DL_ _OSA_ _Web_Browsers - lighthouseitsecurity/barabbas GitHub Wiki

File Download ➔ OS Agnostic ➔ Web Browsers

OVERVIEW:

Mozilla Firefox (HTTP; HTTPS)
Google Chrome (HTTP; HTTPS)
Microsoft Edge (HTTP; HTTPS)

NOTES:

documented this chapter for the sake of coverage and consistency
documented only the process for HTTPS
- all steps related to HTTP contained within HTTPS
- also covering authentication (optional step)
for the sake of brevity, documenting each process for Windows OS only
- process for Linux OS has minor (self-explanatory) differences
using GUI clients preferred over using CLI clients for file transfer
- faster
- more reliable

Mozilla Firefox (HTTP; HTTPS)

https://www.mozilla.org/en-US/firefox/browsers/

TESTED ON: Windows 10 (22H2)

1. clear web browser's cache

(Ctrl+Shift+Del)

Time range to clear: ➔ (select) Everything

(mark all checkboxes)

Clear Now

2. navigate to attacker web server

https://192.168.5.11/

3. accept self-signed X.509 certificate

Advanced... ➔ Accept the Risk and Continue

4. [optional] provide credentials

Username ➔ (provide username from barabbas output)

Password ➔ (provide password from barabbas output)

Sign in

5. download file

(right click target file) ➔ Save Link As...

(specify output directory)

Save

NOTE: in case download fails (Network error), refresh web page in web browser (press F5) and repeat this step

Google Chrome (HTTP; HTTPS)

https://www.google.com/chrome/index.html

TESTED ON: Windows 10 (22H2)

1. clear web browser's cache

(Ctrl+Shift+Del)

[tab] Advanced

Time range ➔ (select) All time

(mark all checkboxes)

Clear data

2. navigate to attacker web server

https://192.168.5.11/

3. accept self-signed X.509 certificate

Advanced ➔ Proceed to (target) (unsafe)

4. [optional] provide credentials

Username ➔ (provide username from barabbas output)

Password ➔ (provide password from barabbas output)

Sign in

5. download file

(right click target file) ➔ Save link as...

(specify output directory)

Save

NOTE: in case download fails (Network error), refresh web page in web browser (press F5) and repeat this step

Microsoft Edge (HTTP; HTTPS)

https://www.microsoft.com/en-us/edge

TESTED ON: Windows 10 (22H2)

1. clear web browser's cache

(Ctrl+Shift+Del)

Time range ➔ (select) All time

(mark all checkboxes)

Clear now

2. navigate to attacker web server

https://192.168.5.11/

3. accept self-signed X.509 certificate

Advanced ➔ Continue to (target) (unsafe)

4. [optional] provide credentials

Username ➔ (provide username from barabbas output)

Password ➔ (provide password from barabbas output)

Sign in

5. download file

(right click target file) ➔ Save link as

(specify output directory)

Save

NOTE: in case download fails (Network error), refresh web page in web browser (press F5) and repeat this step

⚠️ GitHub.com Fallback ⚠️