Is there a way to inject JS?

Question

Is there a way to inject JS?

sometimescool22 opened this issue 8 years ago · comments

David Schütz · Answer 1 · Sat Mar 04 2017 18:31:57 GMT+0800 (China Standard Time)

Now it's not possible, but if you just create an AP without any proxy/ssltrip with mitmAP, you could use an other mitm framework on that local 10.0.0.0/24, and use that to inject js.

sometimescool22 · Answer 2 · Sat Mar 04 2017 21:47:07 GMT+0800 (China Standard Time)

Okay, thanks. Glad to see you're still active on here. Do you know any tools specifically that I can use with BeEF?

Also, how can I add this script to start on boot? @xdavidhu

David Schütz · Answer 3 · Mon Mar 06 2017 02:29:11 GMT+0800 (China Standard Time)

I would suggest bettercap, but i wasn't able to got it working on the mitmAP's network yet. But maybe it was just a problem on my end. You could try the good old ettercap (great tutorial here) if everything else fails.

If you want to start a script on startup, just add it (the start command) to your /etc/rc.local file, before the exit line.

sometimescool22 · Answer 4 · Mon Mar 06 2017 03:10:51 GMT+0800 (China Standard Time)

Thanks, but doesn't mitmAP require user input? How could I just set the user input to what I want, and then it starts with my preferences on boot, if you know what I mean lol.
The idea is that when plugged in and booted up it creates an access point that I can ssh into the pi with. Would I have to modify the code? @xdavidhu

David Schütz · Answer 5 · Mon Mar 06 2017 03:59:50 GMT+0800 (China Standard Time)

Oh, i see what you what you want to achive. At this mitmAP does not supports arguments instead of user input. :/
But you still got options.

(Thats how i do it, its I guess easier) Create a hotspot on your phone, and connect to it once with the pi. After this the pi will remember, and after this, when u start up the pi, it will connect to your phone. If you have an android, scan the subnet 192.168.43.0/24 with e.g the app named Fing, and just get the IP of the pi, and connect to it via JuiceSSH, or any other ssh client.
Run mitmAP to create the config files, and after add this to your /etc/rc.local:
(This should start up the hotspot and the dhcp server on boot. But you will NOT have internet connection when connected to the AP.)

dnsmasq
screen -S hostapd -m -d hostapd /etc/hostapd/hostapd.conf

sometimescool22 · Answer 6 · Mon Mar 06 2017 04:16:12 GMT+0800 (China Standard Time)

Thanks! However I just left for my trip, I brought my pi with me. Let's say the pi connects to test123 by default, if I name my hotspot test123 will it connect?

David Schütz · Answer 7 · Mon Mar 06 2017 04:19:58 GMT+0800 (China Standard Time)

Hm, I'm not 100% sure, but yes, I suppose it should. Just make sure to set it up with the same encryption/password what the saved AP had.

sometimescool22 · Answer 8 · Mon Mar 06 2017 04:26:57 GMT+0800 (China Standard Time)

Okay, thanks! I love your tool btw.

sometimescool22 · Answer 9 · Mon Mar 06 2017 05:09:17 GMT+0800 (China Standard Time)

Sadly Fing can't scan mobile hotspots :/

David Schütz · Answer 10 · Mon Mar 06 2017 05:12:30 GMT+0800 (China Standard Time)

It can, just press the three dot -> Scan external IP network -> enter '192.168.43.0/24'

sometimescool22 · Answer 11 · Mon Mar 06 2017 05:23:24 GMT+0800 (China Standard Time)

The pi didn't connect. My best bet would be getting to the hotel and then connecting it to hotel wifi via Ethernet. Thanks for the help though.

David Schütz · Answer 12 · Mon Mar 06 2017 05:35:30 GMT+0800 (China Standard Time)

:\ If you will be able to connect to it, be sure to add your hotspot to the saved wifis.

Btw you are welcome! If you have any other questions with this, I'm here to help. :)