Viewing 8 posts - 1 through 8 (of 8 total)
  • Author
    Posts
  • #49434
    AvatarNikolajevZj
    Participant

    Hello,
    I’ve encountered a problem while using the code injector script shown in the lecture.Basicly the changes applied to the packet seem to make the browser refuse to aplly them,it throws me an http 400 error,saying that the request was malformed.I saw that zaid also had some “Bad request” errors in the terminal but in his case it worked perfectly.I was using bing.com to try injecting the code,I don’t know if it has something to do specifically with bing.the code didn’t work on vulnweb as well.Here are the screenshots of the errors:
    https://mega.nz/file/w8kmFSRS#N4LXTbPN5Rkm_z1YW8qvDZTu1A6CaTY3tVlTXbjr6Qw
    https://mega.nz/file/JkFBAQgA#s896qVyadqZxGMYlm2qD7ziksI_L3cUm3aDWjLkjk_Q
    https://mega.nz/file/h1NX3SZB#s_h0dX2ePgaPiOFCbNuN7p2E4k5ircEMqB5Tk8pOFRo
    Regards,

    #49473
    diegodiego
    Moderator

    Hi!
    Don’t use bing as it uses hsts protection now a days, try it with speedbit.com.

    Also can you share a screenshot of your code?

    Thanks!
    Diego

    #49592
    AvatarNikolajevZj
    Participant

    Hello,
    I couldn’t reach speedbit,i can’t access it now,even on the main computer.I tried the code on vulnweb,and it didn’t work so I suppose it wouldn’t work on speedbit,since the thing is they are http.Anyway here are the screenshots of the code:
    (This the reorganised code,without the scapy_packet.show commands,but still it doesnt work,I added the functions for changing iptables rules after the errors occured so i don’t think they are the reason)
    https://mega.nz/file/V8ciRByJ#6qxrg6uPN5Z9QspZzoDOGsRXTxaFRiEbpfe40rTbEaU
    https://mega.nz/file/VkU0UbDK#DqI7ybMoXTwOeXauwyBkGnnCnZCmystR4bkxGjpaBPc
    I also noticed that the code didnt decode the incoming raw layers of packets,but i it did show the content length.It seems very strange to me.
    Regards,

    #49701
    diegodiego
    Moderator

    Hi!

    I will suggest to remove the iptables rules form the code, they are inside a loop and that’s not a good practice, better run them manually.
    So first flush iptables:
    iptables –flush
    iptables –table nat –flush
    iptables –delete-chain
    iptables –table nat –delete-chain
    iptables -P FORWARD ACCEPT

    Enable port forwarding
    echo 1 > /proc/sys/net/ipv4/ip_forward

    Then run the iptables manually and try it again, and yes, it looks like speedbit.com is offline now, that’s weird. So you can try with stealmylogin.com

    Are you sure you are using the latest custom kali image provided by Zaid? It’s important! Are you using python 2 or 3?

    Let me know.
    Diego

    #49750
    AvatarNikolajevZj
    Participant

    Hello,
    I removed the ip_tables changing function from the code.I cleared the iptables with the commands that you mentioned and I enabled port forwarding,the code still doesnt seem to work.I used stealmylogin.com.I’m using the custom kali image provided by zaid,has there been any newer versions?I downloaded it in may when I started doing zaid’s courses.I’m using python 2.I noticed now that instead of the script it seems like the error message “HTTP/1.1 400 Bad Request” gets somehow injected into the websites source code at the bottom,i think its still because the changes in the packet are getting rejected,here is the screenshot:
    https://mega.nz/file/A9sFlAiA#YIxQ2GRPDsEn9RBgI1vTLStXIThL4TTPechcSyn0X1s
    Regards,

    #49783
    diegodiego
    Moderator

    Hi!
    That’s weird, can you share a screenshot of the modified code? Also add a print after load.replace() and check if the load is being modified properly.
    The latest custom kali is v1.3, but this script should work anyway.

    Let me know.
    Diego

    #49957
    AvatarNikolajevZj
    Participant

    Hello,
    I added the print after load.replace().
    It seems like the requests are getting modified properly because i get decrypted answers containing html page details,but still in the load field of the returned packets,the error 400 “bad request” occurs and below i get a packet that contains something like this in the load field:
    Here’s the screenshot of it:
    https://mega.nz/file/tpNhRYSC#OeVlIdaA_dwS5mcVBVugRKdpjjvOHuNmCyFQ9RRHIp4
    Every packet contains the error 400 at the beginning,I noticed that some packets don’t get decrypted at all:
    https://mega.nz/file/U4VxBCQQ#YN84lwba0aI4HyPs3ZZpmufsGhMEhYrXlLtCFIRMzRE
    I get same results on http,https,and hsts websites.The program still doesn’t manage to inject the script into the browser.Here are screenshots of the code:
    https://mega.nz/file/NwU3RaSA#v8H8GtiQm2iz2_VRjxwhxV2iAMYLcsA6ZovmZfByt9g
    https://mega.nz/file/tsMQXBZK#QOldM2uY1Z669rRI14skxosxoXSY1KeHu-c7DJdTMO8
    Regards,

    #50205
    diegodiego
    Moderator

    Hi!
    Test the script against http sites only, later on the course you’ll learn to bypass https. So you are getting ecvrypted content because you are using https and hsts sites.

    Which http site are you using?
    Also try by donwlaoding and importing the latest custom kali v1.3, this might also help to solve the issue, just install scapy and netfilterqueue on it.

    Let me know how it goes!
    Diego

Viewing 8 posts - 1 through 8 (of 8 total)
  • You must be logged in to reply to this topic.