How to Inject Payload into Softwares via HTTP

Jun 21, 2015 05:02 PM
635704776859812624.jpg

Hi, this is a quick demo about how to backdoor executables (software) sent over HTTP using MITMF, backdoor factory

This attack works on LAN

REQUIREMENTS:

-Kali Linux or any Linux OS

-Wireless USB Adapter e.g. (TL-WN722N)

-MITMf (man-in-the-middle framework) https://github.com/byt3bl33d3r/MITMf

-MSFconsole or Armitage

LAN network, same as the target/victim

ATTACK SCENARIO:

Machine A-victim

Machine B-attacker

A situation where machine A wants to download a software for example winrar, the victim goes through google and lands on the page (http://www.win-rar.com/download.html?&L=0) the attacker is already waiting to inject payload into binaries served over (HTTP)

This attack is possible because a lot of tool websites still serve binaries via non-SSL/TLS means.

Related Articles

637587411395252764.jpg

How to Perform Advanced Man-in-the-Middle Attacks with Xerosploit

635211718118959676.jpg

How to Get Unlimited Free Trials Using a "Real" Fake Credit Card Number

Comments

No Comments Exist

Be the first, drop a comment!