LocutusOfBorg
commented
3 years ago Thank you, patches are welcome, and I'm also directly interested in this filter. I don't work with modbus anymore, but it comes from time to time in my dailyjob :)
Closed gilbertocarcamo closed 3 years ago
LocutusOfBorg
commented
3 years ago Thank you, patches are welcome, and I'm also directly interested in this filter. I don't work with modbus anymore, but it comes from time to time in my dailyjob :)
gilbertocarcamo
commented
3 years ago LocutusOfBorg, Sorry, my English, I'm from Latam and I use google translate Thanks, You will know in which language etterfilter works.
BACnet - A Data Communication Protocol for Building Automation and Control Networks. Developed under the auspices of the American Society of Heating, Refrigerating and Air-Conditioning Engineers (ASHRAE)
This filter is capable of writing the Present.Value.real field, here the sensor readings are stored, now there are some things that I do not indicate, but it is possible to individually modify each bacne object very easily, the issue is that you have to analyze the plot of data since as with modbus each manufacturer may include functions other than the standard.
if (ip.proto == UDP) { if (tcp.src == 47808 || tcp.dst == 47808) { DATA.data + 26 ="\x44\x43\x17\x00\x00"; msg("replace buffer 151"); } }
LocutusOfBorg
commented
3 years ago Anyway I don't understand if this is a support request, or you are just sharing your findings. If you want to add some new features to etterfilter (such as random(), you can do in a similar way to this commit) 1263e6ee0c2c72aa5e95197c06acab8a25a52459
LocutusOfBorg
commented
3 years ago or you can also use execreplace and call random from bash?
gilbertocarcamo
commented
3 years ago my desire is to learn. and I share what I have achieved thanks to this forum hoping that it will serve others. my wish is to know if ettercap filters support C ++ functions or is it possible to program more routines for these filters.
LocutusOfBorg
commented
3 years ago yes it is possible for sure add more c functionalities, for c++ it might be a little trickier, and patches welcome!
koeppea
commented
3 years ago @gilbertocarcamo I've created a pull request #1138 which addresses your feature request. Can you please check it out?
It is possible to use the random number function(rand ()) to assign random values, or alternatively it is possible to use the mathematical functions of c ++ to make filters in ettercap. I want to be able to reproduce a signal following a pattern defined by a function to be able to simulate a pressure or temperature sensor by writing a value in the holding register
I am able to write the holding register and the coils freely thanks to the analysis of the TCP packet in wireshark, but I want to take these filters to the next level and develop something using the source code of ettercap (or part of it) to create a tool to audit and test SCADA systems and devices such as PLC on TCP / IP networks using C ++ and LabView
######################################################## if (ip.proto == TCP && tcp.src == 502 && DATA.data + 9 != "\xff") { msg("Change Holding Register FC:read"); DATA.data + 9 = "\x0a\x03"; msg("Data HR replaced"); }
if (tcp.src == 502 && DATA.data + 9 == "\xff") { msg("Change coil FC:read"); DATA.data + 9 = "\xfc"; msg("Data Coil replaced"); } ######################################################
incidentally I thank this community, it has been very helpful.