Capture generated with a transparent mitmproxy
RobotHash
- Infected host: 192.168.1.112
- Default GW: 192.168.1.2started win2
infected
Clicked on the Finish button
I think it had some issues with the mitmproxy, maybe some of the connections were not SSL?
Some of the packets were like this: 1970/01/01 01:02:05.190926,1.811655,tcp,192.168.1.112,49201, ->,76.72.165.63,80,FSRPA_FSPA,0,0,15,1267,575,s[185]=HTTP/1.1 005..VERSION: 4.0..PLATFORM: 10..IPADDRESS: 192.168.1.112....HTTP/1.1 051..VER: 7.1.0.0..OBJ: 1..FUNC: 1..NAME: WIN1..ACC: dgardonio@mail.com..SRV: 76.72.165.63..PRODUCT: 0....,d[224]=HTTP/1.1 005..VERSION: 4.0..PLATFORM: 9..IPADDRESS: 76.72.165.63....HTTP/1.1 052..SERVER_NUM: 0..PROXY_IP: 76.72.165.119..PORT: 443..NEXTTIME: 12....HTTP/1.1 003..ERRORLOCATION: TacsCustomProtocol.ReceiveAndProcessData:1....,,s[185]=HTTP/1.1 005..VERSION: 4.0..PLATFORM: 10..IPADDRESS: 192.168.1.112....HTTP/1.1 051..VER: 7.1.0.0..OBJ: 1..FUNC: 1..NAME: WIN1..ACC: dgardonio@mail.com..SRV: 76.72.165.63..PRODUCT: 0....,d[224]=HTTP/1.1 005..VERSION: 4.0..PLATFORM: 9..IPADDRESS: 76.72.165.63....HTTP/1.1 052..SERVER_NUM: 0..PROXY_IP: 76.72.165.119..PORT: 443..NEXTTIME: 12....HTTP/1.1 003..ERRORLOCATION: TacsCustomProtocol.ReceiveAndProcessDa
power off