Search the Community
Showing results for tags 'http'.
Found 13 results
-
it´s possible to make a middle man attack in our proxy, i mean, i want to make a proxy server on a raspberry pi 3, and get all data (like wireshark when sniffs), incluying https requests. my second question is, how to make the data get in my server (the rpi) without configuring the modem and the dmz, something like redirect the request with a external server and a client on the pi. my internet company change mi modem recently, and even so when i configure the dmz on it, and the portforwarding, the external connections don't get in, im looking for a alternative. (again, sorry for my bad english)
-
Hey all, I've got a problem with my python server. The Bash Bunny doesn't want to handle it forever, so it seems to stop handling after about 5 seconds (or shutting it down, can't tell which). The exact same code works locally on my computer (python script that runs a simple SocketServer), and it runs forever (using httpd.serve_forever()), however the BB doesn't want to run it forever. Any ideas why the BB stops handling? EDIT: Just for those that are interested, the browser error says "Site cannot be reached; connection was reset (ERR_CONNECTION_RESET)".
-
I was just uploading files to drive and I was a little annoyed that my entire upload stopped to ask if I wanted to overwrite a duplicate file. The fact that firefox knows it's a duplicate file makes this a trivial point in programming. Since it knows the file is duplicate it should know what files are already on the server. If the file you are uploading is duplicate it should wait until the end to ask what you want to do with the file and upload the unique files first that way the entire download isn't stalled until you manually click the dialogue box asking if you want to overwrite the file or skip it. Just skip the file until the end of the upload. If you don't click the dialogue box within X seconds it just defaults to only uploading the unique files. I should code this option into a browser object and make it work just as an example. I'm just not really sure where to look for conditional http request. Anybody know of an arcane network programming book that covers topics like this? Better yet is there an implementation of this already somewhere that I can borrow code base from? Anyway what do you guys thing about this idea? -
Hi all. I as wondering if there is a way to force http while the website requires https. For example: I am using my Tetra. There are clients connected to it. One of the clients visit https://www.domain.com The tetra delivers http://www.domain.com Same if the client click on a link the Tetra will deliver http://www.domain.com/link Many tanks
-
Hi, I m new to pentesting. I have got my pineapple nano last month. i have been learning by watching tutorials available on internet since then. Most of the material available is related to the nano's predecessors. And i have found that some of them dont work anymore or i m not being guided appropriately. Modules like SSLsplit, DNSspoof, DNSMasq Spoof, Evil portal etc dont seem to work anymore. Like SSLsplit and DNSMasq dont seem to work in case of https sites. On browsers like chrome, firefox etc. the sites like facebook, gmail, etc. dont even open when i try to dnsspoof, and secondly the data is still encrypted after using sslsplit. Infact we just cant open the site without https. So i needed to know that after the implementation of HSTS, have these modules become completely useless??? or is there some way around using them? P.S. I m a newbie so please guide me thoroughly.. :)
-
I am trying to exploit the common joomla CMS application. Here is some info on the exploit. https://www.rapid7.com/db/modules/exploit/multi/http/joomla_http_header_rce To use the exploit in msfconsole type : use exploit/multi/http/joomla_http_header_rce So here comes my question. In the options for the exploit comes my problem show options ###output below### Name Current Setting Required Description ---- --------------- -------- ----------- HEADER USER-AGENT yes The header to use for exploitation (Accepted: USER-AGENT, X-FORWARDED-FOR) Proxies no A proxy chain of format type:host:port[,type:host:port][...] RHOST 1.2.3.4 yes The target address RPORT 80 yes The target port SSL false no Negotiate SSL/TLS for outgoing connections TARGETURI / yes The base path to the Joomla application VHOST no HTTP server virtual host My problem is the VHOST setting.I do under stand what virtual host is( I think it is when one ip is used to host multiple domain names) Imagine this scenario: target website running joomla is http://www.joomla-target.com/joomla/ on port 80 domain is hosted on 1.2.3.4 but 1.2.3.4:80 is not the same as http://www.joomla-target.com:80 (<--my virtual host understanding) I hope you have understood the scenario: So what will be the options for RHOST TARGETURI VHOST RPORT Please help. Thanks in advance.
-
hiii i have make some fake pages for known pages like Facebook etc i have also install dnsmasq in Kali and setup Apache server and every thing is okay now when the victim visit Facebook in chrome for example it will told him that this is unsecured cuz of https is there any way or tools in Kali to avoid that or any other thing would be greet thanks :)
-
Hey everyone I need serious help with that What I'm looking for : i want to all advance hidden anonymity options in backtrack ("hide my privacy 99%") So What are their? I have some options about that. > spoof mac > spoof ip > spoof ttl values > spoof http header > spoof dhcp > use live cd > use rdp > use proxy exactly I want to more hidden method to hide my id. (out of my list) anyone help me? I always searching about that. now i am really tired. I'm not a very good English writer : help me...
-
Hey guys, Sorry if i put this in the wrong category. I'm trying to use ssl strip + arp spoofing. I do exact the same like on every tutorial. But once everything is done, my victim has no internet. He can't load the page! If i just arp spoof my target, use something like urlsnarf. Everything works fine... Can someone please help me, i'm searching a while for a solution. By the way, sorry for my bad english. :(
-
Hey guys, I've just covered HTTP Strict Transport Security (HSTS) and how it helps to improve web security. Any feedback on the blog or input anyone has would be much welcomed. Check it out here: http://scotthel.me/hsts Scott.
-
Hi, I'm building a wireless hotspot system, that works exactly the same as the type of systems you would find in most hotels. I'm sure most people will have come across these, so will have a pretty good idea of what I'm talking about. The way I would like to handle authentication is using a remote web server which hosts the site that people use to authenticate, as well as a database to keep track of everything. The remote site needs to know the MAC address of the client that is trying to authenticate. I have tried several methods of easily communicating the client MAC address, along with some other information, however the method that I would like to try to get working is as follows: whenever a client makes a request to the domain "auth.example.net" the webserver will check with ARP to get the MAC address of the client, and modify the HTTP header to add their MAC Address as a POST variable. The above setup is what I would like to achieve, however have not been able to find much information relating to this. I have tried setting up a Apache/HTTPD server on the local network, which uses PHP and cURL to request pages from the remote server, add the MAC address as a POST variable, and display the page to the user, however I ran into problems with this. If anyone has any ideas as to how I would achieve the above, that would be great, Thank you P.S. I'm running Arch Linux ARM, and the servers would be communicating over a secure connection.
-
I want to mirror a site on my hd. The application or script must d/l the entire site, including java scripts and gifs - x levels from the specified URL. I don't know of any for nix that can covert the d/l into M$'s .chm and similar formats. Any recommendations?
-
Hey-row there HAK5... I was just doing a little cataloging when I came across MINIHTTP protocol. I know/knew very little about MINIHTTP until I did some engine spelunking. I found articles on MINIHTTP and that they are used in Servers for low-medium traffic. This website looks as if it is from the late 90's and does not have any type of updates. Should this big, bad, wolf, huff, puff, and see what I can find? db_nmap --min-hostgroup 96 -p 1-65535 -n -T4 -A -v 68.72.*.* (my cookie!) If anyone would like to help describe the MINI_HTTP protocol... maybe we can huff and puff that IP...
