Jump to content

PhCyber Tunnel Available!

Get it on Playstore
Download Now!

Ad Placement For Rent

Ad Space For Rent. Get Your Product up here and let our users see them first when they visit our Forum. We have thousands of page views everyday!
More Info
Info
  • Welcome to PhCyber
  • Explore and Enjoy Browsing!
  • Lots of useful topics
  • Stay active and receive prizes
SENKU

Sinaunang Guide Repost! How To Generate Http Injector Payload Based On Host's Response Header

Recommended Posts

Notes:
Host URL used in this example is google based.
SIM used: TM (no regular load and promo)
APN used: Default

 

First:
Look for a host for your payload.
Example: m.google.com
or you can look for a more unique host.
How?
Use a reverse IP look up tool.
Here is an example of a website which has a reverse ip tool:

For Members Only. Register here https://phcyber.com/register


Just query your favorite website/host, then it will show you all websites hosted by the same domain. Then choose ONE.

Second:
Look for a working Remote Proxy.
How?
Search it on google, it's free.
Ex. 
For Members Only. Register here https://phcyber.com/register

*You can also use a Squid proxy from your favorite SSH hosting website.
*Always check your proxy status for better connection.
How?
Search "proxy checker" on google, it's free.
Ex. 
For Members Only. Register here https://phcyber.com/register

Quote

For First and Second: Not all host can recieve and give the same response to a single proxy and not all proxy can request and recieve the same response from a single host.So keep hunting the best match.

 

Third:
Let's use the Host Checker from the HTTP Injector itself, to know what response header that your host will return to your proxy.
Screenshot:

Quote

For Members Only. Register here https://phcyber.com/register
12.jpg.3f410e3409006351c4bf6a3f76327fe8.jpg

 

 

As shown above, the host reponded status 301 Moved Permanently with GET request method. So if you use the GET request in generating your payload, you will get the same response. Now, you have an idea what to avoid.
This status may give you trouble connecting.
Also notice the Connection status, "Keep-alive".
I personally choose host with "Connection: keep-alive" in its header, because it means that,when the host recieved a request and granted a connection, it will keep the gateway open until the client will close it.

Status 301 Move Permanently means, the host either redirect you to its main domain or your local ip/remote proxy is blacklisted/blocked from accessing the host.
So we need to set our payload correctly.
How do we know?
We MUST AVOID seeing the "Status 301" or any other status aside from Status 200, in our log. So keep on trying until the Status 301 is eliminated.

*You can also try different request aside from GET in Host Checker, you might run into a status 200 response. That way, you will have an idea what request to use and avoid.4

Fourth:
Set your payload.

Screenshot:
Setting that returned status 301 (Wrong method)

Quote

For Members Only. Register here https://phcyber.com/register
For Members Only. Register here https://phcyber.com/register

 

 

 

The log shows a successful connection because the HTTP injector, resend another request, a correct request for status 200.

What does it mean? It means that your settings is wrong.
You might say that it doesnt matter as long as it is connected. But NO, based on my experience, my config that has a different status aside from Status 200, did not work on others and has disconnection issues.
Also, it does not mean that your settings is faster than Status 200, or you may think and feel that its cool. Then you're wrong. An error is always an error, and say thank you to http injector for correcting you.

Screenshot:
Setting that returned Status 200 at first response (Correct method)

Quote

For Members Only. Register here https://phcyber.com/register
For Members Only. Register here https://phcyber.com/register

 

So, here we have a status 200. As you can see I used the CONNECT request method. The most common and simple type of method. How did I know that I need to use this type of method to get a status 200 response.
If we go back to the Host Checker, the "content type" says "txt/html" and no more other content (cookies, complex caching method etc) status or header fields indicating a complex data are displayed. It means this host does not contain any complicated codes(php,flash,databases etc). So it is not neccessary to use GET or any method to request for a complicated response, a simple CONNECTion is enough for the host to establish a successful handshake.

If you are still getting an error after using all the request methods. Its tme for you to experiment with extra options.
Read below.

 

Quote

EDIT 1:
As a summary, to save you time, look for a good proxy then find an alive host that returns status 200. So you won't waste your time experimenting your payload string.

If you are wondering what to tick and not in the payload generator, well I myself with all honesty cannot translate it into human words.  Just think of it as add ons, it refers to the content of the header. It is like ordering a food in a restaurant,let's say you ordered a bowl of soup and you want an additional seasoning. You can tick anything as you want but the turning point is, if the header content says you're requesting too much. Then it will give an error response. To be safe, tick one at a time until you get a nice recipe. The only important part of your payload is the type of request, CONNECT, GET, POST, PUT, etc. Even if your request header doesnt have a it is still valid.

 

Quote

EDIT 2: Some terms that might help.

Front Query - mahirap ito e-explain. anyway, pag naka activate to ilalagay ng injector ang IP address at port ng SSH kasama sa Host URL mo.
Example:
www.google.com
magiging
[email protected]:123
So ano ang effect? Instead na www.google.com lng ang Host mo ay maging [email protected]:123
Pwede niyo itong gamitin sa pagexperiment dahil considered ito as a häçk, para linlangin ang ISP.

