1
00:00:00,060 --> 00:00:03,810
Hello, everyone, welcome to another video of our man in the middle attacks.

2
00:00:05,280 --> 00:00:12,450
Today, we're going to use better cap to inject a JavaScript into a Web page using the inject gas module.

3
00:00:13,800 --> 00:00:21,930
We are going to combine better cap with beef excess beef excess, as is a browser exploitation framework.

4
00:00:23,460 --> 00:00:27,420
It has many features and we will use some of them in later videos.

5
00:00:29,220 --> 00:00:32,370
But in order for us to hook the target's brother.

6
00:00:34,190 --> 00:00:37,380
With beef, we need to inject JavaScript into the page.

7
00:00:37,400 --> 00:00:39,890
The target is visiting without him realizing.

8
00:00:41,670 --> 00:00:44,070
First, let's install beef excess.

9
00:00:46,990 --> 00:00:58,840
And, Kelly, we can use beef, we can sell beef excess using the command and beef exercise, and in

10
00:00:58,840 --> 00:01:01,660
this video we are going to use better version two.

11
00:01:02,470 --> 00:01:05,800
In the last video, we used better version one.

12
00:01:07,000 --> 00:01:10,110
Better version two is much better.

13
00:01:12,210 --> 00:01:18,840
Since there are a lot of performance improvements, also, the language itself is is different from

14
00:01:18,840 --> 00:01:19,890
the version one.

15
00:01:21,350 --> 00:01:27,260
After you sold beef dash exercise, you can just simply launch it by beef.

16
00:01:28,280 --> 00:01:36,710
The expert says unless you sold it in your directory, you just go to your territory beef and make sure

17
00:01:36,710 --> 00:01:39,830
you change the username and password first and

18
00:01:43,430 --> 00:01:43,820
that.

19
00:01:46,330 --> 00:01:50,410
It's not the default password, so changed mine.

20
00:01:53,000 --> 00:01:59,240
Once you're done, you just type B dash excess exercise.

21
00:02:00,540 --> 00:02:03,780
But I'm going to do this from my Mako's virgin.

22
00:02:08,220 --> 00:02:15,610
I'm already inside maybe from maybe if territory, so I'm going to use our pvm sutta, that would be

23
00:02:15,640 --> 00:02:15,990
beef.

24
00:02:26,720 --> 00:02:32,090
Now, let's make sure that we can visit the control panel first and login with our username and password.

25
00:02:36,270 --> 00:02:37,590
Go to this URL.

26
00:02:40,800 --> 00:02:41,460
Unlogged.

27
00:02:47,310 --> 00:02:50,950
Very good, as you can see on the left side.

28
00:02:51,240 --> 00:02:54,700
We will see any browser and online browsers.

29
00:02:55,780 --> 00:02:58,720
If they use or closed the browser, it will go to the offline.

30
00:03:00,280 --> 00:03:01,350
All right, perfect.

31
00:03:04,800 --> 00:03:16,770
Now we go to Kelly to to install and run better Cabarita, you can so easily by just type install better.

32
00:03:18,000 --> 00:03:19,650
And I will install the latest version.

33
00:03:20,930 --> 00:03:23,240
After you saw it, you couldn't run better.

34
00:03:24,860 --> 00:03:35,030
You can also use my face for the interface and then land that one zero four zero if you're using Ethernet.

35
00:03:38,880 --> 00:03:39,900
So if it's

36
00:03:43,170 --> 00:03:52,470
OK, we're going to use this trip like from the Virgin Virgin, one from the least the last video we

37
00:03:52,470 --> 00:03:55,010
had, but this time it's going to be different.

38
00:03:55,140 --> 00:04:01,710
The interface of Better Kapper into is kind of different from version one, because version one doesn't

39
00:04:01,710 --> 00:04:04,920
have Ulli or doesn't have this command line interface.

40
00:04:05,700 --> 00:04:11,430
So you can just follow my commands except HTP.

41
00:04:13,040 --> 00:04:19,120
Or I would rather say, if you want to first find help, they help you find all the modules here.

42
00:04:19,790 --> 00:04:22,280
So we're going to use HTP proxy.

43
00:04:22,280 --> 00:04:25,970
If you remember from version one, we just use Desh proxy.

44
00:04:26,330 --> 00:04:27,500
But here it's different.

45
00:04:28,070 --> 00:04:35,450
If you want to get more information about a module, you just type help HTP proxy.

46
00:04:36,650 --> 00:04:42,620
It will give you all the parameters that you can configure luggage to be poured.

47
00:04:42,620 --> 00:04:49,480
Agha's blacklists and of course, inject you gas, which we used in the past and other stuff.

48
00:04:49,490 --> 00:04:52,520
You can also have a script here, JavaScript.

49
00:04:53,330 --> 00:04:57,080
So in our case we want to use.

50
00:04:58,210 --> 00:05:03,670
There is a cell strip, right, it's it default default for so we can we make sure we use it to make

51
00:05:03,670 --> 00:05:04,060
it true.

52
00:05:04,690 --> 00:05:11,140
So set to be a proxy cell strip.

53
00:05:15,290 --> 00:05:28,800
Let's also make sure our Puf internal is on, so we do set our spoof internal truth in our hearts,

54
00:05:28,820 --> 00:05:34,750
Wolf, we need to specify a target, said AAFP Puf.

55
00:05:35,120 --> 00:05:39,740
You can also press tab for completion, for auto completion.

56
00:05:40,370 --> 00:05:41,630
So Target.

57
00:05:42,440 --> 00:05:45,950
And then here you specify the address of your target.

