tag:blogger.com,1999:blog-17448770.post8067885762753486359..comments2022-12-03T23:14:06.963-05:00Comments on Andre' M. DiMino -SemperSecurus: Decoding malware SSL using Burp proxyAndre M. DiMinohttp://www.blogger.com/profile/18006963212207189042noreply@blogger.comBlogger3125tag:blogger.com,1999:blog-17448770.post-80157949275293119962011-12-13T23:40:54.143-05:002011-12-13T23:40:54.143-05:00And what do you do when the malware starts using c...And what do you do when the malware starts using convergence http://convergence.io/ and shuts down when it detects a mitm certificate... Then again that may be a good thing and easy way to kill C&CAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-17448770.post-41817789932396567482011-12-12T11:47:42.653-05:002011-12-12T11:47:42.653-05:00Great writeup - thanks! I would only suggest that...Great writeup - thanks! I would only suggest that you run the VM in NAT mode, and alter the iptables rules to reflect brokerage between the host's vmnet8 (I assume) and eth0. Yes, the function would be identical, but you'd be better able to control and even isolate/block the malware's traffic in this manner. The logical separation of the networks also lends itself to clearer documentation.<br />Awesome methodology - I have a few ideas in mind on how to use this for something I'm working on now.Phil Hagenhttps://www.blogger.com/profile/15302527170410642745noreply@blogger.comtag:blogger.com,1999:blog-17448770.post-76449023487254456612011-12-12T11:28:02.441-05:002011-12-12T11:28:02.441-05:00Great post!
Note that you can also do it with thi...Great post!<br /><br />Note that you can also do it with this rule:<br />sudo iptables -t nat -A PREROUTING -m multiport -p tcp --dports 80,443 -j REDIRECT --to-ports 8080Yomhttps://www.blogger.com/profile/07151097933917606616noreply@blogger.com