How To: Inject Payload into Softwares via HTTP

Inject Payload into Softwares via HTTP

How to Inject Payload into Softwares via HTTP

Hi, this is a quick demo about how to backdoor executables (software) sent over HTTP using MITMF, backdoor factory
This attack works on LAN
REQUIREMENTS:
-Kali Linux or any Linux OS
-Wireless USB Adapter e.g. (TL-WN722N)
-MITMf (man-in-the-middle framework) https://github.com/byt3bl33d3r/MITMf
-MSFconsole or Armitage
LAN network, same as the target/victim
ATTACK SCENARIO:
Machine A-victim
Machine B-attacker

A situation where machine A wants to download a software for example winrar, the victim goes through google and lands on the page (http://www.win-rar.com/download.html?&L=0) the attacker is already waiting to inject payload into binaries served over (HTTP)

This attack is possible because a lot of tool websites still serve binaries via non-SSL/TLS means.

8 Comments

Darn it, I was going to make a tutorial on this. It's in my drafts. ;)

Thanks for sharing. It's truly a wonderful attack.
But next time, could you not just copy and paste the description of the video? Thanks.

I'd like to read that, I'm not really into video tutorials (I've been trying to follow a course on Cybrary and it's being a nightmare)

Yeah, almost done. Just got to fix the kinks. ;)

Why does this have downvotes? the video is pretty nice and just explains about anything you need to do to perform the attack...

Because he just pasted the description of the video in the post.

Didn't know it is a crime to copy n paste from the video I created myself. My apology

There's rules on this. "This includes copying your YouTube video descriptions."

Nice tutorial, thanks Geek.

Share Your Thoughts

  • Hot
  • Latest