File spoofing in HTTP traffic

    In addition to passively listening to traffic, MiTM attacks can provide more options, up to the execution of arbitrary code on the victim's side. At the same time, exploitation of vulnerabilities is not required, but only patience and suitable conditions are required. We are talking about file spoofing in HTTP traffic.


    During a MiTM attack, the attacker redirects the victim’s traffic through himself, in which case he can change the packets at his discretion. Thus, when requesting some kind of flashplayer.exe, we can substitute any other executable file (for example, regular bindshell code) and, after launching, we naturally get the ability to execute commands. In general, there is nothing special to paint here, everything is quite simple.

    The new version of Intercepter-NG has a functionality for replacing files, a demo video can be viewed below. Substitution is configured by adding rules that specify the required template, the number of times to run the rule, as well as the file to be substituted.
    As a template, you can simply specify the extension “.exe” or the file name “file123.exe” directly.
    If the specified text is present in the GET request, a substitution occurs.

    What's New:
    In version 0.9.4, in addition to file spoofing, ipv6 support has appeared. The speed of data processing has also been repeatedly increased.

    The console version has a raw mode.
    image

    Recently, the console version of Intercepter-NG has become part of the BackTrack distribution (apt-get install intercepter-ng).

    It was decided to abandon the readme file, all information on the project will be located on its own wiki page.


    Also popular now: