Results 1 to 1 of 1

Thread: ettercap: how to filter ssl packets?

Thread Tools
Search Thread
- Advanced Search
Display
- Switch to Linear Mode
- Hybrid Mode
- Switch to Threaded Mode

Hybrid View

05-24-2009, 08:46 PM #1
Wummi

View Profile

View Forum Posts
Just burned his ISO

Join Date

May 2009

Posts

17
ettercap: how to filter ssl packets?
hey there.

i'm almost bald from pulling my hair, when i try to modify an https page via etterfilter. (sorry in advance for bad spelling - i'm no native speaker)

scenario: standart arp mitm attack via ettercap, the ssl dissector is working.

now im trying to write an etterfilter that modifies the ssl stream for example:

Code:

if (ip.proto == TCP) { if (tcp.src == 443) { msg("HTTPS incoming\n"); if (search(DECODED.data, "bla")) { msg("string found\n"); } } }

ettercap does inform me of the tcp 443 connection, but doesn't find the string. it doesn't matter if i uses DATA.data or DECODED.data

as the string is not found, i can't replace it either (who would have guessed )

is there any way to get the filters working right with the ssl dissector? etter.filter.examples states it should be possible, when using DECODED.data.
seems it is not.

any guesses?

Quick Navigation OLD Specialist Topics Top

« Previous Thread | Next Thread »

Posting Permissions

You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
[VIDEO] code is On
HTML code is Off

All times are GMT. The time now is 01:47 AM.

vBulletin Optimisation by vB Optimise.