Phantom Posted January 29, 2014 Posted January 29, 2014 (edited) I recently started to experiment with ettercap and its filters to see what can be done with them. I read through some tutorials avaliable online and was able to successfull create my own filter. Now my problem is that inside the filter I have the replace function that should replace the first sting with the second one. However this is not the case.My filter is very simple and is as follows: if (ip.proto == TCP) { if (search(DATA.data, "Hello")) { replace("Hello", " Bye "); msg("Data changed!"); } } I compile this filter as filter .eg and run ettercap, replacing the * with the relevant IP address. ettercap -T -F filter.eg -w testdump -M arp /***.***.***.***/ // output: I activate the filter and expect the Netcat message sent to that machine "Hello" to be changed to " Bye " and "Data Changed" to be outputted to the local terminal. However although "Data changed!" is outputted to the local terminal the Netact message remains unchanged and appears on the target machine as "Hello".Can anybody correct me as to where I have gone wrong with this basic filter. Edited January 29, 2014 by Phantom Quote
korockinout13 Posted February 9, 2014 Posted February 9, 2014 Doesn't netcat use encryption? You can't view, much less change, the encrypted message. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.