How to Enable real Bridge mode for UPC Cisco EPC-3925 with HTML Injection

A.K.A. Public (and probably static) IP address for residential UPC customers.

I have a huge bandwidth internet connection, so why don’t let my friends download or upload files to my house, it makes feel us closer, it’s funny to share things, it can be actually useful in some cases.

I live in the Netherlands and here are several companies which offer different internet connections, but the common element is that houses are built with fiber channel in mind, differently from Italy, that’s why we have actually 50Mbit in download and 4Mbit in upload. For this reason I want to try to discover, for example, whether the ip address is a static one (still the same in two months) and other funny things.
So the first thing to do is to check if the router distributed by UPC can actually act as a bridge so I can manage myself all incoming connections having a public ip address. Also I have a spare Cisco E2000 with dd-wrt that eventually can assume the public ip while the cisco turns in a simple bridge.

And.. yes it can be done, but you have to trick your UPC router administrative webpage html content by simply injecting some new html code in the page, to do this you should use an advanced debugging capabilities browser like Mozilla Firefox with Firebug or Google Chrome with Developer tools. Take a look at this post for further explanation about client side html injection technique. So it stands to you, at the end if you are here you already know about networking, so I suppose you know what “client-side html injection” means. So, at the end if you can’t find a way out, at worst you can save the source html of your cisco page (we will see which page soon) on your desktop, add your code, save and then run the page in your browser right after having established an authenticated session with your router web server, thus when you will submit your modified html page form to the server side, it will believe it is a legitimate posted value on an already established http connection (that’s why you should login right before execute the wizardry, since then you have 20 minutes, i think).

We should start saying that normally, if you buy this router, it would come with such an option, but UPC delivers the router with a custom firmware, in order to hide also things like the “bridge mode” option in the administrative panel, and who knows what else. This means that we could possibly update the router firmware, but I cannot risk to stay more that one minute without internet connection so I won’t go further on this.


    1. Log in to your Cisco EPC-3925
    2. Click on “Administration” on the top menu bar
    3. Select the first tab under the menu bar, the one called “Management”
    4. In the first section (“Management”) is where we are going to inject our new drop down menu or HTML Select.
    5. Take a look at the image below I just found one that is perfect, look at the bottom part of the browser: that is the part which let us inject our code.

      A screenshot of the cisco epc-3925 web interface
      This is not my router web page screen shot, it is an image I found on the net that perfectly shows what is described here
    6. Code to inject:
<!-- working mode -->
<div id="WorkingMode">
<table class="std">
    <td nowrap width="95">
        <script language="javascript" type="text/javascript">
        <select name="working_mode" size="1" id="working_mode" onchange="selectWorkingMode()"> 
            <option name="router" value=0><script language="javascript" type="text/javascript">dw(vbencap4);</script>
            <option name="bridged" value=1><script language="javascript" type="text/javascript">dw(vbencap5);</script>
  • Select the bridge mode from the new drop-down menu.
  • Before you save you should know that until you configure another router, the first machine which connects with the router will get a public ip address and will be directly on the internet, thanks, obviously to the bridged mode.
  • Another thing you should know before saving is that you are going to set-up a new subnet with the second router (in my case the e-2000 with dd-wrt), so watch your addresses groups / subnets, because if, as predictable, you will not change the internal subnet you will be probably unable to reconnect back to your bridge administrative web interface.
  • Configure your second router, remember, it will have the public internet connection IP address.


Good luck, should you find yourself in troubles, leave a comment, although I seriously doubt that you can leave comments without a working router 😉 

(Visited 66,772 times, 1 visits today)

Author: Giuseppe Urso

Giuseppe lives in Haarlem now with his shiny dog, Filippa In 1982 received his first home computer, a Commodore 64, followed by Datasette and a 1541 Floppy Disk Drive. In 1999 he installed his first Linux distro (LRH6). In 2006 he switched to Debian as favourite OS. Giuseppe Urso actively sustains the Free Software Fundation and his founder Richard Mattew Stallman, he speaks to people trying to convince them to join the fight now, and about how important is to use Free Software only. He has a job as Infra Specialist at Hippo Enterprise Java Cms an Open Source Enterprise class Content Management System, one of the coolest company ever, in Amsterdam. He's always ready to install Debian on other people computers for free.

