What can we acomplish by using filters?
morpheus ships with a collection of etter filters written to accomplish various tasks: replacing images in web pages, replace text in web pages, inject payloads using html <form> tag, denial-of-service attacks (drop,kill packets from source), https/ssh downgrade attacks, redirect target browser traffic to another domain and gives you the ability to build compile your filter from scratch and lunch it through morpheus framework (option W).
1º – morpheus will fail if target system its protected againt arp poison atacks
2º – downgrade attacks will fail if browser target as installed only-https addon’s
3º – target system sometimes needs to clear netcache for arp poison to be effective
4º – many attacks described in morpheus may be dropped by target HSTS detection sys.
5º – incorrect number of token (///) in TARGET !!
morpheus by default will run ettercap using IPv6 (USE_IPV6=ACTIVE) like its previous
configurations into a ‘settings’ file, if you are reciving this error edit settings
file before runing morpheus and set (USE_IPV6=DISABLED) to force ettercap to use IPV4
6º – morpheus needs ettercap to be executed with high privileges (uid 0 | gid 0).
correct ettercap configuration display (running as Admin without ssl disectors active)
By default morpheus (at startup) will replace the original etter.conf/etter.dns files provided by ettercap, at framework exit morpheus will revert files to is original state..
ettercap, nmap, apache2, zenity
Framework option 1 [firewall] screenshots
firewall [option 1] pre-configurated filter will capture credentials from the follow services: http,ftp,ssh,telnet (facebook uses https/ssl :( ) report suspicious connections, report common websocial browsing (facebook,twitter,youtube), report the existence of botnet connections like: Mocbot IRC Bot, Darkcomet, redirect browser traffic and allow users to block connections (drop,kill) "Remmenber: morpheus gives is users the ability to 'add more rules' to filters befor execution" [morpheus] host:192.168.1.67 [ -> ] port:23 telnet ☆ Source ip addr flow destination rank good [morpheus] host:192.168.1.67 [ <- ] port:23 telnet ☠ Destination ip flow source port rank suspicious
Basically firewall filter will act like one offensive and defensive tool analyzing the
tcp/udp data flow to report logins,suspicious traffic,brute-force,block target ip,etc.