.:WAN Browser Hijacking :.





Asalamualaikum Frndzz I am Malik Ubi and today we will learn about WAN  Browser Hijacking lets play the Game :-D 
.:WAN  Browser Hijacking  :.
We will learn how Xss will work when we combine it ok lets go 

 XSS  injections  can  combine  with  other  techniques,  for  example  to  take  control  of  the  browsers  of users  in  a  WAN.

  The  scenario  is  as  follows:-  

 - The  attacker  breaks  into  the  local  network/s  victim/s.
-  Poison  the  network  dns  chache.
-  Generate  a  web  page  "vulnerable"  to  impersonate  another  routine  (google.com).
-  Users  who  request  google.com,  actually  connect  to  the  attacker's  server  due  to  "poison" the  DNS  tables.
-  The  attacker  executes  "Beef"  as  a  framework  on  own  machine  and  wait  for  connecting Victims.
-  When  a  victim  executes  the  malicious  code  (hook),  the  attacker  immediately  receive  a notice  in  the  framework  of  having  a  -zombie-  online.
-  As  the  victim  continues  its  navigation,  the  attacker  can  perform  various  techniques  in  a very  simple  and  almost  automated  through  the  framework. 

 Now lets discuss jani pRactical method here it is :-D 
Practical  method  of  attack:
 1)  The  attacker  breaks  into  the  local  network/s  victim/s

  Whether  he  knows  the  password,  or  because  it  gets  to  crack  the  encryption  algorithm  (WEP  / WPA ..).

  2)  DNS  poisoning  the  network  chache 

 Through  the  free  software  tool  "Ettercap  (http://ettercap.sourceforge.net/),  the  attacker  can  send replies  DNS  (Domain  Name  Server)  "spoofed"  to  get  redirect  requests  of  victims  to  a  server under  control  (local  or  remote).

 3)  Generate a web page "vulnerable" to impersonate another routine (google.com)

 4)  Users  requesting  google.com,  actually  connect  to  the  attacker's  server  due  to  "poison" the  DNS  tables. 

 The  attacker  has  inserted  into  the  "fake"  google  site  a  XSS  code  that  opens  a  channel  of communication  back  and  forth  with  the  victim,  through  a  framework.

 5)    The  attacker  executes  "Beef"  as  a  framework  on  own  machine  and  wait  for  connecting victims.  Through  the  "hook":  beefmagic.js.php

 6)  As  the  victim  continues  its  navigation,  the  attacker  can  perform  various  techniques  in  a very  simple  and  almost  automated  way  through  the  framework.

 Thats all hope u liked my tutorial on Wn Browser Hijacking 
#Mαℓïк_Цвï
Newer Post Older Post
Post A Comment
  • Blogger Comment using Blogger
  • Facebook Comment using Facebook
  • Disqus Comment using Disqus

No comments :


Subscribe to: Post Comments (Atom)