyze each menu in the start screen:
+Let's analyze each menu in the start screen:
 
 .TP 
 .B File
@@ -93,9 +93,9 @@ sniffing are in place except for those sending or forwarding packets (mitm
 attacks and so on...).
 .TP
 .B Dump to file...
-All the traffic sniffed by the live capture will be dumped in that file. The
-filters nor the targets have effects on this file, all the packets received by
-pcap will be dumped. The only way to not dump a certain packet is to set a pcap
+All the traffic sniffed by the live capture will be dumped to that file. The
+filters, not the targets, have effects on this file, as all the packets received by
+pcap will be dumped. The only way to not dump a certain packet is to set a proper pcap
 filter (see below).
 .TP
 .B Exit
@@ -115,11 +115,11 @@ used for sniffing. The first up and running interface is suggested in the input
 box.
 For an explanation of what unified sniffing is, refer to ettercap(8).
 .br.
-TIP: if you press 'u' as an hotkey, this step will be skipped and the default
+TIP: if you use the 'u' hotkey, this step will be skipped and the default
 interface is automatically selected.
 .TP
 .B Bridged sniffing...  
-After giving the two interfaces to be used, you will enter the Bridged sniffing
+After selecting the two interfaces to be used, you will enter the Bridged sniffing
 mode. For an explanation of what bridged sniffing is, refer to ettercap(8).
 .TP
 .B Set pcap filter...
@@ -137,7 +137,7 @@ setting a pcap filter.
 .TP
 .B Unoffensive  
 This enable/disable the unoffensive flag. The asterisk '*' means "the option is
-enabled" else the option is not enabled.
+enabled". Otherwise the option is not enabled.
 .TP
 .B Promisc mode
 Enable/disable the promisc mode for the live capture on a network interface.
@@ -176,13 +176,13 @@ Returns to your favourite shell ;)
 .RS
 .TP
 .B Current Targets
-Displays a list of hosts in each TARGET. You can selectively remove an host by
-selecting it and press 'd' or add a new host pressing 'a'. To move between the
+Displays a list of hosts in each TARGET. You can selectively remove a host by
+selecting it and press 'd' or add a new host pressing 'a'. To switch between the
 two lists, use the ARROWS keys.
 .TP
 .B Select TARGET(s)
-Let you select the TARGET(s) as explained on ettercap(8). The syntax is the
-same as for command line specification.
+Lets you select the TARGET(s) as explained in ettercap(8). The syntax is the
+same as for the command line specification.
 .TP
 .B Protocol...
 You can choose to sniff only TCP, only UDP or both (ALL).
@@ -203,11 +203,11 @@ Restores both TARGETS to ANY/ANY/ANY
 .B Hosts list
 Displays the list of hosts detected through an ARP scan or converted from the
 passive profiles. This list is used by MITM attacks when the ANY target is
-selected, so if you want to exclude an host from the attack, simply delete it
+selected, so if you want to exclude a host from the attack, simply delete it
 from the list.
 .br
-You can remove an host from the list by pressing 'd', add to TARGET1 by
-pressing '1' and add to TARGET2 by pressing '2'.
+You can remove a host from the list by pressing 'd', add it to TARGET1 by
+pressing '1' or add it to TARGET2 by pressing '2'.
 .TP
 .B Scan for hosts
 Perform the ARP scan of the netmask if no TARGETS are selected. If TARGETS was
@@ -227,34 +227,34 @@ Save the current hosts list to a file.
 .RS
 .TP
 .B Connections
-Displays the connection list. To see detailed information about a connection,
-press 'd' or press 'k' to kill it. To see the traffic for a specific connection,
+Displays the connection list. To see detailed information about a connection
+press 'd', or press 'k' to kill it. To see the traffic for a specific connection,
 select it and press enter. Once the two-panel interface is displayed you can
 move the focus with the arrow keys. Press 'j' to switch between joined and
 splitted visualization. Press 'k' to kill the connection. Press 'y' to inject
 interactively and 'Y' to inject a file. Note that it is important which panel
 has the focus as the injected data will be sent to that address.
 .br
-HINT: connections marked with an asterisk contain account(s) informations.
+HINT: connections marked with an asterisk contain account(s) information.
 .TP
 .B Profiles
-Diplays the passive profile hosts list. Selecting an host will display the
+Diplays the passive profile hosts list. Selecting a host will display the
 relative details (including account with user and pass for that host).
 .br
-You can convert the list of passive profile into the hosts list by pressing 'c'. 
+You can convert the passive profile list into the hosts list by pressing 'c'. 
 To purge remote hosts, press 'l'. To purge local hosts, press 'r'. You can also
 dump the current profile to a file by pressing 'd'; the dumped file can be
 opened with etterlog(8).
 .br
-HINT: profiles marked with an asterisk contain account(s) informations.
+HINT: profiles marked with an asterisk contain account(s) information.
 .TP
 .B Statistics
 Displays some statistics about the sniffing process.
 .TP
 .B Resolve IP addresses
 Enables DNS resolution for all the sniffed IP address. CAUTION: this will
 extremely slow down ettercap. By the way the passive dns resolution is always
-active. It sniffs dns replies and stores it in a cache. If an ip address is
+active. It sniffs dns replies and stores them in a cache. If an ip address is
 present in that cache, it will be automatically resolved. It is dns resolution
 for free... ;)
 .TP
@@ -274,11 +274,11 @@ be displayed in the connection data window.
 .TP
 .B [...]
 For each type of attack, a menu entry is displayed. Simply select the attack you
-want and fill the arguments when asked. You can activate more than once at a
+want and fill the arguments when asked. You can activate more than one attack at a
 time.
 .TP
 .B Stop mitm attack(s)
-Stops all the mitm attack currently active.
+Stops all the mitm attacks currently active.
 .RE
 
