Jump to content

Modify http results from sever as man in the middle


Geeksystem
 Share

Recommended Posts

Hi,

i just have a few thoughts and would like to hear from you what you think about it.

let's say we are man in the middle with a Packet Squirrel, Lan Turtle or Pineapple.
Is there any possibility to modify the html results a user get ? Have never tested it and atm i have no idea but let us think we could.

I thought about modify a html result page so it redirects to a Root CA certificate from my Mitm device. If you name the device like "install to get secure website.crt" many users will accept it by a click. Especially if you install it on a major page like Google. So if the get SSLStriped to the Google page the result also gave back an iframe within the code which loads up the crt file. Which result in an popup of the browser. (This is important because the CA cert is dropped from a regular / non special webpage so the user think it's ok)

If the user accept my CA - it should be possible to have some kind of SSL Proxy running which always shows up a correct self CA signed cert for each page the user requests. In real i could do regular ssl requests to the real host the user requests. So for him it looks like he is connected to the correct signed ssl secured webpage and for the Page he requested it looks like i am the real user requesting it correctely with ssl.

This would not cause any problem if the webpage is SSL only and for the user it looks all good because he installed my root CA before.

Just an idea - as i am not aware for any solution like this i just want to talk about it and hear your thoughts.

Thanx,

Geeksystem

Edited by Geeksystem
Link to comment
Share on other sites

  • 3 months later...

I use iptables and what ever proxy mitm tool you like that is capable of modifying the data.

 

burpsuit is a good one because you have full control with a nice visual.

 

if you want to get into building your own proxy, there is a lot to learn with modifying http headers. One of my projects was replace all executable's with meterpreter.

(exe,zip,rar,msi, etc)

 

Most of these files still download over http. 

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...