If you want to display an alert box saying “zANTI Test”, just turn on the “Insert HTML” module. It enables you to insert specified HTML codes into web pages. Then tap on “Select File” to select a file:Īfter selecting the file, tap on the settings button again and then turn on “Intrecept Download”. In order to intercept and replace victim’s downloaded files, you have to tap on the settings icon. Intercept Download allows you to replace a downloaded file with a specified file. For example, if you want to capture pdf files, you have to tap on the settings icon and then select the. It allows you to intercept and download all specified files to the SD card. Now, the users will see the selected image everywhere on the web! In order to replace images, first, tap on the settings icon and then tap on “Select Image”:Īfter selecting an image from your device, tap on the settings icon (see the image below): It enables you to replace website images (victim’s web browser) with your own image. But if you want to forward all the traffic to a particular site, tap on the settings icon, you will see an area to enter a URL, Enter a URL in the field and then again tap on the settings icon. For example, If you turn on the “Redirect HTTP”, it will redirect all HTTP traffic to Zimperium servers (default configuration). It allows you to redirect all HTTP traffic to a site or server. Note: Websites using HSTS (HTTP Strict Transport Security) are immune to SSL Strip attacks. SSL Strip is a type of Man In the Middle Attack that forces victim’s browser into using HTTP instead of HTTPS (SSL Strip is turned on by default). After the edit, you can tap on “Send” button (3). If you want to edit a particular request or response, swipe it to the right (2). You will see the live requests and responses there (1). It is basically an interactive mode that can allow you to edit and send each request and response.įirst, tap on “zPacketEditor” and then turn on the module. It allows you to modify HTTP requests and responses on your network. This includes all images requested by the users (see the image below). It will open up the victim’s session on your device.Use the second “View” (Logged Images) to see all the images that are transmitted on your network. If you want to hijack an HTTP session, just tap on a session. You can tap on any logged activity to get more details (sessions, passwords, requests and user agents): It may contain passwords and other sensitive information (See the image below). If you got a user on your network, tap on the first (Logged Requests) “View” to see all the HTTP requests made by the user(s) on your network. Once you got at least one user on your network, you can start playing with the traffic!ģ. Turn on “Tether Control” and then allow users to connect to your network. Note: Before using ZTether, you must turn off the WiFi on your device.ġ. It allows you to create a WiFi hotspot and control your network traffic. If you want to use a custom MAC address, turn off “Generate Random” and then type the MAC address you want. Wait for few seconds, you will get a new MAC address! Use the navigation key (or swipe from the left). Mac changer allows you to change your WiFi Media Access Control (MAC) Address.ġ. Now, let’s talk about the program modules…… Tap on “Skip” and then enable Zanti(simply check the “I am fully authorized to perform penetration testings on the network” box):Ħ. Wait for some seconds, it will display a screen as shown below:ĥ. If you want to join zNetwork, tap on “Enable”, otherwise tap on “Skip”. Enter your email address and then check the “I accept Zimperium’s EULA” box. Install it on your device, open the application, then grant the root access. Note: before you install this app your device must be rootedĢ. Today I’m going to give you a step by step guide on How to use ZantiĬheck a device for shellshock and SSL poodle vulnerability. In short, this android toolkit is a perfect companion of hackers. With the help of Zanti, you will be able to perform various types of operations such as MITM attacks, MAC address spoofing, scanning, password auditing, vulnerability checks and much more. Basically, it allows you to simulate malicious attacks on a network. Zanti is a penetration testing toolkit developed by Zimperium Mobile Security for cyber security professionals.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |