Example of JS injection using Man-in-the-middle proxy
- Visit mitm.it and install the mitmproxy certificate (this downloads the certificates to
~/mitmproxy/
) - Setup browser to use proxy
localhost:port_number
(for all types of requests) - Setup port forwarding from port 80 and 443 to
port_number
sudo sysctl -w net.ipv4.ip_forward=1
sudo iptables -t nat -A PREROUTING -i wlan1 -p tcp --dport 80 -j REDIRECT --to-port 5000
sudo iptables -t nat -A PREROUTING -i wlan1 -p tcp --dport 443 -j REDIRECT --to-port 5000
- Start MITM proxy with
mitmproxy -p port_number
At this moment, you can already sniff all communication through the proxy in a neat CLI.
If you want to modify the requests via script, do the following instead of the last step:
- Start MITM proxy with
mitmdump -p port_number -s script.py
If your python scripts takes any arguments (such as inject_script.py), append the
mitmdump
command with the path to the JS script and enclose it with quotes:
mitmdump -p 8888 -s "src/inject_script.py src/js/alert.js"
Install required packages: pip install flask flask_socketio gevent gevent-websocket
and run the server
with python websocket_server.py
. The server runs on https://localhost:5000
, websocket is exposed at
localhost:5000/ws
. WSS hack: allow mixed content in browser.
- https://mitmproxy.org/
- https://security.stackexchange.com/questions/72652/javascript-injection-using-man-in-the-middle-attack
- http://pankajmalhotra.com/Injecting-Javascript-In-HTML-Content-Using-MITM-Proxy
- https://blog.heckel.xyz/2013/07/01/how-to-use-mitmproxy-to-read-and-modify-https-traffic-of-your-phone/
- https://blog.miguelgrinberg.com/post/easy-websockets-with-flask-and-gevent