Inspiration:
When one of our team members was very young, he got his family computer hacked by clicking on pop-up ads. Therefore, we wanted to prevent this problem by making an ad blocker which we would further develop to simulate other various attacks/security vulnerabilities.
What it does:
It allows the user to simulate three types of attacks: Content blocking (in the form of an ad blocker), Redirection Attack, and Email Scraping.
How we built it
We used an MITM approach (Man In The Middle). This means setting up a proxy between the client and the server where the client believes that the proxy is the server and vice versa. This allows us to reroute requests and responses to our own machines and process them via automated Python scripts before they reach their destination. From here, data can be stolen or modified to perform an attack.
Challenges we ran into
Problem: Originally we tried to modify the HTML in responses (coming from the server to the client) to delete elements with content that we wanted to be blocked (advertisements in our case). While this blocks some ads, most ad HTML is more robust in that the code is constantly refreshed, embedded deeply into JS, and is often written differently across various companies (such that a script would need to recognize the HTML/JS structure of an arbitrarily large amount of ads to be effective).
Solution: We found the more novel approach to be creating a blacklist of numerous URLs that are known to be advertisement sources and simply creating a custom server response with a 403 error when the client machine requests such URLs.
Accomplishments that we're proud of
We are proud of learning a new, unfamiliar field different than what we're used to. We are proud of learning it very quickly and implementing real-life applications using our understanding.
What we learned
How to read and parse/handle HTML and JSON for Python scripts How servers and clients interact Routing requests/responses through a proxy and manipulating them to create attacks Using packages for JSON and mitmproxy
What's next for Man In The Middle Hacker Client
We intend to make this into a vulnerability testing software. The UI needs improvement and we would like to make it an easy-to-install application such as a web extension.
Log in or sign up for Devpost to join the conversation.