Aims of MITM (confidentility + integrity)
Architectures of MITM - mitmproxy architectures

Section mitmproxy
- boot image
- user/PA197; root/PA197
- terminal (su) + Firefox
- Firefox proxy config: localhost:8080 for all protocols
- open zriha.cz (should fail)
- run mitmproxy
- retry zriha.cz
- in mitmproxy browse the queries (up, down, enter, q + tab, up, down)
- open http://www.fi.muni.cz/~zriha/form/
- fill the form and submit
- browse the command/response
- go back; test age of 200
- set modify filter in mitmproxy: i -> ~q
- resubmit form with age small
- see the request: enter, e, form, 20->200, q, a
- see the response in firefox
- cancle the modify filter in mitmproxy (i)
- visit mitm.it in forefox (and trust for web)
- reopen form: https://www.fi.muni.cz/~zriha/form/
- view certificate in firefox
- view certificate in mitmproxy
- set modify filter again
- modify the query again
- see the modified data in firefox
- autoreplace: mitmproxy --replace /~q/age=33/age=333
- test with age 30 and age 33
- quit mitmproxy

Section tinyproxy:
- view /etc/tinyproxy/tinyproxy.conf (port is 8888)
- configure firefox (localhost:8888)
- run tinyproxy: systemctl start tinyproxy.service
- run tail -f /var/log/tinyproxy/tinyproxy.log
- visit zriha.cz in firefox (and see the log in tinyproxy)

- dnf download --source tinyproxy
- rpm -i tiny*.rpm
- cd ~/rpmbuild/SPECS
- rpmbuild -bc tinyproxy.spec
- yum install asciidoc
- rpmbuild -bc tinyproxy.spec
- cd /root/rpmbuild/BUILD/tinyproxy-1.8.3/src
- systemctl stop tinyproxy.service
- ./tinyproxy -d
- reload a webpage (it should work)
- ctrl+c
- vi reqs.c
- in function relay_connection() after last_access = time (NULL) add a new line:
  printf("Request: '%s'\n", connptr->request_line);
- make
- ./tinyproxy -d
- reload a webpage (should work and tinyproxy shows lines on screen)


ASSIGNMENT: modify the tinyproxy (do not use filters or other such funtionality - directly modify the source code)
so that for page http://www.fi.muni.cz/~zriha/, before the standard content the string "INJECTED!" is output.



Ettercap - RUN ONLY IN DEDICATED NETWORK
1) ettercap -G
2) Options/Set netmask/255.255.255.0
3) Sniff/Unified sniffing/NETWORK_INTERFACE
4) Start/sniffing
5) Hosts/host list + Hosts/Scan for hosts
6) View Connections
   - double click connection -> connection data
   - putty to 10.0.0.200 & Kill connection
7) View/profiles
8) Host List - 10.0.0.200 -> Add to target 1, 10.0.0.3 (or another victim) -> Add to target 2
9) Run "arp -a" on the victime
10) MITMp/arp poisoning
11) Run "arp -a" on the victime
12) MITm/stop MITM
13) Run "arp -a" on the victime
14) MITMP/arp poisoning
15) On victim run: ftp 10.0.0.1 -> login (ftp) -> pwd (email)
16) In ettercap: connection data visible
17) Filters/ Load a filter (share/etter.filter.ftp.co)
18) On victim run: ftp 10.0.0.1 -> login (ftp) -> pwd (email)
19) On victim see banner changed to CRoCS_FTPd

Filter:
if (tcp.src == 21 &&search(DATA.data, "vsFTPd")) {
   replace("vsFTPd", "CRoCS_FTPd");
}

and run etterfiler to compile the filter