Morpheus - tcp/udp scripting syntax (parental control) #18
Description
- PARENTAL CONTROL FILTERS -
This tutorial explains how to write a ettercap filter (.eft) to serve as parental control
for those situations were we need to block the sellected device total traffic or just
block certain domains names or ip address of beeing accessed.
blocking all traffic from: 192.168.1.71
- 1º - run ./morpheus.sh and chose option [ w ]
- 2º - write the follow funtion rule into morpheus scripting console terminal windows
"change the ip address (192.168.1.71) by the one you want to filter"
- 3º - Press [ ctrl+x ] + Press [ y ] + Press [ enter ]
- 4º - Press [ q ] in morpheus windows to stop Arp Poison
blocking domain names: facebook.com
- 1º - run ./morpheus.sh and chose option [ w ]
- 2º - write the follow funtion rule into morpheus scripting console terminal windows
"change the ip address (192.168.1.71) by the one you want to filter"
- 3º - Press [ ctrl+x ] + Press [ y ] + Press [ enter ]
- 4º - Press [ q ] in morpheus windows to stop Arp Poison
blocking two domain names and store logfiles
Block: facebook.com + twitter.com <-- every event trigger will be appended into logfiles
- 1º - run ./morpheus.sh and chose option [ w ]
- 2º - write the follow funtion rule into morpheus scripting console terminal windows
"change the ip address (192.168.1.71) by the one you want to filter"
if (ip.src == '192.168.1.71' || ip.dst == '192.168.1.71') {
if (search(DATA.data, "facebook")) {
msg("\n[morpheus] host:192.168.1.71 [ ⊶ ] found...");
msg("[morpheus] | action : drop TCP (src/dst) packet ✔");
msg("[morpheus] | info : possible facebook connection attempt");
msg("[morpheus] |_ decoded: facebook.com\n");
log(DATA.data, "./facebook.log"); # <-- build logfile ettercap API
drop();
kill();
}else{
if (search(DATA.data, "twitter")) {
msg("\n[morpheus] host:192.168.1.71 [ ⊶ ] found...");
msg("[morpheus] | action : drop TCP (src/dst) packet ✔");
msg("[morpheus] | info : possible twitter connection attempt");
msg("[morpheus] |_ decoded: twitter.com\n");
log(DATA.data, "./twitter.log"); # <-- build logfile ettercap API
drop();
kill();
}
}
}
Final Notes (tool displays):
Add allways the follow lines into your filters for display effects
- 1º - run ./morpheus.sh and chose option [ w ]
- 2º - write the follow funtion rule into morpheus scripting console terminal windows
if (ip.proto == TCP && tcp.dst == 80 || tcp.src == 80) {
msg("[morpheus] host:ALL [ ⊶ ] port:80 [tcp] http ☆");
}
if (ip.proto == TCP && tcp.dst == 443 || tcp.src == 443) {
msg("[morpheus] host:ALL [ ⊶ ] port:443 [tcp] https ☆");
}
Morpheus Terminal displays
Be alerted by a BEEP sound everytime the event its trigger
- 1º - run ./morpheus.sh and chose option [ w ]
- 2º - write the follow funtion rule into morpheus scripting console terminal windows
"change the ip address (192.168.1.71) by the one you want to filter"
if (ip.src == '192.168.1.71' || ip.dst == '192.168.1.71') {
if (search(DATA.data, "facebook")) {
msg("\n[morpheus] host:192.168.1.71 [ ⊶ ] found...");
msg("[morpheus] | action : drop TCP (src/dst) packet ✔");
msg("[morpheus] | info : possible facebook connection attempt");
msg("[morpheus] |_ decoded: facebook.com\n");
log(DATA.data, "./facebook.log");
log(DATA.data, "./beep-warning.beep"); # <-- this file creation triggers a BEEP sound
drop();
kill();
}
}
-
3º - Press [ ctrl+x ] + Press [ y ] + Press [ enter ]
-
4º - sellect in execute warn.sh script? YES to emit a BEEP sound
Morpheus option [W] + Filter + warn.sh script working ..
[!] Please read this tutorial to extend your filter scripting skillz: