Hi Im looking to make an ettercap filter that when a person requests an http url with the following syntax *.exe, it gets replaced by a different url, would a simple DNS edit work for this? Probably using base.

so I understand the code, but am unsure of how it works exactly as I have not found very much online documentation.

I imagine it would build off the base:

if {requested_url == *.exe}
requested url = new url here

If possible the name should stay the same, but thats not imperative. Im looking to create a way to filter certain content, but building off of trust. They think they can access it but it actually does nothing except show up in my logs that they "violated the trust"