Jump to content

Problem with realtime EXE replacement

DarkPringles

By DarkPringles
in WiFi Pineapple Mark V

 Share

Recommended Posts

DarkPringles Newbie

DarkPringles

Posted
  • Author
Posted

In my proxy, I make sure that the length is recalculated on injection.

In regards to ettercap, I genuinely do not know, I haven't got too much experience, but I would expect it does. I'll take a look at the source this weekend.

I am expecting to launch my proxy by the end of the month / start of next month.

Best,

Sebkinne

very cool. i will be waiting and stop my work on ettercap custom filters.

Link to comment
Share on other sites
whitenoise Newbie

whitenoise

Posted
Posted

From my experience, I remember swapping data with ettercap, if the string size was larger then the original then the clients browser wwould not always provide the correct amount of data, for example the page source may be missing at the end </HTML>

replace(12345, 1234567)

Page may be missing L>

</HTM

Makes sense as the HTML source code probably comes in several packets. If you are able to choose what to replace you could search for comments (i.e. with regular expression), cut them out, inject your code and fill it up until the original size is restored. This might be a little workaround without making too much damage to the website itself.

Link to comment
Share on other sites
i8igmac Newbie

i8igmac

Posted
Posted (edited)

Makes sense as the HTML source code probably comes in several packets. If you are able to choose what to replace you could search for comments (i.e. with regular expression), cut them out, inject your code and fill it up until the original size is restored. This might be a little workaround without making too much damage to the website itself.

I do remember doing exactly what u said... but I feel that all the problems you will find, there is a cleaner way to handle this...

Its all about success rate... lets say ettercap fails 30% of the time to provide clean content modification, a small proxy will get you closer to 95% successful and clean content (my testing years ago)

Edited by i8igmac
Link to comment
Share on other sites
  • 1 month later...
DarkPringles Newbie

DarkPringles

Posted
  • Author
Posted (edited)

In my proxy, I make sure that the length is recalculated on injection.

In regards to ettercap, I genuinely do not know, I haven't got too much experience, but I would expect it does. I'll take a look at the source this weekend.

I am expecting to launch my proxy by the end of the month / start of next month.

Best,

Sebkinne

any updates on this topic?

btw: realtime file download replacement is now integrated in zANTI2 App for Andriod (replacement for dSploit)

Link: https://www.zimperium.com/zanti-mobile-penetration-testing

Edited by darkpringles
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...