Hello everyone.

I faced with problem of implementing regular expression filters in ettercap. My research start-point begin from IronGeeks post "Fun with Ettercap Filters". This is quite nice fun filter. It's work fine for my lab...

Next step was improving it to replace not just:
<img src="image.png">
<IMG SRC="image.png">
but also:
<img id="32" class="cl1" src="image.png">
To solve this I decide use:
to find patterns: regex(where, regex)
to replace patterns: pcre_regex(where, pcre_regex ... )

Short (and unique) description for this functions I get from: man etterfilter and "Irongeek etterfilter man page"

I'm not good in regular expressions, but after some reading I implement this regular expression:
search pattern: /i/g(<img.*[^>]src=['|"])(.*[^'"])(['|"])
replace pattern:$1NEWImage.png$3

Using web-regular-expression-tester (for example regexter.com) I can successfully convert html.

After all this stuff i decide rewrite filter described in article above, and now it looks like:
if (ip.proto == TCP && tcp.dst == 80) {
   if (search(DATA.data, "Accept-Encoding")) {
      replace("Accept-Encoding", "Accept-Rubbish!"); 

if (ip.proto == TCP && tcp.src == 80) { 

	if (pcre_regex(DATA.data, "/i/g(<img.*[^>]src=['|\"])(.*[^'\"])(['|\"])", "$1tmp_image.png$3")){			msg("\n---> Perl regexp <---\n");		
But filter do not work...
As I can see in log - ettercap say that this works fine
replace("Accept-Encoding", "Accept-Rubbish!");
pcre_regex(DATA.data, "/i/g(<img.*[^>]src=['|\"])(.*[^'\"])(['|\"])", "$1tmp_image.png$3")
just not found

I will be very appreciated if you can help me!

After some time of research I realise that problem ca be solved by writing my own plugin...
I read some articles about writing plugins, and try to compile dummyplugin, but in BT4 distro I can't find source files, then I try search ettercap-dev (- source and etc) in repositories but I was enable to find thus I download them from official web site...
After unpacking source files i use plugin sources to compile plugins and i gained success, but when I try to use compiled dummypulgin in ettercanNG wich is supplied with BT4 it crashes...

So, if anyone can tell me how where I can find BT4 ettercapNG source files I will be appreciated!


And last, but not least.
My environmnet is:
hp notebook: windows
virtual box: BT4 prefinal

I'm using ettercamNG 0.7.3 and can successfully poison arp cash of my notebook