MacOS: GUI freeze on any action after initialization

[futdev]

Hey, I'm currently running ettercap GUI on my macOS High Sierra 10.13.6 laptop, all to which it appears to be completely broken, I'm unsure whether this is to do with not changing any config etc.. but I've followed EXACTLY what's been told to do inside the Wiki - macosx page.

Curtiss-MBP:~ curtis$ sudo ettercap -G
Password:

ettercap 0.8.2 copyright 2001-2017 Ettercap Development Team

Error Opening file /usr/local/var/GeoIP/GeoIP.dat
Error Opening file /usr/local/share/GeoIP/GeoIP.dat

I get these messages upon opening Ettercap but that's all fine until the moment

To produce this error & for the GUI to crash, all I did was run sudo ettercap -G as shown above and from the GUI I did the following:

• Sniff > Unified Sniffing
• en06 (my wireless card)
• Hosts > Scan For Hosts
• Hosts List > Add to Target 1
• View > Connections > Type anything inside the filter list.

The GUI then freezes (unresponsive) doesn't close, and just sits there unresponsive until I force close the application. Is their any error logs or something within Ettercap that I can post here or find out the issue from?

[koeppea]

I've just upgraded my test MacBook to the same OS version. I can confirm this issue as I'm able to reproduce it. Beginning investigating on that.....

[koeppea]

It's regardless of the GUI code. Same happens even when build in (unchanged) GTK2 mode. It happens when entering anything in any Entry. E.g. Select Target dialog. Something really weird with the GTK library.

[fmeng]

Hey, The GUI freezes (unresponsive) doesn't close when i choose log directory. macosx: 10.13.2 (17C88) ettercap: 0.8.2

[koeppea]

Adjusted title better summarizing the issue

[futdev]

@kholia do we have any progress on this?

[koeppea]

Can you try to reproduce after a fresh reboot of the MacBook?

[koeppea]

I rewinded the history to 0.8.2. No GTK3 UI, no shared libettercap library. Still the issue persists. @eaescob Could have a look to pls? I'm running out of ideas.

[eaescob]

Is this a particular GTK package? Is it the macports or brew one?

[koeppea]

homebrew as what I tested and was able to replace. I haven't tested macports since I'm not very familiar.

[eaescob]

Ok, I have Mojave installed. I'll test with GTK+3.

[eaescob]

Able to reproduce. Right now I'm not finding much about this. I can see that the signal method (set_connfilter_host) is not even being called. Will keep digging.

[koeppea]

Right.

It's even not limited to the search entry in the connections list. It applies to any entry field after initialization. I have the feeling, that there is some timing involved. Sometimes, I can't reproduce it when I try to be fast (e.g. omitting the host-scan). All entries remain working. Next try, being a little slower, the entry fields make the UI getting frozen.

Have you now tried with GTK from macports or homebrew?

[eaescob]

I wonder if it's a GTK threading issue. Perhaps we're meant to load new widgets by locking threads or using some other mechanism. I'll continue my research

[koeppea]

Thank you. Hope you find out a little more than me.

[sgeto]

I remember Alex saying that this problem happens even with GTK2.

So maybe you should also try/build without any GUI at all to make sure it's not something else (OpenSSL, libpcap etc.) Just a thought. I don't know macOS 😅😅😅

-- "We are saddened by a bird's cry, but not for a fish's blood. Blessed are those with voices."

-Mamoru Oshii

On Nov 9, 2018, at 12:48 AM, Alexander Köppe notifications@github.com wrote:

Thank you. Hope you find out a little more than me. — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or mute the thread.

[eaescob]

Correct, trying all uis. Have you tested GTK on Linux recently? Making sure this is specific to OS X and not something else.

[eaescob]

Tested other UIs with no problems. Will test on Linux to be sure as well. Currently building GTK+3 from scratch instead of package system.

