How To: Inject Payload into Softwares via HTTP

Inject Payload into Softwares via HTTP

Hi, this is a quick demo about how to backdoor executables (software) sent over HTTP using MITMF, backdoor factory
This attack works on LAN
REQUIREMENTS:
-Kali Linux or any Linux OS
-Wireless USB Adapter e.g. (TL-WN722N)
-MITMf (man-in-the-middle framework) https://github.com/byt3bl33d3r/MITMf
-MSFconsole or Armitage
LAN network, same as the target/victim
ATTACK SCENARIO:
Machine A-victim
Machine B-attacker

A situation where machine A wants to download a software for example winrar, the victim goes through google and lands on the page (http://www.win-rar.com/download.html?&L=0) the attacker is already waiting to inject payload into binaries served over (HTTP)

This attack is possible because a lot of tool websites still serve binaries via non-SSL/TLS means.

Want to help support Null Byte and start making your own money as a white hat hacker? Jump start your White-Hat Hacking career with our 2020 Premium Ethical Hacking Certification Training Bundle from the new Null Byte Shop and get over 60 hours of training from Ethical Hacking Professionals.

Buy Now (96% off) >

Our Best Hacking & Security Guides

New Null Byte posts — delivered straight to your inbox.

8 Comments

Darn it, I was going to make a tutorial on this. It's in my drafts. ;)

Thanks for sharing. It's truly a wonderful attack.
But next time, could you not just copy and paste the description of the video? Thanks.

I'd like to read that, I'm not really into video tutorials (I've been trying to follow a course on Cybrary and it's being a nightmare)

Yeah, almost done. Just got to fix the kinks. ;)

Why does this have downvotes? the video is pretty nice and just explains about anything you need to do to perform the attack...

Because he just pasted the description of the video in the post.

Didn't know it is a crime to copy n paste from the video I created myself. My apology

There's rules on this. "This includes copying your YouTube video descriptions."

Nice tutorial, thanks Geek.

Share Your Thoughts

  • Hot
  • Latest