How to Inject Payload into Softwares via HTTP

Jun 21, 2015 05:02 PM

Text editor displaying network attack instructions.

Hi, this is a quick demo about how to backdoor executables (software) sent over HTTP using MITMF, backdoor factory

This attack works on LAN

REQUIREMENTS:

-Kali Linux or any Linux OS

-Wireless USB Adapter e.g. (TL-WN722N)

-MITMf (man-in-the-middle framework) https://github.com/byt3bl33d3r/MITMf

-MSFconsole or Armitage

LAN network, same as the target/victim

ATTACK SCENARIO:

Machine A-victim

Machine B-attacker

A situation where machine A wants to download a software for example winrar, the victim goes through google and lands on the page (http://www.win-rar.com/download.html?&L=0) the attacker is already waiting to inject payload into binaries served over (HTTP)

This attack is possible because a lot of tool websites still serve binaries via non-SSL/TLS means.

You already know how to use your phone. With Gadget Hacks' newsletter, we'll show you how to master it. Each week, we explore features, hidden tools, and advanced settings that give you more control over iOS and Android than most users even know exists.