Ettercap

Networking/Security Forums -> UNIX // GNU/Linux

Author: Eve PostPosted: Wed Mar 31, 2010 12:41 pm    Post subject: Ettercap
    ----
Hi guys,
I am using ettercap to capture packets, modify them and resend them, using hex.

And I want too change this packet:
Payload: 00 00 00 05 68 75 32 46 43
into:
Payload: 00 00 00 05 68 75 41 41 41 <--- this is what i want

Static Numbers: (which i can use the search for):
00 00 00 05 68 75
These are dynamic and change every time (so i can't search for these):
32 46 43


I use this filter:
if (ip.proto == TCP && tcp.dst == 1111) {
if (search(DATA.data, "\x05\x68\x75")) {
replace("\x05\x68\x75", "\x05\x68\x75\x41\x41\x41");
msg("Packet Modified");
}
}

And i get this modified packet:
Payload: 00 00 00 05 68 75 41 41 41 32 46 43

You can see that the payload gets 6 byes longer.
So how do i remove these last 6 bytes. "32 46 43" ?

I need something like: replace("\x05\x68\x75\x*\x*\x*", "\x05\x68\x75\x41\x41\x41");
with * I mean variable number.

Author: Eve PostPosted: Wed Mar 31, 2010 1:33 pm    Post subject:
    ----
I found the solution after some fiddling with code.
remove the replace line totally and use:

DATA.data +6 = "\x41\x41\x41";

to overwrite data in packet on byte 6 to 9



Networking/Security Forums -> UNIX // GNU/Linux


output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group