DarkPringles Posted September 18, 2014 Author Share Posted September 18, 2014 In my proxy, I make sure that the length is recalculated on injection. In regards to ettercap, I genuinely do not know, I haven't got too much experience, but I would expect it does. I'll take a look at the source this weekend. I am expecting to launch my proxy by the end of the month / start of next month. Best, Sebkinne very cool. i will be waiting and stop my work on ettercap custom filters. Quote Link to comment Share on other sites More sharing options...
whitenoise Posted September 18, 2014 Share Posted September 18, 2014 From my experience, I remember swapping data with ettercap, if the string size was larger then the original then the clients browser wwould not always provide the correct amount of data, for example the page source may be missing at the end </HTML> replace(12345, 1234567) Page may be missing L> </HTM Makes sense as the HTML source code probably comes in several packets. If you are able to choose what to replace you could search for comments (i.e. with regular expression), cut them out, inject your code and fill it up until the original size is restored. This might be a little workaround without making too much damage to the website itself. Quote Link to comment Share on other sites More sharing options...
i8igmac Posted September 18, 2014 Share Posted September 18, 2014 (edited) Makes sense as the HTML source code probably comes in several packets. If you are able to choose what to replace you could search for comments (i.e. with regular expression), cut them out, inject your code and fill it up until the original size is restored. This might be a little workaround without making too much damage to the website itself.I do remember doing exactly what u said... but I feel that all the problems you will find, there is a cleaner way to handle this...Its all about success rate... lets say ettercap fails 30% of the time to provide clean content modification, a small proxy will get you closer to 95% successful and clean content (my testing years ago) Edited September 18, 2014 by i8igmac Quote Link to comment Share on other sites More sharing options...
DarkPringles Posted October 27, 2014 Author Share Posted October 27, 2014 (edited) In my proxy, I make sure that the length is recalculated on injection. In regards to ettercap, I genuinely do not know, I haven't got too much experience, but I would expect it does. I'll take a look at the source this weekend. I am expecting to launch my proxy by the end of the month / start of next month. Best, Sebkinne any updates on this topic? btw: realtime file download replacement is now integrated in zANTI2 App for Andriod (replacement for dSploit) Link: https://www.zimperium.com/zanti-mobile-penetration-testing Edited November 6, 2014 by darkpringles Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.