Back Query - kapareho lng ng front query pero baliktad.
Example:
www.google.com
magiging
123.456.789.0:[email protected]

*Ang pag-gamit ng front at back query ay the same proccess ng mga web proxy.
Ano ang web proxy? 
Ex. https://www.hidemyass.com/proxy
Sa web proxy, mabbrowse mo ang mga website na naka block sa country/school/office mo.
So same logic with front and back query. Sa Globe/TM/Smart/TnT/Sun etc, kahit connected ang mobile data mo, no browse ka kapag wala kang promo. So sa pag inject mo ng code sa HTTP request, maaring makapasok ka gamit ang dalawang query method na to. Take note, MAAARI lamang, hindi 100% success.

Rotate - Aactivate niyo to pag marami kayong gagamiting host.
Ex. www.host1.com;www.host2.com;www.host3.com
Ito yung ginagamit ng mga nakikita niyong post with multi-payload. Ang benefit neto ay makakapag retain ng reconnection incase na madisconnect ang isang host or nagreturn ng error status code at hindi kayang i-reconfigure ng injector.
Ex.
www.host1.com - status 400
Injector sent status 200 request - Failed
proproceed ang injector sa next host
www.host2.com - status 200
connection successful

So, ang term na multi-payload ay hindi ibig sabihin na magsesend sya ng request sa lahat ng host mo at the same time. Isa-isa lang po. Hindi ito nakaka-apekto sa speed, siguro a safer config lang, since ma-preprevent mo ang point of failure ng mga host and more flexibility sa proxy's side, kasi marami kang host, a bigger chances ng kahit magpapalit-palit ka ng proxy e my makukuha kang status 200. Ang pag switch to next host ay hindi nangyayari in one injection lang.
(inject host1faileddisconnectreconnectinject host2....and so on)

Front Inject - Unang ipapadala ang request header natin bago ang ssh,ip,rp at iba pa.

Back Inject - ipapadala muna ng injector ang ssh,ip,rp at iba pa bago ang request header

Online Host & Forward Host - option eto kung gusto mong ipapa-alam ky host kung ano ang ginagamit mung gateway (ito yung local ip, dns, remote proxy at iba pa). So ang effect, kung si host ay ina-allow ang gateway na gamit mo or hindi. Since each host has their own security. Just like how school and offices is blocking outside browsing. Ito yung mga X-Options-**** na makikita mo sa response header sa Host Checker

Reverse Proxy - gagamitin ng injector as proxy ang host mo. (server by server access). So ang proxy na marerecieve ni host ay yung sarili nyang IP, disregarding your RP/squid.

User Agent - Simple as kung gusto mo ipaalam ky host kung anong gamit mung platform pang access. Ex. chrome, firefox, IE, android platform at iba pa.

Keep Alive - option ito upang manghinge ng permission ky host na kung pwede ay gawing Keep-Alive ang connection, kahit na "close" ang status nya sa host checker.

Split (Instant and Delay) - injection option ito for an attack, kung baga häçker na häçker ang dating mo. Kapag nachambahan mung my bug or system issue ang Host na inaatake mo, magkakaroon ka ng kapangyarihan na diktahan ang Host kung anong gusto mong response. Ang ginagawa nito sa back end side ay nagpapadala sya ng dalawang HTTP body, request body at response body. So pag kumagat ang method mo, ma-o-override ang response header ng ginawa mung body, ito yung mga naka check sa extra sa payload generator mo at kahit na hindi naka allow ang request method (GET,PUT,POST etc), magbabato parin si header ng status 200 kapag successful ang attack. kaya kadalasan, nagkakaroon tayo ng error code dito dahil hindi basta basta ang security ng mga host.

Check this link for HTTP request method definition:

For Members Only. Register here https://phcyber.com/register


So far yan pa lang ang medyo naintndhan ko. Always do your own research. Hindi lang ito magagamit sa HTTP Injector kundi pati sa ibang VPN apps.

 

EDIT 3: Troubleshooting Tips


P: You're getting Status 200 but returned connection lost.
A: Change SSH port, 22/443
P: Still getting connection lost.
A: Change your remote proxy.

If the above troubleshooting did not work. Then it's time for you to work on your payload settings or you may change the host.

 

Personal experience is mas mabilis mag-inject ang status 200 na setting kesa sa ibang status.

Note: Kelangan mo ng internet connection pag gumamit ng host checker at sa paghahanap ng mga host at proxy.

 

Disclaimer:
This tutorial does not guarantee you a free working internet from any ISP. This only serves as a guideline for you to explore on how to make it free that comes with your effort. More power to the army! 

 

 

 


  • Like 5
  • Heart 2

Share this post


Link to post
Share on other sites

Guest
This topic is now closed to further replies.

×
×
  • Create New...