Author: Eve, Posted: Wed Mar 31, 2010 12:41 pm Post subject: Ettercap ---- Hi guys,
I am using ettercap to capture packets, modify them and resend them, using hex.
And I want too change this packet:
Payload: 00 00 00 05 68 75 32 46 43
into:
Payload: 00 00 00 05 68 75 41 41 41 <--- this is what i want
Static Numbers: (which i can use the search for):
00 00 00 05 68 75
These are dynamic and change every time (so i can't search for these):
32 46 43
I use this filter:
if (ip.proto == TCP && tcp.dst == 1111) {
if (search(DATA.data, "\x05\x68\x75")) {
replace("\x05\x68\x75", "\x05\x68\x75\x41\x41\x41");
msg("Packet Modified");
}
}
And i get this modified packet:
Payload: 00 00 00 05 68 75 41 41 41 32 46 43
You can see that the payload gets 6 byes longer.
So how do i remove these last 6 bytes. "32 46 43" ?
I need something like: replace("\x05\x68\x75\x*\x*\x*", "\x05\x68\x75\x41\x41\x41");
with * I mean variable number.
Author: Eve, Posted: Wed Mar 31, 2010 1:33 pm Post subject: ---- I found the solution after some fiddling with code.
remove the replace line totally and use: