Home

Awesome

MITMProxy_PWNage

MITMProxy_PWNage_gif

About

  1. The Fun Way for messing with friends, PWNing, etc.

    • Involves ARP poisoning and running MITMProxy to view and manipulate your targets' HTTP & HTTPS traffic.
  2. The Conservative Way for development, testing, etc.

    • Involves running MITMProxy locally with Firefox proxy settings manually set in Firefox. Tested on Ubuntu 18.04.

The Fun Way

Virtual Network Setup

auto lo
iface lo inet loopback 

auto enp0s3
 iface enp0s3 inet static
   address 10.0.2.3
   netmask 255.255.255.0
   gateway 10.0.2.1
   dns-nameservers 8.8.8.8
auto lo
iface lo inet loopback 

auto eth0
 iface eth0 inet static
   address 10.0.2.5
   netmask 255.255.255.0
   gateway 10.0.2.1
   dns-nameservers 8.8.8.8
sudo systemctl restart networking.service

Ettercap Setup (on Attack VM)

IP Forwarding

sudo iptables -t nat -A PREROUTING -i enp0s3 -p tcp --dport 80 -j REDIRECT --to-port 8080
sudo iptables -t nat -A PREROUTING -i enp0s3 -p tcp --dport 443 -j REDIRECT --to-port 8080

MITMProxy + injector.py Plugin

Running

The Conservative Way

Setting up Firefox

Method 1 - Manual setup

Method 2 - Run the install.sh script

MITMProxy + injector.py Plugin

Running

Injector.py

Edit the params inside of the script to get desired result

  1. URL
    • a FQDN or something as simple as "example" or "/stuff"
    • if left empty it will accept any domain
  2. SEARCH
    • Must be TAGS or ANY
    • TAGS finds and replaces text in specified HTML tags
    • ANY finds and replaces any text in the response that matches the regex
  3. REGEX
    • For TAGS the regex has to be for HTML tags
      • ex) "h1" or "h1|p" or "h1|p|title"
    • For ANY the regex can be for literally anything that regex can handle
      • ex) "Bacon" or "(\w+@\w+)|Search" or "^\w+@[a-zA-Z_]+?.[a-zA-Z]{2,3}$ "
  4. INJECT
    • whatever you want to replace the found text with
      • ex) "Str8 Pwn3d" or "Neato Burrito"

Working Examples:

URL         =   "example"
SEARCH      =   "TAGS"
REGEX       =   "h1|p"
INJECT      =   "Str8 hack3d"
URL         =   "google"
SEARCH      =   "ANY"
REGEX       =   "Lucky|Google"
INJECT      =   "Hack3d"

Our Team

Acknowledgements