HTTPS: Problem: Data in HTTP is sent as plain text. A MITM can read and edit requests and responses. -> not secure Solution: Use HTTPS. HTTPS is an adaptation of HTTP. Encrypt HTTP using TLS(Transport Layer Security) or SSL(Secure Sockets Layer). ARP…

Injecting Code in HTTPS Pages: #!/usr/bin/env python import re from netfilterqueue import NetfilterQueue from scapy.layers.inet import TCP, IP from scapy.packet import Raw def set_load(packet, load): packet[Raw].load = load del packet[IP].len del pac…

MAC ADDRESS Media Access Control Permanent Physical Unique Assigned by manufacturer WHY CHANGE THE MAC ADDRESS 1.Increase anonymity 2.Impersonate other devices 3.Bypass filters Change the MAC Address manually. ifconfig ifconfig eth0 down ifconfig eth…

NETWORK_SCANNER Discover all devices on the network. Display their IP address. Display their MAC address. Write the Python code using the scapy.all module. Refer to: https://scapy.readthedocs.io/en/latest/installation.html #!/usr/bin/env python impor…

SIMPLE ALGORITHM Goal  -> Check if MAC address was changed. Steps: 1. Execute and read ifconfig. 2. Read the mac address from the output. 3. Check if MAC in ifconfig is what the user requested. 4. Print appropriate message. To find the MAC address, w…

The Lab and Needed Software Attacker Machine - Kali Linux https://www.kali.org/ 1. Install the software terminator, which is very useful for multi-tasks: apt-get install terminator 2. Download, extract and copy the Python IDE - PyCharm to the folder…

MODIFYING DATA IN HTTP LAYER Edit requests/responses. Replace download requests. Inject code(html/Javascript) Analyzing HTTP Responses #!/usr/bin/env python from netfilterqueue import NetfilterQueue from scapy.layers.inet import IP, TCP from scapy.pa…

MODIFYING DATA IN HTTP LAYER Edit requests/responses. Replace download requests. Inject code(html/Javascript) Modifying HTTP Requests on the Fly: #!/usr/bin/env python from netfilterqueue import NetfilterQueue from scapy.layers.inet import IP, TCP fr…

What is DNS Spoofing Sniff the DNSRR packet and show on the terminal. #!/usr/bin/env python from netfilterqueue import NetfilterQueue from scapy.layers.dns import DNSRR,IP def process_packet(packet): scapy_packet = IP(packet.get_payload()) if scapy_p…

INTERCEPTING & MODIFYING PACKETS Scapy can be used to: Create packets. Analyze packets. Send/receive packets. But it can't be used to intercept packets/flows. CLASSIC MITM SCENARIO  MITM - SNIFFING DATA  MITM - MODIFYING DATA 1. Execute the command -…

Convert Python Programs to OS X Executables https://files.pythonhosted.org/packages/4a/08/6ca123073af4ebc4c5488a5bc8a010ac57aa39ce4d3c8a931ad504de4185/pip-19.3-py2.py3-none-any.whl Install the pyinstaller on OS X. pip3 install pyinstaller Modify the…

Adding Icons to Generated Executables Prepare a proper icon file. https://www.iconfinder.com/ Convert the downloaded png file to an icon file. https://www.easyicon.net/language.en/covert/ Convert the Python program to Windows executable -  adding the…

PACKAGING Convert python program into an executable that: Packages all program files into a single executable. Works without a python interpreter. Get executed when double-clicked. For best results package the program from the same OS as the target.…

Cross-platform hacking All programs we wrote are pure python programs They do not rely on OS-specific resources. Result: They work on any OS with a python interpreter. If packaged, they will work on any OS if even if python is NOT installed.…

DOWNLOAD_FILE Download files on a system. Once packaged properly will work on all operating systems. Simple but powerfull. Can be used in many situations: download _file + execute_command = download_and_execute download_file + execute_and_report = do…

Typical Network ARP Spoofing Why ARP Spoofing is possible: 1. Clients accept responses even if they did not send a request. 2. Clients trust response without any form of verification. 1. Run the following command on the victim - Windows 10 Machine. a…

DICTIONARIES Similar to lists but use key instead of an index. LISTS List of values/elements, all can be stored in one variable. Improving the Program Using a List of Dictionaries: #!/usr/bin/env python import scapy.all as scapy def scan(ip): arp_req…

FUNCTIONS Set of instructions to carry out a task. Can take input, and return a result. Make the code clearer, reusable, and more abstract. input() function prompts the user to enter the value. Rewrite the Python script using the function style. #!/u…

What is Hacking? Gaining unauthorized access. Hackers? 1.Black-hat Hackers 2.White-hat Hackers 3.Grey-hat Hackers WHAT IS A PROGRAM? A set of instructions to do a certain task or solve a problem.…

Automatically Discovering Vulnerabilities Using the Vulnerability Scanner 1. Modify the run_scanner method in the scanner class. #!/usr/bin/env python import requests import re from bs4 import BeautifulSoup from urllib.parse import urljoin class Scan…

Implementing Code To Discover XSS in Parameters 1. Watch the URL of the XSS reflected page carefully. 2. Add the  test_xss_in_link method in the Scanner class. #!/usr/bin/env python import requests import re from bs4 import BeautifulSoup from urllib.…

VULNERABILITY_SCANNER How to discover a vulnerability in a web application? 1. Go into every possible page. 2. Look for ways to send data to the web application(URL + Forms). 3. Send payloads to discover vulnerabilities. 4. Analyze the response to ch…

Browser Exploitation Framework. Allows us to launch a number of attacks on a hooked target. Targets are hooked once they load Javascript code. Hook code can be placed in an HTML page and share it with a target. Or host page online and send URL to tar…

Recalculating Content-Length: #!/usr/bin/env python import re from netfilterqueue import NetfilterQueue from scapy.layers.inet import TCP, IP from scapy.packet import Raw def set_load(packet, load): packet[Raw].load = load del packet[IP].len del pack…

 Capturing passwords from any computer connected to the same network.  ARP_SPOOF + PACKET_SNIFFER Target a computer on the same network. arp_spoof to redirect the flow of packets(become MITM) Packet_sniffer to see URLs, usernames, and passwords sent…

PACKET_SNIFFER Capture data flowing through an interface. Filter this data. Display Interesting information such as: Login info(username&password). Visited websites. Images. ...etc PACKET_SNIFFER CAPTURE & FILTER DATA scapy has a sniffer function.…

WHAT IS A WEBSITE Computer with OS and some servers. Apache, MySQL ...etc. Cotains web application. PHP, Python ...etc. Web application is executed here and not on the client's machine. How to hack a website? An application installed on a computer. -…

Converting Python Programs to Linux Executables Note: You can not execute the program on Linux by double click. Install the PyInstaller. pip3 install PyInstaller Covert the Python Program to Linux executable. pyinstaller --onefile --noconsole reverse…

BYPASSING ANTI-VIRUS PROGRAMS AV programs detect viruses based on: 1. Code - compare files to huge databases of signatures. ->Use own code, obfuscation, useless operations, encode, pack ...etc 2. Behaviour - run a file in a sandbox and analyze it. ->…

DOWNLOAD & EXECUTE PAYLOAD A generic executable that downloads & executes files. Disadvantages: User needs internet connection. Files have to be uploaded and accessible via a direct URL. PACKAGING - CREATING TROJANS Package front file with evil fi…