In Chapter 2, Sniffing and Spoofing, we explored custom filters in Ettercap to manipulate traffic on the fly. The possibilities are exciting: redirecting traffic to capture credentials; manipulating POST messages; even the possibility of delivering executables. BetterCAP, however, can do this with its powerful built-in proxy, and we can finely control this functionality with Ruby modules. In this exercise, we're going to prepare a malicious executable for a Windows target and call it setup.exe. We'll then set up a man-in-the-middle proxy attack that will intercept an HTTP request for an installer and invisibly replace the downloaded binary with ours. We'll be covering these concepts and tools in more detail later on in the book, so consider this an introduction to the power of custom modules in advanced man-in-the-middle attacks.