MITM Proxy - ConnorEast/Tech-Journal GitHub Wiki

First step was to write down the IP address of my Kali Linux VM.

Kali Linux Address : 110.0.17.24/24

Then I opened internet explorer by pressing “Windows + R” and typing “iexplore.exe” this ran Internet explorer. From there I clicked settings, Connections and LAN settings. Below is an image of said page.
image
This opened a tab labeled Local Area Network (LAN) Settings. On this page I located the radio button for “use a proxy server for your LAN (these settings will not apply to dial-up or VPN connections)” and I inserted the Address and Port numbers as specified. 10.0.17.24/24 being my KALI server and 8080 being the port. Below is an example of said page.
image
Next I clicked OK twice and then I needed to browse to a site. In this case the site being “http://burlingtoncityarts.org” on my windows device. This ended up showing up as the following on my Kali desktop.
image

Next it asked me to go to http://login.comcast.net/login and I got the error 301 message. This essentially says the item has been moved and as such you need to be redirected. I also got the error for the ssl certificate not being trusted. The exact message is “sslv3 alert certificate unknown.” This is the result of the intermediate certificate being expired or invalid.
image
I then downloaded the Mitm malware Certificate download and implemented it:
image

From there I went to Wikipedia and I got no Certificate warnings. This is due to the MITM cert we downloaded generates dummy certificates
image

I then went to Champlain Colleges Wikipedia and searched for its decoded sections. Below are the images associated.
image
image image

The next goal was to "Capture a Username and Password". As such I created a wikipedia account. The following contains the username and password of said account.
image

##MITM proxy Reconfig: On my kali Linux device I used the command ‘ sudo mitmproxy --map-remote "|https://champlain.edu|https://uvm.edu” ’ This command translates too: Use Root user to map the link of https://champlain.edu| to the remote location of https://uvm.edu. This gave me the following content.
image
Next I spoofed the site https://www.drseussenterprises.com/ with my CCV final project php webpage https://cejewelers.cte01170.classweb.vsc.edu/index.php. Below is an image of the drseuss page. image
The main reason I bielieve it broke the site is due to the fact that all of its styling is not absolutely positioned in relation to the drseuss site. However this is simply speculation.
image

##Why do this?
Why might a malicious actor use mitm replacement.

  1. Send you to a fake version of the webpage you were attempting to log into so that they can steal your password.
  2. Send you to a site that would download malware onto your computer.
    In the end they are simply attempting to steal as much PII as possible.