jxg975 Posted December 14, 2015 Share Posted December 14, 2015 Hi all! hopefully this hasn't been posted anywhere else... I wanted to see if anyone could help me with an issue. here's the scenario: I have a "victim" box (windows 7) that I want to MITM using arpspoof. From there, the MITM machine (kali) will redirect any incoming HTTP connections on port 80 to another server in the cloud (VPS) which is hosting a transparent proxy to backdoor any exe's that pass through it. The idea is that I have a drop box on a lan, MITM the victim machine. The victim then browses to the web to download putty. during this, the victim is passing all the traffic through my drop box (kali) which is redirecting the victim to the VPS in the cloud, which then re-redirects him to whatever site (in this case, putty). I can't seem to find any good way to force an incoming connection on port 80 to redirect a user to the VPS on another IP and port...I've tried SSH Local port forwarding, Netcat relays, and iptables. I wanted to know if anyone out there has had any success on this... Image! [VICTIM Machine] --> [[MITM machine (kali)]] --> (router) ------------->INTERNET! ------->[VPS....which then forwads to original website] -------> (Putty.com or whatever) Victim browses to putty.com, the MITM machine redirects to my VPS in the cloud, the VPS has PEinjector (great tool, look it up!) which acts as a transparent proxy, which then forwards the connection to putty.com Any thoughts/help/hints/etc will help! Thanks Quote Link to comment Share on other sites More sharing options...
cooper Posted December 14, 2015 Share Posted December 14, 2015 If the protocol which your victim requests is HTTPS moving any traffic to port 80 won't automagically decrypt the connection. You could MITM the connection, but all you'd see is the encrypted traffic between the victim and the end point. It would be impossible to discover where in the data stream the exe is and even more impossible to alter the datastream such that you could inject a payload into the exe. Start with putting calc.exe on some http website and try to get that working, then move on to 'real' stuff. Quote Link to comment Share on other sites More sharing options...
jxg975 Posted December 14, 2015 Author Share Posted December 14, 2015 Yea, i just wanted to get HTTP data, not HTTPS. But i'll start with that. Thanks! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.