In one my previous post i explained how to use Ettercap .In this Tutorial i will explain How to use Ettercap filters .If you have not read the previous article ,please go through it before reading this one From here
Fun With Ettercap Filters !!!!!!!
Things we need
1. Ettercap In a Linux box - to compile filters " I will be using Backtrack for this tutorial "
Procedure
1. First copy paste the following source code in a text file and save it as ig.filter
The tags may end up looking something like the following:
<img src="http://www.irongeek.com/images/jollypwn.png" /images/original-image.jpg>
The original image location will still be in the tag, but most web browsers should see it as a useless parameter. The "msg" function just prints to the screen letting us know that the filter has fired off.Now that we sort of understand the basics of the filter lets compile it
3. To compile the filter open a new Terminal and enter
4. Now open Etterecap ARP poison the victim and start sniffing ..( I have already explained this in my previous article)
5 . Now open Filters by going to Filter ---> apply filter ,as shown
6. Now select the filter which we created "ig.ef" and click ok
7. Now when the victim opens any web page He will see the pictures as shown below
Cool huh!!!!!!? Keep in mind that this filter does not seem to fire off for all images, it's a little hit and miss
Can I write My Own Filters ?
Yes you can write your own filter ....you can do some funny stuff like blocking the Internet connection , or redirecting the Victim to another website ..and many more , its left to your Imagination.. For more information on things you can do with Ettercap filters ,look at the sample code in the file "etter.filter.examples" that comes along with Ettercap. On my box this file is located in /usr/share/ettercap/etter.filter.examples
Hope You enjoyed this post !!!!!.If you have any doubts please feel free to post a comment !!!
Fun With Ettercap Filters !!!!!!!
Things we need
1. Ettercap In a Linux box - to compile filters " I will be using Backtrack for this tutorial "
Procedure
1. First copy paste the following source code in a text file and save it as ig.filter
2. The above source code was written by irongeek .Lets have look into the source code ...
# ################################################
# Jolly Pwned -- ig.filter -- filter source file ##
#By Irongeek. based on code from ALoR & NaGA ######
# Along with some help from Kev and jon.dmml #####
# credits --- irongeek ............. #############
# ################################################
if (ip.proto == TCP && tcp.dst == 80) {
if (search(DATA.data, "Accept-Encoding")) {
replace("Accept-Encoding", "Accept-Rubbish!");
# note: replacement string is same length as original string
msg("zapped Accept-Encoding!\n");
}
}
if (ip.proto == TCP && tcp.src == 80) {
replace("img src=", "img src=\"http://www.irongeek.com/images/jollypwn.png\" ");
replace("IMG SRC=", "img src=\"http://www.irongeek.com/images/jollypwn.png\" ");
msg("Filter Ran.\n");
}
- The code should be pretty self explanatory to anyone who has done much coding before (it's very much like C and other languages).
- The # symbols are comments.
- The "if" statement tells the filter to only work on TCP packet from source port 80, in other words coming from a web server.
- This test may still miss some images, but should get most of them. I'm also not sure about Ettercap's order of operation with AND (&&) and OR (||) statements but this filter largely seems to work (I tried using parentheses to explicitly specify the order of operation with the Boolean operators but this gave me compile errors).
- The "replace" function replaces the first parameter string with the second.
- Because of the way this string replacement works it will try to mangled image tags and insert the picture we desire into the web page's HTML before it returns it to the victim.
The tags may end up looking something like the following:
<img src="http://www.irongeek.com/images/jollypwn.png" /images/original-image.jpg>
The original image location will still be in the tag, but most web browsers should see it as a useless parameter. The "msg" function just prints to the screen letting us know that the filter has fired off.Now that we sort of understand the basics of the filter lets compile it
3. To compile the filter open a new Terminal and enter
etterfilter ig.filter -o ig.ef
where
Ig.flter is the file which we created in previous step
ig.ef is the compiled output file (filter )
4. Now open Etterecap ARP poison the victim and start sniffing ..( I have already explained this in my previous article)
5 . Now open Filters by going to Filter ---> apply filter ,as shown
6. Now select the filter which we created "ig.ef" and click ok
7. Now when the victim opens any web page He will see the pictures as shown below
Cool huh!!!!!!? Keep in mind that this filter does not seem to fire off for all images, it's a little hit and miss
Can I write My Own Filters ?
Yes you can write your own filter ....you can do some funny stuff like blocking the Internet connection , or redirecting the Victim to another website ..and many more , its left to your Imagination.. For more information on things you can do with Ettercap filters ,look at the sample code in the file "etter.filter.examples" that comes along with Ettercap. On my box this file is located in /usr/share/ettercap/etter.filter.examples
Hope You enjoyed this post !!!!!.If you have any doubts please feel free to post a comment !!!
is this only for LAN connection?
REPLYLAN, WLAN, and sometimes VPN/WAN
REPLYUse the form below to comment. No spam please!!!