Ettercap is one of the most famous MITM applications ever. Installing it on Mac OS X was not entirely straight forward so here are some additional tricks I had to do to get it installed on Mountain Lion.
First off, I am using Homebrew, a package manger for OS X. Frankly, I sort of wish I had used MacPorts at this point, because it is more popular and there’s more documentation about using it. I’m not sure what the ramifications would be if I tried to switch at this point so I’m just going to plow forward using it.
I already had some of the needed dependencies required by Ettercap, so I’m going to focus on the problems I personally ran into. You may need to install additional libraries if you don’t already have them.
To enable PDF documentation generation
– ghostscript (ps2pdf13)
$ brew install ghostscript
To enable plugins:
– libltdl (part of libtool)
I didn’t run into a problem here
To have perl regexp in the filters:
$ brew install pcre
To support SSH and SSL decryption:
– openssl 0.9.7
$ brew install openssl
For the cursed GUI:
– ncurses >= 5.3
I already had this because I installed kismet but you might need it
For the GTK+ GUI:
– Glib >= 2.2.2
– Gtk+ >= 2.2.2
– Atk >= 1.2.4
– Pango >= 1.2.3
$ brew install gtk+
For the SSLStrip plugin
– Curl >= 7.26.0
This was a bugaboo. First do
$ brew install curl
This will install the recent version of curl that you need for ettercap. Unfortunately it will not symlink it to /usr/local because OS X already has a version of curl installed and brew doesn’t want to interfere with that. This sucks for us. We’ll need to modify the make file to point to our brew-installed version of curl.
Go into the build directory you made while setting up ettercap and edit the CMakeCache.txt file to look like this:
That will get the installer to look in the right place for the updated curl files.
Finally, after you successfully build ettercap (using sudo make install), you need to modify a mac system plist file to allow for IP forwarding. You would know this if you read the README.OSXLION file included with ettercap.
$ sudo nano /Library/Preferences/SystemConfiguration/com.apple.Boot.plist