Security Advisories

Trustwave Press Releases

« Did Grum Really Get Killed? | Main | Cracking IKE Mission:Improbable (Part 1) »

26 March 2013


Excellent question. Wireshark is great if you want to put together streams and view data. But, there's more to Wireshark than that. I don't want to discount that at all. It's an excellent tool, one that I use all the time.

Ettercap comes in when you want to do more than view the data. One example where Ettercap would be more useful than Wireshark is when you want to perform injection based on some condition. With this same basic code, we can see the request to the page in the authenticated area of a site. Then, when we see the response, we can inject a BeEF hook when we know they are authenticated.

Also, when we come across custom protocols, making a basic parser in Lua is easier than writing one in C for many people. If we want to be able to both view and manipulate one of these protocols-- such as one for a custom piece of hardware-- this is where we hope this effort will be useful.

creating separate registry is very much similar to what happens when we split diffrent sessions using wireshark. IT creates temporary files for our streams based on the rule we provide. So how is this solution going to be different from that ?

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Your comment could not be posted. Error type:
Your comment has been posted. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.


Post a comment