Jump to content

Recommended Posts

Description: This is a basic implementation of a ruby HTTP proxy with the ability to inject arbitrary code into a web pages response. This allows for a multitude of attack vectors which will soon be released in my JasagerPwn script, but you can use your imagination and create your own vectors with this.

Some basic attack vectors you can play with (they will also be automated in my script): beef hook injection, java applet injection, browser/plugin exploit injection.

Feature Set:

  • Installer - Install the dependencies in order to run the ruby script.
  • Proxy Log Output - Displays the log standard output that is generated by Digininja's proxy script.
  • Attacker (single address) filter - Pretty self explanitory, this adds a '! -s attacker_ip' in the iptables rule so you do not inject code into your own browsing sessions.
  • Injection Code EDitor - Allows you to enter in any arbitrary code into the text editor. Note, if you have an attack running and modify this code - you need to restart the attack.
  • Auto Refresh
  • Enable/Disable and Logging in Small Tile


Screenshot (Interface):
codeinject_largetile.jpg

Screenshot (Basic Alert Pop-up):
alert_example.jpg

Edited by leg3nd
Link to post
Share on other sites

I submitted both this and my basic wireless script manager to the bar 2 days ago - should be available soon.

Link to post
Share on other sites

I was able to get it to start but then my pages would not load so i stopped it and restarted it and now it wont even start

Link to post
Share on other sites

start it, post the results of "iptables -S -t nat ; ps aux | grep ruby ; netstat -antp"

It should have a rule that redirects traffic from br-lan to port 8888. Note that I've only tested this with using an attached wireless card for ICS, but it should work for other configurations.

Link to post
Share on other sites
  • 1 month later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...