https://github.com/ariary/poc-website-masquerading

PoC on how to impersonnate/masquerade a website locally 🎭
https://github.com/ariary/poc-website-masquerading

certificates hacking man-in-the-middle masquerade mitm poc

Last synced: 4 months ago
JSON representation

PoC on how to impersonnate/masquerade a website locally 🎭

• Host: GitHub
• URL: https://github.com/ariary/poc-website-masquerading
• Owner: ariary
• Created: 2022-01-13T17:02:58.000Z (over 3 years ago)
• Default Branch: main
• Last Pushed: 2022-01-21T08:17:42.000Z (over 3 years ago)
• Last Synced: 2025-01-08T19:22:16.033Z (5 months ago)
• Topics: certificates, hacking, man-in-the-middle, masquerade, mitm, poc
• Language: Shell
• Homepage:
• Size: 514 KB
• Stars: 3
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

        


Another good reason to be careful when running script from untrusted source with sudo, or to not give to all users root capabilities



|DEMO  🎭 |

|:---:| 

|![demo](https://github.com/ariary/PoC-Website-Masquerading/blob/main/poc.gif)|

## PoC

This a simple PoC on how to impersonnate a website locally. 

After that you can imagine multiple scenarios. For example stealing credentials, by making the local server (which impersonates the target website) having the same frontend as the target but interacting with a remote server to exfiltrate the credentials. 

It highlights the importance to monitor the capabilities given to scripts/users etc as this snipset could be integrated in any malicious script or by any user having root privileges. (Don't do this, of course)

### How it works

~> Launch `poc-impersonate` 

1. Modify `/etc/host` to route the target domain to localhost. **Note**:the content of `/etc/hosts` is used before making DNS resolution at each request so it is priority. need sudo

2. Make locally trusted certificates, it is important to avoid the "warning" page of the browser. Certs could be installed in the trusted store of the whole system, in this PoC it is only installed for the user launching the script.

3. Launch a local server on port `443`. need sudo

~> Visit the target website (here `https://www.github.com`) 

See that you aren't were you wanted to. (You reach the local server) 

~> Clear your tracks with `clean`

It stops local server, withdraws certs in trust store, and puts `/etc/hosts` as it was before the PoC

### Notes

* 2 command needs sudo (modifying /etc/host & launch https server on 443)

* To ease cert regisstration in trust store the PoC use [`mkcert`](https://github.com/FiloSottile/mkcert) but it could be done manually w/ `openssl` 

    * Hence the "certutil" is a prerequisite to make the PoC works for Chrome or Firefox

* Need Browser restart to make it works