17 thoughts on “How to Enable real Bridge mode for UPC Cisco EPC-3925 with HTML Injection”

  1. Hi i got this modem and my admin menu look same like on this pic u gave .

    Ok my problem is that i cant change my internet ip (external) heard that it could be changed after editing mac address. Did not help also in the panel “status” i cant edit anything what i want to change exactly is my Internet IP address which is shown in “status”-> SO please some help me with changing it cos some1 have got my IP and is pinging up my connection. SOrry for my english skills

    Yours Andy

    1. Hi Andy,
      i see, but i think that changing your public ip address could be harder than expected, or surprisingly easy, let me explain better.
      If you have this very modem, your internet connection is running over a residential connection excluding the possibility that you have an Autonomous System Number (that is the only way to change your ip choosing within the assigned ones class(es)).
      So what you want to do actually is to trick the router on the other side in order to think that you are no longer you but someone else, getting a new ip at dhcp request time. You’re right: this is the only way to get a new ip address.
      It could work, even without changing the ip address, just disconnect for a while, if you did already, disconnect for a longer time (when you go to bed or to work). Even if you change your mac (see below), if you reconnect too fast you will get back your ip because is the “closest free“)If This last is the only effective way to change your public ip address whitout having an autonomous system. Also you will stop answering to ping for a long period.
      Obviously the only mac address which changing it would make any sense, is the one on the internet port of the modem: changing the mac address of a client pc will not sort any effect. But i don’t think this epc3925 can actually do this. So this path is not advisable.
      This said, I would suggest you do a little investigation on this ping, you don’t have to change your ip address each time someone is bothering. You can manage to stop answering to these icmp packets, also you can whois the ip address so you can call them on the phone or send them an email. (this doesn’t mean they will answer, see my experience with and dns poison in the north west of the russian federation).
      Let me know how it goes. Or if you need other infos.

  2. Well i have tried everything already changing my mac’s, turning epc3925 for like 24h….

    Ohh btw funny thing listen f have got x2 laptops so what i did was. I plugged the other one thru cable into that modem/router also turned off my main laptop .Then did the hard reset on epc~. Then plugged both online an they had the same IP’S ( i could even make a pic of it!)

    So please do explain me step by step how do i stop this guy from pinging my connection “ICMP packets”

    Also i will try to do the research on my own. And

    Thank you a lot for really fast reply!
    Yours Andy

    1. Hello Andy, may i ask you how did you realized that someone is bugging you with ping?
      I mean, the only way to achieve this is to create a dmz so your modem will redirect any incoming connection to the dmz host(s), then you can see this.
      your modem is acting as BRIDGE and this mean that it will forward the public ip address to the very first(s) machine which ask for dhcp on the net.
      In other words: check the working mode of your modem (there are Router and Bridge), switch to Router. I bet it is working as bridge, but if i’m wrong, check for a dmz zone if any.
      This because if you manage to get back to the router mode, you will be able to setup a minimum firewall (if i remember well), also ping should cease.
      But let me know how did you notice that someone is pinging you.

  3. I used to talk with this guy on Ventrilo (during playin some game) and he had an admin so he could see everyones ips in serv log , also he told me that hes doing it

    Also router is set on = Router mode all the time, i switched to bridge once.

    SO how do we stop these packets?

  4. Also I set up this firewall in router on maximum
    SPI Firewall Protection: High
    IPv6 Firewall Protection: On
    Block fragmented IP packets; On
    Block Port Scan Detection: On
    IP Flood Detection: On
    Block Anonymous Internet Requests : On
    IPSec Passthrough: enabled
    PPTP Passthrough: enabled

    1. Hi Andy, i still can’t get how this guy can remotely check your home connection ip address from the outside.
      This is (should) not possibe to me.
      You can’t stop someone pinging you, you just can stop answering to ICMP packets.

  5. I have done it , IT IS BLOCKeD!!!!!!!!! thank you Giuseppe you helped more than you know tellin me about blockin this icmp packets Inbound Rules>New Rule>Custom Rule>All Programs>Protocol type: ICMPv4 (then click customize at the bottom)>Specific ICMP types: (tick ‘Echo Request’) (click OK)>Choose your IP settings>Block Connection>Apply to Domain/Private/Public>Finish.

    Regards !!
    Yours Andy

  6. My website is down as I have a new UPC NL Cisco EPC 3925 modem and I can’t enable Bridge mode 😉

    Got the HTML injection in Opera and FireFox/FireBug, but getting a 403 black page error.

    Any tips?

    Model: Cisco EPC3925
    Vendor: Cisco
    Hardware Revision: 1.0
    Bootloader Revision: 2.3.0_R1
    Current Software Revision: epc3925-ESIP-12-v302r125572-130301c_upc
    Firmware Name: epc3925-ESIP-12-v302r125572-130301c_upc.bin
    Firmware Build Time: Mar 1 10:33:18 2013
    Cable Modem Status: Operational
    Wireless Network: Disable

    1. Hi, sorry if I’m late. I would take a look to what’s wrong with the web server response 403. some missing double quote in the form variable value could make a very long string (until, at least, the next double quote). Check html form.

Leave a Reply

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.