ettercap filters - drop the packet and inject packet

Question

if (ip.proto == TCP) {    
    if (tcp.src == 2404 || tcp.dst == 2404) {    
        if (DATA.data+6 == 0x64 && DATA.data+8 == 0x07) {  
            msg(" pos activation - drop \n");                                         
            drop();  
            inject("./fake_pkt");  
        }
    }
}

We're able to successfully drop and inject packet using the ettercap filter above.

fake_pkt file content is "\x68\x04\x07\x00\x00\x00".

The injected content size is 24 characters and the injected packet contents are "\x68\x04\x07\x00\x00\x00", as text.

But our goal is to send a binary packet (68,04,07,00,00,00) of the size equal to 6 bytes.

May I know how to write hex values into the fake_pkt file to achieve our goal?

score 2 · Answer 1 · answered Aug 21 '18 at 00:16

inject() inserts the contents of a file as is. You need to create a binary file, 6 bytes long, and inject that. There are plenty ways to do that, one of the simplest is to use Python:

python3 -c "
with open('./fake_pkt', 'wb') as pkt:
    pkt.write(bytearray([0x68, 0x4, 0x7, 0x0, 0x0, 0x0]))"

ettercap filters - drop the packet and inject packet

1 Answers1