- PARENTAL CONTROL FILTERS -
This tutorial explains how to write a ettercap filter (.eft) to serve as parental control
for those situations were we need to block the sellected device total traffic or just
block certain domains names or ip address of beeing accessed.
blocking all traffic from: 192.168.1.71
1º - run ./morpheus.sh and chose option [ w ]
2º - write the follow funtion rule into morpheus scripting console terminal windows
"change the ip address (192.168.1.71) by the one you want to filter"
3º - Press [ ctrl+x ] + Press [ y ] + Press [ enter ]
4º - Press [ q ] in morpheus windows to stop Arp Poison
blocking domain names: facebook.com
1º - run ./morpheus.sh and chose option [ w ]
2º - write the follow funtion rule into morpheus scripting console terminal windows
"change the ip address (192.168.1.71) by the one you want to filter"
3º - Press [ ctrl+x ] + Press [ y ] + Press [ enter ]
4º - Press [ q ] in morpheus windows to stop Arp Poison
blocking two domain names and store logfiles
Block: facebook.com + twitter.com <-- every event trigger will be appended into logfiles
1º - run ./morpheus.sh and chose option [ w ]
2º - write the follow funtion rule into morpheus scripting console terminal windows
"change the ip address (192.168.1.71) by the one you want to filter"
if (ip.src == '192.168.1.71' || ip.dst == '192.168.1.71') {
if (search(DATA.data, "facebook")) {
msg("\n[morpheus] host:192.168.1.71 [ ⊶ ] found...");
msg("[morpheus] | action : drop TCP (src/dst) packet ✔");
msg("[morpheus] | info : possible facebook connection attempt");
msg("[morpheus] |_ decoded: facebook.com\n");
log(DATA.data, "./facebook.log"); # <-- build logfile ettercap API
drop();
kill();
}else{
if (search(DATA.data, "twitter")) {
msg("\n[morpheus] host:192.168.1.71 [ ⊶ ] found...");
msg("[morpheus] | action : drop TCP (src/dst) packet ✔");
msg("[morpheus] | info : possible twitter connection attempt");
msg("[morpheus] |_ decoded: twitter.com\n");
log(DATA.data, "./twitter.log"); # <-- build logfile ettercap API
drop();
kill();
}
}
}
Final Notes (tool displays):
Add allways the follow lines into your filters for display effects
1º - run ./morpheus.sh and chose option [ w ]
2º - write the follow funtion rule into morpheus scripting console terminal windows
Be alerted by a BEEP sound everytime the event its trigger
1º - run ./morpheus.sh and chose option [ w ]
2º - write the follow funtion rule into morpheus scripting console terminal windows
"change the ip address (192.168.1.71) by the one you want to filter"
if (ip.src == '192.168.1.71' || ip.dst == '192.168.1.71') {
if (search(DATA.data, "facebook")) {
msg("\n[morpheus] host:192.168.1.71 [ ⊶ ] found...");
msg("[morpheus] | action : drop TCP (src/dst) packet ✔");
msg("[morpheus] | info : possible facebook connection attempt");
msg("[morpheus] |_ decoded: facebook.com\n");
log(DATA.data, "./facebook.log");
log(DATA.data, "./beep-warning.beep"); # <-- this file creation triggers a BEEP sound
drop();
kill();
}
}
3º - Press [ ctrl+x ] + Press [ y ] + Press [ enter ]
4º - sellect in execute warn.sh script? YES to emit a BEEP sound
Morpheus option [W] + Filter + warn.sh script working ..
blocking all traffic from: 192.168.1.71
blocking domain names: facebook.com
blocking two domain names and store logfiles
Block: facebook.com + twitter.com <-- every event trigger will be appended into logfiles
Final Notes (tool displays):
Add allways the follow lines into your filters for display effects
Be alerted by a BEEP sound everytime the event its trigger
1º - run ./morpheus.sh and chose option [ w ]
2º - write the follow funtion rule into morpheus scripting console terminal windows "change the ip address (192.168.1.71) by the one you want to filter"
3º - Press [ ctrl+x ] + Press [ y ] + Press [ enter ]
4º - sellect in execute warn.sh script? YES to emit a BEEP sound
Morpheus option [W] + Filter + warn.sh script working ..
[!] Please read this tutorial to extend your filter scripting skillz: