Skip to content

VHackenstance/replace_download

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

15 Commits
.idea
.idea
 
 
Utilities
Utilities
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
main.py
main.py
 
 

Repository files navigation

REPLACE DOWNLOAD

Intercept Target download and replace it with Spoof file.

Unable to get this working with OWASP Juice Shop Locally http://localhost:3000/

Basic Stuff:

Tested and works so far with OWASP Juice Shop online
http://demo.owasp-juice.shop/ftp/quarantine
When it is not broken lol. Because, let us be clear. This is the only http site, I could find, which allows you to test downloads. Due to this and many other reasons, it is often broken.

Testing in General

Why test locally when you can straight up just test on Remote VM, on your lab.
Cover two birds with one stone did this here and much easier.

  1. Enable port forwarding (1) just in case you want to remote.
    It doesn't seem to make a difference.
  2. Set ALL iptables - INPUT, OUTPUT, FORWARD.
    There is not conflict local vs remote.
  3. This only works with arp_spoof.py, which sets you onPath.
    Or, PitM (Person in the Middle) hehe.
  4. Flush ip_tables when your finished.
    But I sometimes just leave them running, this is my attack machine.
    And it's a VM after all.
  5. Start webserver locally: service apache2 start
  6. Webroot:Location of where webfiles are stored:
    /var/www/html/

List of HTTP Status codes:

We want to use 301 - moved permanently - to tell our response packet it is being redirected.

Run on a remote computer

About

7. Target selects a download link. Substitute this for our own download. HTTP only currently.

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages