StackZero
  • Homepage
  • Cryptography and Privacy
  • Ethical Hacking
  • Reverse Engineering
  • About
  • Contact
No Result
View All Result
StackZero
No Result
View All Result

Python Mitmproxy: Unmasking the Fake Wealth of Financial Gurus

May 30, 2023
in Ethical Hacking
0 0
Python Mitmproxy: Unmasking the Fake Wealth of Financial Gurus
0
SHARES
264
VIEWS
Share on FacebookShare on Twitter

Navigating the internet can be full of surprises. We find amazing discoveries and clever scams. One trick involves a Python tool called mitmproxy. Some online “financial gurus” use it. They want to make it look like they have lots of money in their bank account.

We’re not just here to point out this trick. We want to study it. We want to understand how this online scam works. It’s important to be careful on the internet. We need to know how it works to stay safe.

The Python script we’re looking at is sneaky. It makes a fake bank balance look real. Even when you refresh the page, the fake balance stays the same. But remember, this is just one trick.

We’ll take our time to understand this. We’ll break it down into simple steps. Everyone should be able to understand how this scam works. The more we know, the safer we can be on the internet.

Let’s start our journey. Let’s introduce mitmproxy Python library.

Table of Contents

  • Setting the Stage: Your First Steps into the Cyber Lab with Mitmproxy for Python
    • How to install an SSL certificate for Mitmproxy
  • Behind the Scenes with Proxy Servers
    • Mitmproxy with Python practical example
  • Unmasking the Digital Illusion
  • Closing the Curtain: Demystifying the Web with StackZero

Setting the Stage: Your First Steps into the Cyber Lab with Mitmproxy for Python

Ready to delve into this simple tutorial? Setting up a cyber lab to test our proxy is a piece of cake.

We kick off with Kali Linux, heaven for cybersecurity and pentesting lovers. So, start your Kali Linux machine and let’s plunge in.

Next, we’ll scoot over to the directory where we’ll save our files. This is where the magic comes to life. Fire up the terminal and let’s get to work:

git clone https://github.com/StackZeroSec/fake_bank_account_article.git

That simple command clones the repository into your chosen directory. Now, you’re free to tinker and test. Then, trot over to the “html” folder:

cd html

It’s time to launch the server with Python:

python -m http.server

Before looking at our results, we want to know our IP address, so type this command in your terminal:

ifconfig

In my case, this is the result (I highlighted the IP address)

get ip address with ifconfig

To confirm everything is humming along, open Firefox. Type http://192.168.1.124:8000 in the address bar and press enter.

And there it is!

python server without mitmproxy

We’re gaining momentum, aren’t we? But we’re not done.
Now, we set our sights on the target – the account balance. Right-click on it and hit “inspect”.

inspect the html code

Please take note of the class of our target. It’s “balance”. But hold on! Before we sprint ahead, let’s pause and set up the proxy in Firefox.

  • Head over to Firefox’s settings.
  • Hunt for “Proxy”.
  • Set the manual proxy configuration to “localhost” and the port to “8888”.
  • Don’t forget to tick the box for “Use this proxy server for all protocols”.
firefox proxy configuration

We’ve gathered all the info needed for our trick. But patience, we’ll unfold the next steps in the upcoming paragraphs.

How to install an SSL certificate for Mitmproxy

We want to do things properly as they do. This includes creating an SSL certificate. To make this easier, I’ve put one in my repository. But you can also get it yourself. Just go to “http://mitm.it/” on your browser once you activated the proxy.

The instructions on how to install it are on the website. You can see them in the screenshot.

mitmproxy certificates

But here is an alternative and painless way:

  • Visit the website.
  • Download the Mozilla certificate.
  • Move it into the same folder as the script.
  • When you run the script, include the certificate. Use this command: ‘–certs *=mitmproxy-ca-cert.pem’.

It’s that simple. Now you’re ready to start.

Behind the Scenes with Proxy Servers

Let’s take a peek at a vital yet unnoticed part of the networking world – the proxy server. This middleman skillfully handles traffic between your computer and the server hosting the website you’re browsing. But what if this quiet mediator starts stirring the pot?

A self-proclaimed guru could craftily use a Python script to set up a proxy server. This server doesn’t just pass on traffic but alters the content of web pages as they flow through it.

Mitmproxy Python, a versatile, interactive proxy, enables users to intercept, scrutinize, modify, replay, and record HTTP and HTTPS traffic.

Mitmproxy with Python practical example

Here’s a snapshot of what the script could look like:

import mitmproxy.http
from mitmproxy.tools.main import mitmdump

def response(flow: mitmproxy.http.HTTPFlow):
    
    if '<span class="balance">$1.00</span>' in flow.response.text:
        flow.response.text = flow.response.text.replace('<span class="balance">$1.00</span>', '<span class="balance">$10,000,000.00</span>')
        print('Replacement made!')


if __name__ == "__main__":
    mitmdump(['-s', __file__, '-p', '8888', '--certs', '*=mitmproxy-ca-cert.pem'])

When an HTTP response navigates through the proxy, the response function gets into action. It scans for the text ‘<span class=”balance”>’ in the HTTP response. If this text is present, the function takes action, switching the balance to a whopping ‘10,000,000’. Here, Python’s built-in replace function comes into play. We know exactly what we’re going to replace, so we can use this “weak” approach.
However, in real life would be better to rely on regular expressions.

