-
Bypass HSTS is based on hostnames. If a target already visited www.supersite.example, you can try to redirect the target to a similar domain which the browser never visited before and thus doesn’t has HSTS activated. Rewrite the Host HTTP header for your server you want to impersonate and add another character, e.g. wwww.supersite.example. You prepared…
-
SSLstrip works as proxy which replaces HTTPS references in HTTP, HTML, JS,.… responses with HTTP versions. Installation: SSLstrip is old. Create a venv and install an older version of twisted: venv/bin/pip install Twisted==18.9.0 Remove HTTPS references via MitM Scenario: You want that $target routes all HTTP traffic through your own system. Your system should remove each…
-
Namenskonfusion Datei ausliefern: echo -e "HTTP/1.1 200 OK\nContent-Length: 5\n\nHallo" | nc -l localhost 8000 Datei anfragen über SSL: echo -e "GET / HTTP/1.1\nHost: localhost\n\n" | ncat -C --ssl localhost 443 Gebe Ausgabe von Programm zurück: ncat -l localhost 3000 --exec /bin/date Datei direkt übertragen (unverschlüsselt!): 1. Empfänger: user@host02:~$ ncat -l > aha oder nc -nlvp 4444…
-
Sniffing and live content filtering. Operation modes: Unified: sniffs all packets from one interface. Packets for an attack host are ending here, but are directly forwarded after receiving Bridget: Forwards traffic from one interface to another. Absolutely secret because there is really no one “between the cable” Usage ettercap OPTIONS TARGET1 TARGET2 Targets are defined as MAC/IPv4s/IPv6s/PORT…
-
Analyses SSL https://github.com/nabla-c0d3/sslyze python ‑m sslyze –regular URL