Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Morpheus - tcp/udp scripting syntax (filters) #6

Open
r00t-3xp10it opened this issue Dec 29, 2016 · 0 comments
Open

Morpheus - tcp/udp scripting syntax (filters) #6

r00t-3xp10it opened this issue Dec 29, 2016 · 0 comments
Labels
framework tutorials

Comments

@r00t-3xp10it
Copy link
Owner

r00t-3xp10it commented Dec 29, 2016
edited


This tutorial describes etter filters command syntax logic

And it can be used to improve morpheus available filters
or to start write your own filter from scratch. 


WARNING: morpheus allow you to improve filters in 2 diferent ways
1º - Edit filter before runing morpheus and the 'changes' will be permanent
2º - Edit filter using 'morpheus scripting console' and the changes are active only once




filter ip address from source(src)

if (ip.src == '192.168.1.69') {
  msg("[morpheus] host:192.168.1.69   [ * ]  found");
}

filter ip address from destination(dst)

if (ip.dst == '192.168.1.69') {
  msg("[morpheus] host:192.168.1.69   [ * ]  found");
}

filter ip address from destination(dst) and(&&) from source(src)

if (ip.dst == '192.168.1.69' && ip.src == '192.168.1.69') {
  msg("[morpheus] host:192.168.1.69   [ * ]  found");
}

filter ip address from destination(dst) or(||) from source(src)

if (ip.dst == '192.168.1.69' || ip.src == '192.168.1.69') {
  msg("[morpheus] host:192.168.1.69   [ * ]  found");
}

filter protocol TCP from port 80 (src)

if (ip.proto == TCP && ip.src == 80) {
  msg("[morpheus] host:192.168.1.69   [ <- ]   port:80 http");
}

filter protocol UDP from port 53 (dst)

if (ip.proto == UDP && ip.dst == 53) {
  msg("[morpheus] host:192.168.1.69   [ -> ]   port:53 dns");
}

search for 'data' inside captured packet (search for: User-Agent)

# filter protocol and port destination/source
if (ip.proto == TCP && ip.dst == 80 || ip.src == 80) {
  msg("[morpheus] host:192.168.1.69   [ -> ]   port:80 http");
    # search for string inside captured packet
    if (search(DATA.data, "User-Agent:")) {
      msg("[morpheus] |_ status: User-Agent string found...");
    }
}

search for 'data' inside captured packet (search for: User-Agent) and store it on logfile

# filter protocol and port destination/source
if (ip.proto == TCP && ip.dst == 80 || ip.src == 80) {
  msg("[morpheus] host:192.168.1.69   [ -> ]   port:80 http");
    # search for string inside captured packet
    if (search(DATA.data, "User-Agent:")) {
      msg("[morpheus] |_ status: User-Agent string found...");
        # build logfile with captured data
        log(DATA.data, "./logfile.log");
    }
}

search for 'data' inside captured packet (search for: Host) and replace word by another one

# filter protocol and port destination/source
if (ip.proto == TCP && ip.dst == 80 || ip.src == 80) {
  msg("[morpheus] host:192.168.1.69   [ -> ]   port:80 http");
    # search for string inside captured packet
    if (search(DATA.data, "Host:")) {
      msg("[morpheus] |_ status: Host string found...");
        # replace word 'Host' by 'Pwn!' before forward packet back
        replace("Host", "Pwn!"); # note: replacement string is same length as original string
    }
}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
framework tutorials
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@r00t-3xp10it