 
@@ -300,18 +300,18 @@ Unload the filter and stop filtering the connections.
 .RS
 .TP
 .B Log all packets and infos...
-Given a file name, it will create two file: filename.eci (for informations
+Given a file name, it will create two files: filename.eci (for information
 about hosts) and filename.ecp (for all the interesting packets). This is the
 same as the -L option.
 .TP
 .B Log only infos...
-This is used only to sniff informations about hosts (same as the -l option).
+This is used only to sniff information about hosts (same as the -l option).
 .TP
 .B Stop logging info
 Come on... it is self explanatory.
 .TP
 .B Log user messages...
-Will log all the message appearing in the bottom window (same as -m option).
+Will log all the messages appearing in the bottom window (same as -m option).
 .TP
 .B Compressed file
 Asterisk-option to control whether or not the logfile should be compressed.
@@ -328,8 +328,8 @@ pressing 'enter'. Plugins already active can be recognized by the [1] symbol
 instead of [0]. If you select an active plugin, it will be deactivated.
 .TP
 .B Load a plugin...
-You can load a plugin file that is not in the default serach path. (remember
-that you can browse directory with EC_UID permissions).
+You can load a plugin file that is not in the default search path. (remember
+that you can browse directories with EC_UID permissions).
 .RE
 
 

src/dissectors/ec_http.c

@@ -17,7 +17,7 @@
     along with this program; if not, write to the Free Software
     Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
 
-    $Id: ec_http.c,v 1.13 2004/04/12 15:31:52 alor Exp $
+    $Id: ec_http.c,v 1.14 2004/04/23 12:55:36 alor Exp $
 */
 
 #include <ec.h>
@@ -528,8 +528,6 @@ static u_char Parse_Form(u_char *to_parse, char **ret, int mode)
       do {
          if (*q == '&') q++;
 
-         DEBUG_MSG("FORM: %s %s",q, d->name);
-
          if (!strncasecmp(q, d->name, strlen(d->name)) && *(q+strlen(d->name)) == '=' ) {
 
             /* Return the value past the '=' */

src/ec_conntrack.c

@@ -17,7 +17,7 @@
     along with this program; if not, write to the Free Software
     Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
 
-    $Id: ec_conntrack.c,v 1.21 2004/04/02 15:23:25 alor Exp $
+    $Id: ec_conntrack.c,v 1.22 2004/04/23 12:55:36 alor Exp $
 */
 
 #include <ec.h>
@@ -70,6 +70,7 @@ static void conntrack_del(struct conn_object *co);
 static int conntrack_match(struct conn_object *co, struct packet_object *po);
 EC_THREAD_FUNC(conntrack_timeouter);
 void * conntrack_print(int mode, void *list, char **desc, size_t len);
+void conntrack_purge(void);
 
 int conntrack_hook_packet_add(struct packet_object *po, void (*func)(struct packet_object *po));
 int conntrack_hook_packet_del(struct packet_object *po, void (*func)(struct packet_object *po));
@@ -328,10 +329,49 @@ static int conntrack_match(struct conn_object *co, struct packet_object *po)
  */
 static void conntrack_del(struct conn_object *co)
 {
+   struct ct_hook_list *h, *tmp;
+
+   /* remove the hooks */
+   SLIST_FOREACH_SAFE(h, &co->hook_head, next, tmp) {
+      SLIST_REMOVE(&co->hook_head, h, ct_hook_list, next);
+      SAFE_FREE(h);
+   }
+
+   /* wipe the associated buffer */
    connbuf_wipe(&co->data);
+
    SAFE_FREE(co);
 }
 
+/*
+ * erase the whole connections list
+ */
+void conntrack_purge(void)
+{
+   struct conn_tail *cl, *tmp;
+
+   DEBUG_MSG("conntrack_purge");
+
+   TAILQ_FOREACH_SAFE(cl, &conntrack_tail_head, next, tmp) {
+      /* don't erase the connection if it is viewed */
+      if (cl->co->flags & CONN_VIEWING)
+         continue;
+
+      CONNTRACK_LOCK;
+
+      /* wipe the connection */
+      conntrack_del(cl->co);
+      /* remove the element in the hash table */
+      LIST_REMOVE(cl->cs, next);
+      SAFE_FREE(cl->cs);
+      /* remove the element in the tailq */
+      TAILQ_REMOVE(&conntrack_tail_head, cl, next);
+      SAFE_FREE(cl);
+
+      CONNTRACK_UNLOCK;
+   }
+
+}
 
 
 EC_THREAD_FUNC(conntrack_timeouter)