Next on the agenda is calling mitmdump with the -s option. This propels Mitmproxy into script mode. We pass along the name of the current script file (__file__) as the script to be executed.
So, the Python script essentially “activates itself” under Mitmproxy’s wing.

Take note that this script requires Mitmproxy to be installed and correctly configured on your system. You can do this with a quick command:

pip install mitmproxy

Now, about the “–certs” part. This is a command-line option that specifies the location and name of the SSL certificate file used by the proxy. In our case, ‘=mitmproxy-ca-cert.pem’ means that we’re using a custom SSL certificate file named ‘mitmproxy-ca-cert.pem’ for all hosts (‘‘ is a wildcard that stands for all hosts).
This certificate file is necessary for the proxy to decrypt and inspect HTTPS traffic. So, the “–certs” option tells Mitmproxy to use this particular certificate for all SSL communications passing through it.

Just for simplicity, as I previously said, I attached the required file to the GitHub repository in the “proxy” folder.

Unmasking the Digital Illusion

And now we can see that the final result of our Python script with mitmproxy is exactly what we expected!

mitmproxy python server result

This handy tool can be used by online “financial gurus” to exaggerate their wealth and make them seem more successful than they indeed are.

What we’re diving into isn’t merely a trick. It’s an in-depth study of how this digital deception operates. This is a wake-up call for everyone to exercise caution, for the online world is a complex labyrinth where appearances can be deceiving.

This unique Python script catches our attention. It’s engineered to fake a bank balance convincingly. Refreshing the page doesn’t bring the truth to light but reinforces the illusion, making the inflated balance seem real.

Obviously, this is just a rare usage of the proxy server, but we proved how can be used creatively to trick ingenuous viewers.

Closing the Curtain: Demystifying the Web with StackZero

As we draw the curtains on our exploration of Python-scripted proxy servers, we hope you’ve found this journey as intriguing as we did. This vast digital landscape is full of wonder and mystery, with every corner holding a surprise waiting to be discovered and understood. As we navigate this vast expanse, it’s essential to be armed with the right knowledge and skills, which is where StackZero comes in.

At StackZero.net, our mission is to demystify the digital realm, revealing its inner workings one piece at a time. We are passionate about technology, keen on unravelling the intricacies of the web, and excited to share our findings with curious minds like yours. This adventure is far from over – it’s just the beginning of our exploration into the depths of the internet.

Follow our blog for more fascinating insights into the technological tricks that shape our online experiences. We’ll be diving into a variety of topics, exploring the complexities of coding, network infrastructure, security practices, and much more. As we learn together, we hope to inspire you and stir your curiosity, make you question, explore, and most importantly, understand.

Don’t forget to join us on our social media platforms as well. Be a part of our community, interact with like-minded technology enthusiasts, and let’s unravel the mysteries of the digital world together.

Remember, in the internet world, things are not always as they seem. Keep your eyes open, keep questioning, keep learning, and always stay curious. See you on the next adventure!

Tags: ethical hackingethical-hackingproxypythonscamsocial engineeringtrick
Previous Post

Master the Art of Linux Firewall: Practical Guide to Iptables

Next Post

PicoCTF: Crack ‘GDB Test Drive’ Challenge In Practice

Next Post
PicoCTF: Crack ‘GDB Test Drive’ Challenge In Practice

PicoCTF: Crack 'GDB Test Drive' Challenge In Practice

You might also like

GDB Baby Step 4: Decoding Multiplication in Assembly with GDB

GDB Baby Step 4: Decoding Multiplication in Assembly with GDB

July 10, 2023
GDB Baby Step 3: Unraveling Debugging Secrets

GDB Baby Step 3: Unraveling Debugging Secrets

July 6, 2023
Unravelling PicoCTF: The GDB Baby Step 2 Challenge

Unravelling PicoCTF: The GDB Baby Step 2 Challenge

July 5, 2023
Cracking PicoCTF Challenge: GDB Baby Step 1

Cracking PicoCTF Challenge: GDB Baby Step 1

June 28, 2023
How To Crack PicoCTF ASCII FTW With Ghidra

How To Crack PicoCTF ASCII FTW With Ghidra

June 27, 2023
Cracking PicoCTF: ‘Hurry Up! Wait!’ With Ghidra

Cracking PicoCTF: ‘Hurry Up! Wait!’ With Ghidra

June 22, 2023

StackZero

StackZero is a technical coding blog that focuses on cybersecurity. It mainly offers articles and tutorials that teach readers how to write security tools.
The blog covers a wide range of topics, from the basics of cryptography to the more advanced topics of exploitation and reverse engineering.

Tags

application security assembler blind sqli blind sql injection bruteforce c cesar cipher command injection cryptography ctf cybersecurity debugging dom-based xss dvwa ethical-hacking ethical hacking exploitation file inclusion gdb hacking javascript malware malware analysis network-security pentesting lab picoctf pico ctf python reflected xss registry reverse engineering social engineering sql sqli sql injection stored xss substitution substitution cipher vulnerable application web application security web exploitation web security windows windows api xss
  • About Us
  • Contacts
  • HomePage
  • Privacy Policy
  • Terms and Conditions

No Result
View All Result
  • Homepage
  • Cryptography and Privacy
  • Ethical Hacking
  • Reverse Engineering
  • About
  • Contact

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In