Morpheus - tcp/udp scripting syntax (parental control)

[r00t-3xp10it]

                           - PARENTAL CONTROL FILTERS -
  This tutorial explains how to write a ettercap filter (.eft) to serve as parental control
  for those situations were we need to block the sellected device total traffic or just
  block certain domains names or ip address of beeing accessed.

blocking all traffic from: 192.168.1.71

• 1º - run ./morpheus.sh and chose option [ w ]
• 2º - write the follow funtion rule into morpheus scripting console terminal windows
  "change the ip address (192.168.1.71) by the one you want to filter"
  
• 3º - Press [ ctrl+x ] + Press [ y ] + Press [ enter ]
  
• 4º - Press [ q ] in morpheus windows to stop Arp Poison

blocking domain names: facebook.com

• 1º - run ./morpheus.sh and chose option [ w ]
• 2º - write the follow funtion rule into morpheus scripting console terminal windows
  "change the ip address (192.168.1.71) by the one you want to filter"
  
• 3º - Press [ ctrl+x ] + Press [ y ] + Press [ enter ]
  
• 4º - Press [ q ] in morpheus windows to stop Arp Poison

blocking two domain names and store logfiles

Block: facebook.com + twitter.com <-- every event trigger will be appended into logfiles

• 1º - run ./morpheus.sh and chose option [ w ]
• 2º - write the follow funtion rule into morpheus scripting console terminal windows
  "change the ip address (192.168.1.71) by the one you want to filter"

if (ip.src == '192.168.1.71' || ip.dst == '192.168.1.71') {
  if (search(DATA.data, "facebook")) {
    msg("\n[morpheus] host:192.168.1.71   [ ⊶  ]  found...");
    msg("[morpheus] | action : drop TCP (src/dst) packet ✔");
    msg("[morpheus] |   info : possible facebook connection attempt");
    msg("[morpheus] |_  decoded: facebook.com\n");
      log(DATA.data, "./facebook.log");      # <-- build logfile ettercap API 
      drop();
      kill();
  }else{
  if (search(DATA.data, "twitter")) {
    msg("\n[morpheus] host:192.168.1.71   [ ⊶  ]  found...");
    msg("[morpheus] | action : drop TCP (src/dst) packet ✔");
    msg("[morpheus] |   info : possible twitter connection attempt");
    msg("[morpheus] |_  decoded: twitter.com\n");
      log(DATA.data, "./twitter.log");    # <-- build logfile ettercap API 
      drop();
      kill();
  }
  }
}

Final Notes (tool displays):

Add allways the follow lines into your filters for display effects

• 1º - run ./morpheus.sh and chose option [ w ]
• 2º - write the follow funtion rule into morpheus scripting console terminal windows

if (ip.proto == TCP && tcp.dst == 80 || tcp.src == 80) {
    msg("[morpheus] host:ALL     [ ⊶  ]  port:80   [tcp] http ☆");
}
if (ip.proto == TCP && tcp.dst == 443 || tcp.src == 443) {
    msg("[morpheus] host:ALL     [ ⊶  ]  port:443  [tcp] https ☆");
}

Morpheus Terminal displays

Be alerted by a BEEP sound everytime the event its trigger

• 1º - run ./morpheus.sh and chose option [ w ]
• 2º - write the follow funtion rule into morpheus scripting console terminal windows
  "change the ip address (192.168.1.71) by the one you want to filter"

if (ip.src == '192.168.1.71' || ip.dst == '192.168.1.71') {
  if (search(DATA.data, "facebook")) {
    msg("\n[morpheus] host:192.168.1.71   [ ⊶  ]  found...");
    msg("[morpheus] | action : drop TCP (src/dst) packet ✔");
    msg("[morpheus] |   info : possible facebook connection attempt");
    msg("[morpheus] |_  decoded: facebook.com\n");
      log(DATA.data, "./facebook.log");
      log(DATA.data, "./beep-warning.beep"); # <-- this file creation triggers a BEEP sound
      drop();
      kill();
  }
}

• 3º - Press [ ctrl+x ] + Press [ y ] + Press [ enter ]

• 4º - sellect in execute warn.sh script? YES to emit a BEEP sound

Morpheus option [W] + Filter + warn.sh script working ..

---

[!] Please read this tutorial to extend your filter scripting skillz: