remote update feature

.travis.yml

@@ -27,6 +27,8 @@ compiler:
   - gcc
   - clang
 
+dist: focal
+
 os:
   - osx
   - linux
@@ -61,13 +63,13 @@ env:
   # Debug build
   - BUILD_ARGS="-DCMAKE_BUILD_TYPE=Debug"
   # Everything that's optional
-  - BUILD_ARGS="-DENABLE_PDF_DOCS=On -DENABLE_IPV6=On -DENABLE_LUA=On"
+  - BUILD_ARGS="-DENABLE_PDF_DOCS=On -DENABLE_IPV6=On -DENABLE_UPDATE=On -DENABLE_LUA=On"
   # Everything that's optional, in Debug-mode
-  - BUILD_ARGS="-DENABLE_PDF_DOCS=On -DENABLE_IPV6=On -DENABLE_LUA=On -DCMAKE_BUILD_TYPE=Debug"
+  - BUILD_ARGS="-DENABLE_PDF_DOCS=On -DENABLE_IPV6=On -DENABLE_UPDATE=On -DENABLE_LUA=On -DCMAKE_BUILD_TYPE=Debug"
   # Everything that's optional, GTK2
-  - BUILD_ARGS="-DENABLE_PDF_DOCS=On -DENABLE_IPV6=On -DENABLE_LUA=On -DGTK_BUILD_TYPE=GTK2"
+  - BUILD_ARGS="-DENABLE_PDF_DOCS=On -DENABLE_IPV6=On -DENABLE_UPDATE=On -DENABLE_LUA=On -DGTK_BUILD_TYPE=GTK2"
   # Everything that's optional, GTK2 in Debug-mode
-  - BUILD_ARGS="-DENABLE_PDF_DOCS=On -DENABLE_IPV6=On -DENABLE_LUA=On -DGTK_BUILD_TYPE=GTK2 -DCMAKE_BUILD_TYPE=Debug"
+  - BUILD_ARGS="-DENABLE_PDF_DOCS=On -DENABLE_IPV6=On -DENABLE_UPDATE=On -DENABLE_LUA=On -DGTK_BUILD_TYPE=GTK2 -DCMAKE_BUILD_TYPE=Debug"
   # IPV6 + system libnet
   - BUILD_ARGS="-DENABLE_IPV6=On -DBUNDLED_LIBNET=Off"
   # IPV6 + bundled libnet
@@ -100,23 +102,34 @@ matrix:
     # We expect system-only curl + ubuntu to fail :(
     #- os: linux
     #  env: BUILD_ARGS="-DBUNDLED_CURL=Off"
+    # since focal, gtk2 gives lots of warnings due to new compiler, nothing we can fix on our own
+    - os: linux
+      env: BUILD_ARGS="-DENABLE_PDF_DOCS=On -DENABLE_IPV6=On -DENABLE_UPDATE=On -DENABLE_LUA=On -DGTK_BUILD_TYPE=GTK2 -DCMAKE_BUILD_TYPE=Debug"
+    - os: osx
+      env: BUILD_ARGS="-DENABLE_PDF_DOCS=On -DENABLE_IPV6=On -DENABLE_UPDATE=On -DENABLE_LUA=On"
+    - os: osx
+      env: BUILD_ARGS="-DENABLE_PDF_DOCS=On -DENABLE_IPV6=On -DENABLE_UPDATE=On -DENABLE_LUA=On -DCMAKE_BUILD_TYPE=Debug"
+    - os: osx
+      env: BUILD_ARGS="-DENABLE_PDF_DOCS=On -DENABLE_IPV6=On -DENABLE_UPDATE=On -DENABLE_LUA=On -DGTK_BUILD_TYPE=GTK2"
+    - os: osx
+      env: BUILD_ARGS="-DENABLE_PDF_DOCS=On -DENABLE_IPV6=On -DENABLE_UPDATE=On -DENABLE_LUA=On -DGTK_BUILD_TYPE=GTK2 -DCMAKE_BUILD_TYPE=Debug"
   exclude:
     - os: osx
       env: BUILD_ARGS=""
     - os: osx
       env: BUILD_ARGS="-DCMAKE_BUILD_TYPE=Debug"
     - os: osx
       compiler: gcc
-      env: BUILD_ARGS="-DENABLE_PDF_DOCS=On -DENABLE_IPV6=On -DENABLE_LUA=On"
+      env: BUILD_ARGS="-DENABLE_PDF_DOCS=On -DENABLE_IPV6=On -DENABLE_UPDATE=On -DENABLE_LUA=On"
     - os: osx
       compiler: gcc
-      env: BUILD_ARGS="-DENABLE_PDF_DOCS=On -DENABLE_IPV6=On -DENABLE_LUA=On -DCMAKE_BUILD_TYPE=Debug"
+      env: BUILD_ARGS="-DENABLE_PDF_DOCS=On -DENABLE_IPV6=On -DENABLE_UPDATE=On -DENABLE_LUA=On -DCMAKE_BUILD_TYPE=Debug"
     - os: osx
       compiler: gcc
-      env: BUILD_ARGS="-DENABLE_PDF_DOCS=On -DENABLE_IPV6=On -DENABLE_LUA=On -DGTK_BUILD_TYPE=GTK2"
+      env: BUILD_ARGS="-DENABLE_PDF_DOCS=On -DENABLE_IPV6=On -DENABLE_UPDATE=On -DENABLE_LUA=On -DGTK_BUILD_TYPE=GTK2"
     - os: osx
       compiler: gcc
-      env: BUILD_ARGS="-DENABLE_PDF_DOCS=On -DENABLE_IPV6=On -DENABLE_LUA=On -DGTK_BUILD_TYPE=GTK2 -DCMAKE_BUILD_TYPE=Debug"
+      env: BUILD_ARGS="-DENABLE_PDF_DOCS=On -DENABLE_IPV6=On -DENABLE_UPDATE=On -DENABLE_LUA=On -DGTK_BUILD_TYPE=GTK2 -DCMAKE_BUILD_TYPE=Debug"
     - os: osx
       env: BUILD_ARGS="-DENABLE_IPV6=On -DBUNDLED_LIBNET=Off"
     - os: osx
@@ -150,8 +163,7 @@ script:
   - mkdir build
   - cd build
   - cmake -DENABLE_TESTS=On $BUILD_ARGS ..
-  - make
-  - make test_verbose
+  - make && make test_verbose
 
 notifications:
   irc:

CMakeLists.txt

@@ -13,6 +13,7 @@ Please create a separate build directory and run 'cmake /path/to/${PROJECT_NAME}
 option(ENABLE_CURSES "Enable curses interface" ON)
 option(ENABLE_GTK "Enable GTK interface" ON)
 option(ENABLE_PLUGINS "Enable plugins support" ON)
+option(ENABLE_UPDATE "Enable Self-Update support" OFF)
 option(ENABLE_IPV6 "Enable IPv6 support" OFF)
 option(ENABLE_LUA "Enable LUA support (EXPERIMENTAL)" OFF)
 option(ENABLE_PDF_DOCS "Enable PDF document generation" OFF)
@@ -132,7 +133,7 @@ if(NOT DISABLE_RPATH)
 endif()
 
 # set general build flags for debug build-type
-set(CMAKE_C_FLAGS_DEBUG "-O0 -ggdb3 -DDEBUG -fno-common -Wall -Wno-pointer-sign -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -Wextra -Wredundant-decls" CACHE STRING "" FORCE)
+set(CMAKE_C_FLAGS_DEBUG "-O0 -ggdb3 -DDEBUG -fno-common -Wall -Werror -Wno-pointer-sign -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -Wextra -Wredundant-decls" CACHE STRING "" FORCE)
 ## append ASAN build flags if compiler version has support
 #if("${CMAKE_C_COMPILER_ID}" STREQUAL "GNU")
 #   if(CMAKE_C_COMPILER_VERSION VERSION_GREATER 4.8)
@@ -191,6 +192,10 @@ add_subdirectory(utils)
 add_subdirectory(share)
 add_subdirectory(man)
 
+if(ENABLE_UPDATE)
+    set(WITH_UPDATE TRUE)
+endif()
+
 if(ENABLE_IPV6)
     set(WITH_IPV6 TRUE)
 endif()

desktop/ettercap.metainfo.xml

@@ -25,7 +25,7 @@
     </p>
   </description>
   <releases>
-    <release version="0.8.3"/>
+    <release version="0.8.3.1"/>
   </releases>
 
   <screenshots>

include/config.h.cmake

@@ -51,6 +51,7 @@
 #cmakedefine HAVE_UTF8
 #cmakedefine HAVE_PLUGINS
 #cmakedefine WITH_IPV6
+#cmakedefine WITH_UPDATE
 #cmakedefine HAVE_GEOIP
 #cmakedefine HAVE_EC_LUA
 #cmakedefine HAVE_CURL

man/ettercap.8.in

@@ -931,6 +931,19 @@ Stores profiles information belonging only to remote hosts.
 .TP
 .B STANDARD OPTIONS
 
+.TP
+\fB\-U\fR, \fB\-\-update\fR
+Connects to the ettercap website (www.ettercap-project.org) and retrieve the latest
+databases used by ettercap.
+.br
+If you want only to check if an update is available, prepend the \-z option.
+The order does matter: ettercap \-zU
+.Sp
+.B SECURITY NOTE:
+The updates are not signed so an attacker may poison your DNS server
+and force the updateNG.php to feed ettercap with fake databases.
+This can harm to your system since it can overwrite any file containing
+the string "Revision: ".
 
 .TP
 \fB\-v\fR, \fB\-\-version\fR

src/CMakeLists.txt

@@ -125,6 +125,10 @@ set(EC_SRC
     protocols/ec_wifi_radiotap.c
 )
 
+if(ENABLE_UPDATE)
+  set(EC_SRC ${EC_SRC} ec_update.c)
+endif()
+
 if(HAVE_GEOIP)
   set(EC_SRC ${EC_SRC} ec_geoip.c)
 endif()

src/dissectors/ec_ssh.c

@@ -143,9 +143,9 @@ FUNC_DECODER(dissector_ssh)
    u_int32 ssh_len, ssh_mod;
    u_char ssh_packet_type, *ptr, *key_to_put;
 #ifdef HAVE_OPAQUE_RSA_DSA_DH
-   BIGNUM *h_n, *s_n, *m_h_n, *m_s_n;
-   BIGNUM *h_e, *s_e, *m_h_e, *m_s_e;
-   BIGNUM *h_d, *s_d, *m_h_d, *m_s_d;
+   BIGNUM *h_n = NULL, *s_n = NULL, *m_h_n = NULL, *m_s_n = NULL;
+   BIGNUM *h_e = NULL, *s_e = NULL, *m_h_e = NULL, *m_s_e = NULL;
+   BIGNUM *h_d = NULL, *s_d = NULL, *m_h_d = NULL, *m_s_d = NULL;
 #endif
 
    /* don't complain about unused var */

src/ec_parser.c

@@ -23,10 +23,12 @@
 #include <ec.h>
 #include <ec_parser.h>
 #include <ec_interfaces.h>
+#include <ec_libettercap.h>
 #include <ec_sniff.h>
 #include <ec_send.h>
 #include <ec_log.h>
 #include <ec_format.h>
+#include <ec_update.h>
 #include <ec_mitm.h>
 #include <ec_filter.h>
 #include <ec_plugins.h>
@@ -103,7 +105,7 @@ void ec_usage(void)
 
 #ifdef HAVE_EC_LUA
    fprintf(stdout, "\nLUA options:\n");
-   fprintf(stdout, "      --lua-script <script1>,[<script2>,...]     comma-separted list of LUA scripts\n");
+   fprintf(stdout, "      --lua-script <script1>,[<script2>,...]     comma-separated list of LUA scripts\n");
    fprintf(stdout, "      --lua-args n1=v1,[n2=v2,...]               comma-separated arguments to LUA script(s)\n");
 #endif
 
@@ -126,6 +128,9 @@ void ec_usage(void)
    fprintf(stdout, "  -a, --config <config>       use the alternative config file <config>\n");
 
    fprintf(stdout, "\nStandard options:\n");
+#ifdef WITH_UPDATE
+   fprintf(stdout, "  -U, --update                updates the databases from ettercap website\n");
+#endif
    fprintf(stdout, "  -v, --version               prints the version and exit\n");
    fprintf(stdout, "  -h, --help                  this help screen\n");
 
@@ -141,8 +146,11 @@ void parse_options(int argc, char **argv)
    int c;
 
    static struct option long_options[] = {
-      { "help", no_argument, NULL, 'h' },
+#ifdef WITH_UPDATE
+      { "update", no_argument, NULL, 'U' },
+#endif
       { "version", no_argument, NULL, 'v' },
+      { "help", no_argument, NULL, 'h' },
 
       { "iface", required_argument, NULL, 'i' },
       { "lifaces", no_argument, NULL, 'I' },
@@ -225,7 +233,7 @@ void parse_options(int argc, char **argv)
    optind = 0;
    int option_index = 0;
 
-   while ((c = getopt_long (argc, argv, "A:a:bB:CchDdEe:F:f:GhIi:j:k:L:l:M:m:n:oP:pQqiRr:s:STt:uV:vW:w:Y:z6", long_options, &option_index)) != EOF) {
+   while ((c = getopt_long (argc, argv, "A:a:bB:CchDdEe:F:f:GhIi:j:k:L:l:M:m:n:oP:pQqiRr:s:STt:uUV:vW:w:Y:z6", long_options, &option_index)) != EOF) {
       /* used for parsing arguments */
       char *opt_end = optarg;
       while (opt_end && *opt_end) opt_end++;
@@ -400,6 +408,15 @@ void parse_options(int argc, char **argv)
             set_conf_file(optarg);
             break;
 
+#ifdef WITH_UPDATE
+         case 'U':
+	    /* load the conf for the connect timeout value */
+	    libettercap_load_conf();
+	    global_update();
+            /* NOT REACHED */
+            break;
+#endif
+
          case 'h':
             ec_usage();
             break;