- This topic has 5 replies, 3 voices, and was last updated 4 years, 8 months ago by Vashisht Boodhun.
- AuthorPosts
- April 21, 2020 at 6:31 pm #34613Mackendy CharlesParticipant
how to change when you type a url by another url for example http://www.facebook.com by http://www.facebook.corn without going through google.ie……….
April 23, 2020 at 2:48 pm #34773Vashisht BoodhunParticipantBasically there are 2 challenges:
1. Websites that use normal https like zsecurity.org, stackoverflow.com ….etc you should be able to bypass all of these even if accessed directly.
2. Websites that use HSTS like facebook and twitter, these websites will only load over HTTPS if accessed directly because the browser has a list of famous websites that use HSTS, therefore it will only load them over https, the only way around this is to use the custom hstshijack caplet that Zaid provided, this will only work if the user searches for the website using a search engine that does not use HSTS, for example if they use the local google domain such as google.ie to search for facebook / twitter …etc in this case the script will replace the .com at the end with .corn bypassing the list of famous websites that the browser has and allowing us to downgrade these websites to http.
Also please don’t forget to remove the browsing data (cache, history…..etc) before doing the attack, you wouldn’t need to do this in a real life scenario but this happens sometimes when you keep accessing the same website over and over across a very short period of time.
Please don’t hesitate to contact if you need anything else.
April 24, 2020 at 4:41 pm #34852Mackendy CharlesParticipantthank you Mr. Vashisht
April 25, 2020 at 3:09 pm #34911Vashisht BoodhunParticipantYou’re welcome, I’m glad we could help:)
April 26, 2020 at 12:29 pm #34992obainostevenParticipantproblem of failed to acquire the virtual box com object
April 27, 2020 at 4:24 pm #35103Vashisht BoodhunParticipantPlease open a new discussion in the forum with all the details, and will reply ASAP, for it’s really hard for us to keep track of what several people are doing in the same post.
Thank you for your comprehension.
- AuthorPosts
- You must be logged in to reply to this topic.