[koeppea]

Of course I build on Linux and even on FreeBSD using the same approach. compiling Ettercap's source code against distribution-provided GTK libraries. This occured only on MacOSX, at least for what I've been able to reproduce. I think to remember, that from the time I've developed the GTK+3 UI, it was working on MacOS.

[eaescob]

Thanks. This is helpful and saves me time. I'll continue building GTK from scratch. Will have to do it from home as it requires to perform some FTP downloads that we block at work. Can't fight a policy I put in place :)

[eaescob]

I am starting to wonder if we'll need to bundle the OS X binary into a GTK package. I have not found any resources. I just finished building GTK+ from scratch. Trying to link it to our cmake to understand if the issue goes away.

[koeppea]

What I'm going to do is to reset my MacBook to factory default - not updating and also try to reproduce.

[kholia]

Perhaps https://github.com/kholia/OSX-KVM can help in reproducing such bugs?

[eaescob]

We can reproduce the issue. What I'm having a hard time finding is a solution for it. I compiled GTK3+ as specified in the GNOME Project page. Now the GUI crashes when attempting to load. I'm inclined to believe that we're not leveraging multi-threads/window loading properly as required by gtk3+. I will run it with the homebrew package again and see what ltrace/strace() show.

[eaescob]

Interesting thing that I noticed. The ui_init() and ui_setup() methods are called twice. Wonder if this is what's causing the problem.

[koeppea]

So I reset my MacBook - however being unable to downgrade back to Sierra. With Upgrading, the maintenance partition is upgraded along. :-/

However I gave MacPorts. a try. Compiled Ettercap and I'm not able to reproduce the issue. I've listed the packages I've installed using MacPorts in the Wiki.

I'm going to perform the negative test by resetting the Mac again and start from scratch with HomeBrew in order to try to reproduce the issue again.

[koeppea]

@kholia I've had a look at it. Looking quite promising. However, I'm having issues finding the installer. Do you know if its also working the the Mojave release?

[kholia]

Do you know if its also working the the Mojave release?

Yep. I am currently running macOS Mojave 10.14.1 here.

https://github.com/kholia/OSX-KVM/tree/master/Mojave

Note: Use create_iso_mojave.sh for generating a macOS Mojave based ISO image.

[koeppea]

Alright. I've setup the Mac from scratch and installed HomeBrew. And the issue is again reproducible. That means that the issue is related to home-brew. I think specially due to the integration of X11 into homebred-core as noted here. So I'm trying now how to get from a home-brew to MacPorts installation.

We should also raise a issue with the HomeBrew folks.

[koeppea]

@InkedCurtis Can you please try for following procedure, to switch from home-brew to MacPorts:

brew list | xargs brew uninstall 

Download the MacPorts installer from macports.org and install. Open a new terminal:

$ sudo port -v selfupdate
$ sudo port install check curl cmake ghostscript xorg gtk2 gtk3 libidn libnet11 luajit rtmpdump libgeoip geoipupdate
$ sudo port install adwaita-icon-theme

Then recompile Ettercap:

sudo rm -R $ETTERCAP-BUILD-DIR
mkdir -p $ETTERCAP-BUILD-DIR
cd $ETTERCAP-BUILD-DIR
cmake -DCMAKE_BUILD_TYPE=Debug ..
make && sudo make install
xhost local:root

Reboot

sudo ettercap -G 

[koeppea]

@InkedCurtis Any update on my last comment?

[futdev]

@koeppea unfortunately I don't use Mac anymore, although I do hope it fixed it!

[c0rru]

Hi i had the same issue today (GUI CRASH), and i fixed it using "brew install adwaita-icon-theme" (it is described in the wiki of this project) Thanks! :)

[koeppea]

Interessting.

So you have built it from source and don't have the issue?

Can you also confirm when doing the following procedure:

 1. start ettercap -G  2. start unified sniffing  3. open hosts list  4. scan for hosts  5. open connections table  6. click into the "host filter" entry field and try to type something

This is the moment where it were freezing on my test machine.

So can you confirm this is NOT happening after you've installed the icon theme?

Thanks

[KnightSec-Official]

GUI freeze even if its built from source... happens to me... i changed from homebrew to macports but still have the same issue....

[c0rru]

Interessting. So you have built it from source and don't have the issue? Can you also confirm when doing the following procedure:  1. start ettercap -G  2. start unified sniffing  3. open hosts list  4. scan for hosts  5. open connections table  6. click into the "host filter" entry field and try to type something This is the moment where it were freezing on my test machine. So can you confirm this is NOT happening after you've installed the icon theme? Thanks

If i do the steps you mentioned, it crashes at step 6! :( Icon theme only helped with another type of crash.) So there is still a problem with it, but i can use the basic functionality, without any problems, with the icon theme installed.

[koeppea]

i changed from homebrew to macports but still have the same issue....

Have you rebuild ettercap after you've switched incl. Reboot?

sudo rm -R $ETTERCAP-BUILD-DIR
mkdir -p $ETTERCAP-BUILD-DIR
cd $ETTERCAP-BUILD-DIR
cmake -DCMAKE_BUILD_TYPE=Debug ..
make && sudo make install
xhost local:root

[KnightSec-Official]

Yes

[Kindhearted57]

Met with the same problem today... wondering if there is any solution?crashes at the filter

[koeppea]

We’re still struggling finding a solution.

[greycr0w]

This is happening to me also, I try running with sudo ettercap -G and the UI freezes and gives this error

Error Opening file /usr/local/var/GeoIP/GeoIP.dat Error Opening file /usr/local/share/GeoIP/GeoIP.dat

(Edit) I tried building from source, downloading from GitHub and running Cmake but it still didint work. I get segmentation faults.

[koeppea]

I tried building from source but the something is happening.

This is a somewhat known problem for which we have up to now no solution. However I don’t understand your sentence above. Can you please explain?

[greycr0w]

Very sorry, I was doing 5 things simultaneously and somehow just Commented. Check my edit above.

I decided that Ettercap will simply not work for me 🤔

[koeppea]

@greycr0w I hope I get back the my test device soon and hope to be able to reproduce. But it would be very helpful, to understand what the steps are to reproduce the segmentation fault.

Up to now, we only experienced a mysterious freezing when gtk+ package from homebrew is being used. But a segmentation fault would be something much more grippy. Could you please read our Wiki page Providing debug information.

[koeppea]

I haven't been able to get this reproduced with MacOS Catalina. Seemed to be a temporary issue within Mojave.

[lwabish]

in my case, this is because I have never used geoip, although brew installed geoip, its data never existed.So after downloading dat files from here, problem solved.

[koeppea]

Thanks for the explanation and the hint where to retrieve the database. Once we'll step over another problem like this, I'm going to dedicate a Wiki article.

[samundra]

I am using Mojave and I am also facing the same problem. I installed Ettercap through brew. Also followed the steps to put GeoIPx.dat files to respective folders but it did not work. At step 6) the whole UI freezes and I have to force close it.

[Gremlin52]

Hi, Im experiencing this error on MacOS Catalina. was this issue ever resolved? if so how?

[daturadev]

I'm going to attempt to revive this thread.

I am running Ettercap on Mac OS Sonoma 14.0. It seems to be somewhat functional, but is again returning these errors:

Error Opening file /usr/local/var/GeoIP/GeoIP.dat
Error Opening file /usr/local/share/GeoIP/GeoIP.dat

My GUI crashes as well - namely setting WiFi keys and enabling/disabling plug-ins. I have brewed both Ettercap, GeoIP, and the icon pack recommended prior. I have also attempted a similar potential solve that @samundra mentioned. Installed GeoIP.dat files (@lwabish), renamed to GeoIP.dat, and placed in their respective locations of error. No progress thus far.

[LocutusOfBorg]

might be some permission error?