Jump to content

Ettercap Filters

Phantom

By Phantom
in Security

 Share

Recommended Posts

Phantom Newbie

Phantom

Posted
Posted (edited)

I recently started to experiment with ettercap and its filters to see what can be done with them. I read through some tutorials avaliable online and was able to successfull create my own filter.

Now my problem is that inside the filter I have the replace function that should replace the first sting with the second one. However this is not the case.
My filter is very simple and is as follows:

if (ip.proto == TCP) {
if (search(DATA.data, "Hello")) {
replace("Hello", " Bye ");
msg("Data changed!");
}

}

I compile this filter as filter .eg and run ettercap, replacing the * with the relevant IP address.

ettercap -T -F filter.eg -w testdump -M arp /***.***.***.***/ // output:

I activate the filter and expect the Netcat message sent to that machine "Hello" to be changed to " Bye " and "Data Changed" to be outputted to the local terminal.

However although "Data changed!" is outputted to the local terminal the Netact message remains unchanged and appears on the target machine as "Hello".
Can anybody correct me as to where I have gone wrong with this basic filter.

Edited by Phantom
Link to comment
Share on other sites
  • 2 weeks later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...