{"id":21405380,"url":"https://github.com/karimsa/robotdon_https_bug","last_synced_at":"2025-03-16T16:51:05.066Z","repository":{"id":149731040,"uuid":"74528587","full_name":"karimsa/robotdon_https_bug","owner":"karimsa","description":"Proof of concept of MiTM attack on RobotDon (robotdon.com).","archived":false,"fork":false,"pushed_at":"2016-11-23T02:15:06.000Z","size":4,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-03-11T21:03:58.222Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/karimsa.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2016-11-23T01:27:25.000Z","updated_at":"2016-11-23T02:11:43.000Z","dependencies_parsed_at":null,"dependency_job_id":"f09dcfc7-ebd5-4384-bf17-57306689026d","html_url":"https://github.com/karimsa/robotdon_https_bug","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/karimsa%2Frobotdon_https_bug","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/karimsa%2Frobotdon_https_bug/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/karimsa%2Frobotdon_https_bug/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/karimsa%2Frobotdon_https_bug/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/karimsa","download_url":"https://codeload.github.com/karimsa/robotdon_https_bug/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243902293,"owners_count":20366259,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-22T16:24:50.259Z","updated_at":"2025-03-16T16:51:05.046Z","avatar_url":"https://github.com/karimsa.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# robotdon_https_bug\n\nProof of Concept and submissions of HTTPS bug.\n\n## Description\n\nThe authentication and registration for the platform of RobotDon occurs entirely on\n`tools.robotdon.com`. However, this domain has **no HTTPS support whatsoever**.\n\nDue to this, the application is susceptible to a number of MiTM-related attacks. One\nof these attacks is the combination of arp spoofing, dns spoofing, and setting up a \nproxy server (i.e. a web server that proxies `tools.robotdon.com`). Through this, an\nattacker may poison the entire LAN to redirect all traffic intended for `tools.robotdon.com`\ntowards a given machine.\n\nThis machine could then host a proxy of `tools.robotdon.com` and simply log all credentials.\nThis attack assumes that both the attacker and the victim are on the same network which\nis not the case usually. However, since the primary user audience of RobotDon is students,\nthis becomes an issue. This is because most students use a shared wifi connection provided\nby their university or college and it would be very easy for an attacker to run a MiTM attack\ndue to this.\n\n## Installation\n\n - Run `npm install` (assumes that node.js is installed)\n - Install ettercap\n - Ensure that no other application is running on port 80\n\n## Running\n\nTo run, provide the main network interface and the victim's IP address to the script. For instace,\nto run an attack using the interface 'wlan0' on the victim '192.168.0.2':\n\n```\n$ node index.js wlan0 192.168.0.2\n```\n\n## Disclaimer\n\nTHE CODE IN THIS REPOSITORY IS NOT INTEDED TO BE USED MALICIOUSLY. DO NOT USE IT ON ANY MACHINES\nOTHER THAN YOUR OWN.\n\nThis code was written for the Bug Bountry Program run by Edusson.\n\n## Lincensing\n\nPermission is hereby granted, free of charge, to any person obtaining a copy of this software and associated\ndocumentation files (the “Software”), to deal in the Software without restriction, including without limitation\nthe rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and\nto permit persons to whom the Software is furnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in all copies or substantial portions of\nthe Software.\n\nTHE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO\nTHE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\nAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,\nTORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkarimsa%2Frobotdon_https_bug","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fkarimsa%2Frobotdon_https_bug","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkarimsa%2Frobotdon_https_bug/lists"}