How to Inject Payload into Softwares via HTTP

Hi, this is a quick demo about how to backdoor executables (software) sent over HTTP using MITMF, backdoor factory

This attack works on LAN

REQUIREMENTS:

-Kali Linux or any Linux OS

-Wireless USB Adapter e.g. (TL-WN722N)

-MITMf (man-in-the-middle framework) https://github.com/byt3bl33d3r/MITMf

-MSFconsole or Armitage

LAN network, same as the target/victim

ATTACK SCENARIO:

Machine A-victim

Machine B-attacker

A situation where machine A wants to download a software for example winrar, the victim goes through google and lands on the page (http://www.win-rar.com/download.html?&L=0) the attacker is already waiting to inject payload into binaries served over (HTTP)

This attack is possible because a lot of tool websites still serve binaries via non-SSL/TLS means.