Jump to content
Tuts 4 You
Sign in to follow this  
KDN

HTTP MITM tool

Recommended Posts

KDN

HI all,

lets say I have a program that is activated online, you enter a serial number and the application makes an http post with the serial number to their server,  and the server responds back (lets keep it stupidly simple) with either 'accepted' or 'rejected'

What I want to do is make a small exe that listens to all http requests, can match against the url and maybe some post values then spoofs the response back to always be accepted.

I know this might seem really stupid, and why I wouldn't just patch the original program, but this is something I have been looking at for a while with no success I think it will be fun to try. I can do exactly this with programs like charles or burp proxy but I want to make it automated in a standalone exe.

Does anyone know of anything even similar I could start with?

 

thanks!!

Share this post


Link to post
SkyProud

No, it's not stupid. I've met a real case which use a server simulator to response the valid license status.

However, the server simulator is obfuscated. I guess it used some code from the server side which was stolen by social engineering.

It depends on the complexity of the server response. If it's just a boolean value in json, then it's quite simple to fake.

However, if it is some serial which you have to be validated in the client side again, maybe you have to reverse the client validation.

Share this post


Link to post
KDN

thanks for the response, well I have used this method myself for real stuff, one example was a fully working 30 day trial, the server would respond with a license file during the trial and at the end of the trial the server would respond with "Trial has expired" in the http body, so all I did was take a copy of trial license file, change the url in the application to be my own server and I had a never ending trial.

 

The reason I'm now looking for a standalone exe to do this is so I can avoid making any changes to the original application. 

Share this post


Link to post
SkyProud

Well, I can only say that if the original application hard-codes the server IP address inside it, and makes HTTPS request to the server,

then MITM seems to be practically impossible. That's what my application does in this case.

Yeah, if it's just some url you could edit /etc/hosts to resolve the url locally with the fake DNS record,

however, that is because the application has "Loophole" to be made use of.

Share this post


Link to post
quosego

Try setting your system proxy settings and use burp proxy and add the burp ca to your certificate store. This will route the traffic through burp which can intercept and edit the request. If that doesn't work you can set it to invisible mode and modify your host file so that the the server address point to your burp proxy.

Should work fine, most apps don't have certificate pinning and will accept the burp cert.

https://portswigger.net/burp

Good luck.

Share this post


Link to post
Kurapica

Before coding your own server to do that, try to capture the response from their server when it says "accepted" using HTTP debugger

and using the same tool, you can intercept when you application asks the server "am I good to go" and reply back from within your machine

HTTP debugger has a tool to manipulate responses when a certain request is made

Share this post


Link to post
ewwink

if you don't want to directly patch the app maybe create loader to patch it in memory. for creating your own proxy interceptor you can use fiddlercore or Titanium-Web-Proxy.

Share this post


Link to post
ForlaxPy

if you're familiar with c# you can use fiddlerCore and easily code a program that auto get these http requests and eitehr redirect them to somewhere else or change the response. Here is a demo on the usage of it http://fiddler.wikidot.com/fiddlercore-demo

 

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  
×
×
  • Create New...