58
00:05:46,790 --> 00:05:51,610
We go here from the IP address from the last time should be the same.

59
00:05:52,320 --> 00:05:53,660
It hasn't changed so much.

60
00:05:54,040 --> 00:05:56,090
I think it's the same zero dot.

61
00:05:56,090 --> 00:05:56,740
Forty seven.

62
00:05:58,040 --> 00:05:59,750
So we can do here.

63
00:06:04,490 --> 00:06:09,370
Also, let's use our JavaScript, inject gas.

64
00:06:09,380 --> 00:06:21,080
So send proxy dot checks, JavaScript, and then we go here, we copy the URL, which is this one.

65
00:06:26,320 --> 00:06:34,630
OK, if you want to turn on the network sniffer, you can do it, that's fine, but I'm not going to

66
00:06:34,630 --> 00:06:35,140
do this.

67
00:06:36,610 --> 00:06:40,170
Also, make sure you do set net net snip.

68
00:06:40,660 --> 00:06:47,370
That shows false just to not show you a lot of information on your screen.

69
00:06:48,930 --> 00:06:50,280
But I'm not going to do this.

70
00:06:50,490 --> 00:06:56,650
I said, OK, since we have everything ready, let's turn on if you could type help.

71
00:06:57,780 --> 00:07:01,050
We still have our modules now running, so let's run them.

72
00:07:02,340 --> 00:07:05,610
So type the proxy on.

73
00:07:07,240 --> 00:07:11,310
And then are those who've also Paul.

74
00:07:14,230 --> 00:07:16,140
Now, let's switch here.

75
00:07:17,590 --> 00:07:22,850
If we go to our target and opened up Web page, Amazon.com, for instance.

76
00:07:26,670 --> 00:07:27,480
See, it's very.

77
00:07:28,640 --> 00:07:36,860
We got the data right, we were able to strip the URL, let's make sure it's hooked or not.

78
00:07:39,200 --> 00:07:39,920
Go here.

79
00:07:40,800 --> 00:07:42,110
It's not over yet.

80
00:07:46,180 --> 00:07:47,050
Let's try again.

81
00:07:55,630 --> 00:07:56,910
We have to send the.

82
00:07:57,820 --> 00:07:59,310
Correct IP address here.

83
00:08:02,350 --> 00:08:03,100
Let's do it again.

84
00:08:12,570 --> 00:08:14,400
Page, SOAPnet again.

85
00:08:26,460 --> 00:08:34,560
OK, yep, we were able to hook the target here, we can go target commands, we can do a lot of stuff

86
00:08:34,560 --> 00:08:36,420
here, like, for instance, we can.

87
00:08:38,550 --> 00:08:44,190
Go to like Google fishing, just execute.

88
00:08:45,920 --> 00:08:53,030
Now, if you go here, see this page has turned to Google blog and you just type Tuzer, one, two,

89
00:08:53,030 --> 00:08:55,550
three, four, five, six, signing.

90
00:08:57,260 --> 00:09:03,500
And then you click your command, see, you've got these are going the password, you can do also like

91
00:09:03,500 --> 00:09:08,060
other stuff like maybe like fake flash updates.

92
00:09:08,210 --> 00:09:14,870
But before we do this, but keep in mind that our browser is not correct anymore because it redirected

93
00:09:14,870 --> 00:09:15,990
Daza to something else.

94
00:09:16,010 --> 00:09:18,590
So let's go back to our page or any page.

95
00:09:18,590 --> 00:09:21,710
Doesn't matter because we're using better tap to intercept the traffic.

96
00:09:22,960 --> 00:09:24,720
Let's make sure that we are hooked again.

97
00:09:25,460 --> 00:09:29,230
We hooked up, we are hooked again.

98
00:09:29,270 --> 00:09:31,290
We're back in business.

99
00:09:31,840 --> 00:09:39,660
So if you go to Flesh Update's, so this is going to be the payload, your URL.

100
00:09:39,670 --> 00:09:43,390
So if you click execute and see what happens.

101
00:10:01,350 --> 00:10:03,210
Now, it didn't work for a reason.

102
00:10:03,890 --> 00:10:06,050
Yeah, there are a lot of things here that we can use.

103
00:10:06,060 --> 00:10:09,970
One of them also is the fake notification bar code.

104
00:10:10,560 --> 00:10:17,700
So here you can set the URL of your dropper through your file that you want to the user to download

105
00:10:17,700 --> 00:10:19,710
and then you can just execute.

106
00:10:19,740 --> 00:10:20,970
Of course, I have this from now.

107
00:10:20,970 --> 00:10:22,140
I'm just doing something.

108
00:10:23,250 --> 00:10:33,030
And I think it's just, you know, you can see it if you click install missing plugins here, you will

109
00:10:33,030 --> 00:10:37,530
be redirected and download the file from our server, like from this URL.

110
00:10:37,530 --> 00:10:41,090
But of course, we have this this will be in our next video.

111
00:10:42,220 --> 00:10:42,510
Right.

112
00:10:42,690 --> 00:10:44,400
So there are tons of features here.

113
00:10:44,400 --> 00:10:46,410
You can do also the browser.

114
00:10:46,440 --> 00:10:52,650
So you have features here like Playtime's and.

115
00:10:55,600 --> 00:10:59,880
Look, what can you can also unhook it from your from your beef.

116
00:11:00,780 --> 00:11:07,690
There are a lot of things you can do here, so just play around with it and we'll see you in the next

117
00:11:07,690 --> 00:11:07,990
video.

118
00:11:08,410 --> 00:11:09,160
Thanks for watching.

119
00:11:09,670 --> 00:11:10,030
See you.