• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

Ettercap

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> UNIX // GNU/Linux

View previous topic :: View next topic  
Author Message
Eve
Just Arrived
Just Arrived


Joined: 31 Mar 2010
Posts: 0


Offline

PostPosted: Wed Mar 31, 2010 12:41 pm    Post subject: Ettercap Reply with quote

Hi guys,
I am using ettercap to capture packets, modify them and resend them, using hex.

And I want too change this packet:
Payload: 00 00 00 05 68 75 32 46 43
into:
Payload: 00 00 00 05 68 75 41 41 41 <--- this is what i want

Static Numbers: (which i can use the search for):
00 00 00 05 68 75
These are dynamic and change every time (so i can't search for these):
32 46 43


I use this filter:
if (ip.proto == TCP && tcp.dst == 1111) {
if (search(DATA.data, "\x05\x68\x75")) {
replace("\x05\x68\x75", "\x05\x68\x75\x41\x41\x41");
msg("Packet Modified");
}
}

And i get this modified packet:
Payload: 00 00 00 05 68 75 41 41 41 32 46 43

You can see that the payload gets 6 byes longer.
So how do i remove these last 6 bytes. "32 46 43" ?

I need something like: replace("\x05\x68\x75\x*\x*\x*", "\x05\x68\x75\x41\x41\x41");
with * I mean variable number.
Back to top
View user's profile Send private message
Eve
Just Arrived
Just Arrived


Joined: 31 Mar 2010
Posts: 0


Offline

PostPosted: Wed Mar 31, 2010 1:33 pm    Post subject: Reply with quote

I found the solution after some fiddling with code.
remove the replace line totally and use:

DATA.data +6 = "\x41\x41\x41";

to overwrite data in packet on byte 6 to 9
Back to top
View user's profile Send private message
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> UNIX // GNU/Linux All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Looking for more Windows Networking info?

Sign up to the WindowsNetworking.com Monthly Newsletter, written by Enterprise Security MVP Deb Shinder, containing news, the hottest tips, Networking links of the month and much more. Subscribe today and don't miss a thing!
View a sample newsletter.

Become a WindowsNetworking.com member!

Discuss your Windows Networking issues with thousands of other Windows Newtorking experts. Click here to join!

Community Area

Log in | Register

Readers' Choice

Which is your preferred data recovery solution?

Follow TechGenix on Twitter