Comments on: Sergio Proxy – Injecting, Modifying, and Blocking HTTP Traffic

By: Hack all the world - Open Penetration Testing - Focusecurity.Org

Hack all the world - Open Penetration Testing - Focusecurity.Org — Sat, 18 Jun 2011 03:33:20 +0000

[...] http://spareclockcycles.org/2010/06/10/sergio-proxy-released/ [...]

By: Dan

Dan — Mon, 23 May 2011 18:16:03 +0000

Nice job! Just what I was looking for. I managed to get it to work in tandem with ettercap (cause you apparently kinda forgot to do the actual MITM part per se) and kernel redirection of packages so that the proxy can intercept them.
By the way, using this it’s really easy to trick facebook.com into changing the login form-action to http instead of https. They should really fix that.

By: james

james — Tue, 05 Apr 2011 00:14:36 +0000

Correction the above should be:

– You need to install the distribution packages
– I just copied mine from /usr/lib/python2.5/site-packages to /usr/lib/python2.6/dist-packages

By: supernothing

supernothing — Fri, 18 Mar 2011 11:40:26 +0000

@akshah Code should still work, that’s just a warning. Python is just letting you know that the md5 module (which they’re using in the twisted libs) is deprecated and that the code should be migrated to use hashlib instead.

By: akshah

akshah — Fri, 18 Mar 2011 11:06:42 +0000

sorrrrry i forgot to mention im using backtrack 4 r2

i follow what james did.. but getting error like that

By: akshah

akshah — Fri, 18 Mar 2011 10:24:30 +0000

hi im having error like this

/usr/lib/python2.6/dist-packages/twisted/internet/_sslverify.py:4: DeprecationWarning: the md5 module is deprecated; use hashlib instead
import itertools, md5
Imported Request Functions:
Imported Reply Functions:

how to fix this?

By: james

james — Fri, 24 Dec 2010 04:04:55 +0000

For Backtrack Users:

Install Python 2.6 on Ubuntu 8.04 LTS

– Add to /etc/apt/sources.list:

deb http://ppa.launchpad.net/python-dev/ppa/ubuntu hardy main
deb-src http://ppa.launchpad.net/python-dev/ppa/ubuntu hardy main

– Import the pub key:

apt-key adv –keyserver keyserver.ubuntu.com –recv-keys D81367B9

– Install python2.6:

apt-get install python2.6

– You need to install the distribution packages
– I just copied mine from /etc/lib/python2.5/site-packages to /etc/lib/python2.6/dist-packages

– To run a script: put python2.6 in front, for example:
python2.6 ./UserMITM.py

By: james

james — Fri, 24 Dec 2010 01:20:29 +0000

I did not mention this early, but I find all your articles extremely interesting and I am very surprised that you are not getting a lot more mention for your work from other sources..
I was able to get the script working properly. Just like you I have been frustrated with ettercap filters.
I am not a programmer so it will take me some time to figure out how to adapt it for various needs.
But I think you already came up with all the good ideas, which is basically to manipulate network traffic so that all kinds of attacks are possible.
Whether it is a Java script injection for example the BeEf framework, Evilgrade, Metasploit, these should all be a lot more effective with the work that you have done.

For now I just want to inject a simple invisible iframe that redirects traffic to the metasploit server. Have not been able to do that with ettercap.

For the SMB example (start_smbchall.py) to make it easier for others use, you might want to have a place to declare the network interface so that other interfaces can be used:

iface =”wlan0″

iptbl_enable = “iptables -t nat -A PREROUTING -i %s -p tcp –dport 80 -j REDIRECT –to-port 8080″ % (iface)

ettr_start = “%s -T -o -i %s -M arp /%s/ /%s/” % (etter_loc,iface,target1,target2)

Thank you for your excellent work!

By: supernothing

supernothing — Thu, 23 Dec 2010 15:20:45 +0000

@james,

Thanks for letting me know about this! Not sure what I did exactly, but at some point a slightly older copy got uploaded. Should have been doing “from twisted.web import proxy” rather than “import proxy”, as I fixed the portions where I needed to override the proxy class. Let me know if the new source works for you, just use the same link to grab it.

I haven’t really updated Sergio Proxy though since this post sadly, didn’t have as much time over the summer as I had hoped. I will be getting back around to it at some point though, it was a fun project. If you do anything cool with it, let me know!

By: james

james — Thu, 23 Dec 2010 15:08:02 +0000

Interesting tool, did you ever update this.

I get the following error when I run this:

root@ubuntu:~/Downloads/sergio_proxy# python start_smbchall.py
Imported Request Functions:
Imported Reply Functions:
Traceback (most recent call last):
File “start_smbchall.py”, line 21, in
from sergio_proxy import transparent_proxy
File “/root/Downloads/sergio_proxy/sergio_proxy/transparent_proxy.py”, line 18, in
import proxy
File “/root/Downloads/sergio_proxy/sergio_proxy/proxy.py”, line 35, in
class TransparentProxyClient(proxy.ProxyClient):
AttributeError: ‘module’ object has no attribute ‘ProxyClient’
root@ubuntu:~/Downloads/sergio_proxy#

Ubuntu 10.10