Automated Ettercap TCP/IP Hijacking Tool – Morpheus

Last Release: 05/16/2018    

Automated Ettercap TCP/IP Hijacking Tool – Morpheus


Morpheus is a Man-In-The-Middle (MitM) framework that allows users to manipulate tcp/udp data using ettercap, urlsnarf, msgsnarf and tcpkill as backend applications. This TCP/IP hijacking tool automates tcp/udp packet manipulation tasks by using etter filters to manipulate target requests/responses under MitM attacks replacing the tcp/udp packet contents by our contents before forward the packet back to the target host.

How Morpheus Works?

  1. attacker -> arp poison local lan (mitm)
  2. target -> requests webpage from network (wan)
  3. attacker -> modifies webpage response (contents)
  4. attacker -> modified packet its forward back to target host
The author does not hold any responsibility for the bad use of this tool, remember that attacking targets without prior consent it’s illegal and punished by law.

Morpheus - TCP/IP Hijacking Tool

Morpheus: Automated Ettercap TCP/IP Hijacking Tool

This tool comes with some pre-configurated filters, but it allows improvements every time you launch the attack, before or during the runtime. Morpheus will revert the filter back to is default stage in the end of attack, so you don’t have to worry about filter command syntax at all.

So, there are two different ways to improve/edit filters:

  • edit before running morpheus (the changes will be permanent) or
  • use ‘morpheus scripting console’ (the changes are active only once).

Filter usage:

  • replacing images in webpages, replacing text in webpages, injecting payloads in webpages,
  • denial-of-service attacks (drop, kill packets from source),
  • redirecting browser traffic to another domain (ability to build your filter from scratch and run it through morpheus framework).


  • if target system is protected against arp poison attacks, morpheus will fail
  • target system sometimes needs to clear the net cache for arp poison to be effective
  • many attacks described in morpheus may be dropped by the target HSTS detection system
  • ettercap needs to be executed with high privileges (uid 0 | gid 0)

By default, morpheus will replace the original etter.conf/etter.dns files provided by ettercap. On exit, framework will revert those files to original state.

It’s very important to exit the tool properly, in order to revert all the changes you’ve made (press ‘E’ to exit).


  • required: ettercap, nmap, zenity, apache2
  • sub-dependencies: driftnet, dsniff, sslstrip-0.9, dns2proxy

Morpheus Install

Step 1 – Clone/download it from Morpheus GitHub Repository:

git clone

Step 2 – Configure Morpheus settings before running :

cd morpheus
nano settings

[detailed explanation]

Step 3  – Finally, run Morpheus framework:

chmod -R +x *.sh
chmod -R +x *.py
sudo ./
Documentation Box
Download Box
Tutorial Box

Check out another, very powerful MITM Attack Framework: BetterCAP.