Jump to content
Tuts 4 You
KDN

HTTP MITM tool

Recommended Posts

KDN

HI all,

lets say I have a program that is activated online, you enter a serial number and the application makes an http post with the serial number to their server,  and the server responds back (lets keep it stupidly simple) with either 'accepted' or 'rejected'

What I want to do is make a small exe that listens to all http requests, can match against the url and maybe some post values then spoofs the response back to always be accepted.

I know this might seem really stupid, and why I wouldn't just patch the original program, but this is something I have been looking at for a while with no success I think it will be fun to try. I can do exactly this with programs like charles or burp proxy but I want to make it automated in a standalone exe.

Does anyone know of anything even similar I could start with?

 

thanks!!

Share this post


Link to post
SkyProud

No, it's not stupid. I've met a real case which use a server simulator to response the valid license status.

However, the server simulator is obfuscated. I guess it used some code from the server side which was stolen by social engineering.

It depends on the complexity of the server response. If it's just a boolean value in json, then it's quite simple to fake.

However, if it is some serial which you have to be validated in the client side again, maybe you have to reverse the client validation.

Share this post


Link to post
KDN

thanks for the response, well I have used this method myself for real stuff, one example was a fully working 30 day trial, the server would respond with a license file during the trial and at the end of the trial the server would respond with "Trial has expired" in the http body, so all I did was take a copy of trial license file, change the url in the application to be my own server and I had a never ending trial.

 

The reason I'm now looking for a standalone exe to do this is so I can avoid making any changes to the original application. 

Share this post


Link to post
SkyProud

Well, I can only say that if the original application hard-codes the server IP address inside it, and makes HTTPS request to the server,

then MITM seems to be practically impossible. That's what my application does in this case.

Yeah, if it's just some url you could edit /etc/hosts to resolve the url locally with the fake DNS record,

however, that is because the application has "Loophole" to be made use of.

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...