JavaScript injection is a powerful technique attackers use to manipulate web pages dynamically as they load in a browser. By intercepting data in a Man-in-the-Middle (MITM) attack, we can inject custom scripts to display alerts, steal data, or modify the content of the page. This blog will demonstrate how to inject a simple JavaScript alert script into web pages using BetterCAP, laying the groundwork for more advanced exploitation techniques.
For a visual walkthrough of the concepts covered in this article, check out my YouTube Video:
What You’ll Learn
- Basics of JavaScript injection.
- Configuring BetterCAP for web manipulation.
- Writing and injecting custom JavaScript scripts.
- A live demo using a basic alert popup.
Step 1: Writing the JavaScript Payload
We’ll start by creating a simple JavaScript file that triggers an alert in the target’s browser.
- Open a text editor on your Kali Linux machine.
- Write the following JavaScript code:
alert("JavaScript test");
- Save the file as alert.js in your root directory.
Step 2: Configuring BetterCAP for JavaScript Injection
To inject this script into the target’s browser, we’ll modify the HSTS hijack plugin in BetterCAP.
1.Locate the plugin file:
/usr/share/bettercap/caplets/hsts-hijack.cap
- Edit the file and add your custom script to the payload section:
* : /root/alert.js
This configuration ensures that alert.js is injected into every web page the target loads.
Step 3: Launching BetterCAP
Run BetterCAP with ARP spoofing to intercept traffic between the target and the network.
1.Start BetterCAP with the following command:
sudo bettercap -iface eth0
- Launch the HSTS hijack plugin:
caplets.load hsts-hijack
- The plugin will now inject your JavaScript file into the target’s browser.
Step 4: Testing the Injection
Ask the target to load any webpage. Once the page loads, they’ll see a popup saying “JavaScript test.”
This simple example demonstrates how JavaScript injection works and serves as a foundation for more complex attacks.
Next Steps: Advanced Exploitation
With the basics in place, you can explore advanced JavaScript injections:
- Stealing form data.
- Modifying webpage content dynamically.
- Hooking the target’s browser to frameworks like BeEF.
Conclusion
JavaScript injection is a critical tool in the ethical hacker’s arsenal, helping security professionals understand vulnerabilities in web applications. Tools like BetterCAP make it easy to demonstrate these techniques in a controlled environment.
Stay tuned for more advanced tutorials on browser manipulation and web exploitation techniques.
Connect with Us!
Stay connected with us for the latest updates, tutorials, and exclusive content:
WhatsApp:-https://www.whatsapp.com/channel/0029VaeX6b73GJOuCyYRik0i
Facebook:-https://www.facebook.com/S3CloudHub
Youtube:-https://www.youtube.com/@s3cloudhub
Free Udemy Course:-https://github.com/S3CloudHubRepo/Udemy-Free-Courses-coupon/blob/main/README.md
Connect with us today and enhance your learning journey!
Top comments (0)