Activating Somebody’s Webcam Through Mitmf + beEF-xss + Metasploit.

Published by hackingplayground on

Hi friends, I’m going to talk about how a hackers can remotly access your computer to spy on you.

Man In The Middle Attacks

man-in-the-middle-mitm

Man in the middle attack.

This picture above shows you how a man in the middle attack works, In order to do a middle in the man attack, you need to have 3 clients the gateway – attacker – target. You simply poison the gateway and the target and all the communications go directly to you.

Let’s have a look at a tool called Mitmf because this is what I’m going to use in this demo, you could use Ettercap but it’s totally up to you.

TIP:

Most modern browsers use Hsts (HTTP Strict Transport Security)  but this can be bypassed.

Installing Mitmf

To install Mitmf you simply type the command below and it will go ahead and install the required dependencies, as well as the tool.

apt-get install mitmf

A Problem That Might Occur

2016-03-31 13:23:21 [ProxyPlugins] Exception occurred in hooked function Traceback (most recent call last): File “/root/Desktop/MITMf-master.4/core/proxyplugins.py”, line 112, in hook a = f(args) File “/root/Desktop/MITMf-master.4/plugins/inject.py”, line 65, in response mime = response.headers[‘Content-Type’] AttributeError: ClientRequest instance has no attribute ‘headers’

This is an error with a python module called Twisted.

This problem can be fixed really easily, just type in these commands and the problem will go away.

  • apt-get remove python-twisted
  • wget http://twistedmatrix.com/Releases/Twisted/15.5/Twisted-15.5.0.tar.bz2
  • pip install ./Twisted-15.5.0.tar.bz2

Now it should be fixed 🙂

This was fixed by ho1tz, cheers dude.

https://h01tz.blogspot.com.au/2016/04/mitmf-error-with-python-library-python.html?showComment=1511988750818#c1431391806543163498

Watch this Video To Learn


rn browsers such as chrome or firefox

  • Have an ad blocker
  • Use a VPN
  • Have antivirus systems such as Avast or AVG
  • Keep your software up to date.
  • Don’t connect to open wireless networks
  • Use browser plugins such as HTTPS Everywhere or ForceTLS

DO NOT do this to somebody’s computer without permission, I am not to blame for any illegal activities you commit this is for educational purposes only.

Please comment if you have any difficulties, I’m here to help.

 


hackingplayground

I love to spending time with friends and family, in my spare time I like to play and design games. I'm also a researcher in ethical hacking and love helping others to learn all about the different types of threats in cybersecurity.

Leave a Reply

%d bloggers like this: