In order to see any points of vulnerabilities
for either offensive or defensive measures , you have to be able to
poke it , slice it ,dice it and be able to see its internals in your own
controlled environment. HTTrack is one of the tools that enables you to do so. It
enables you to mirror or copy the site of your request to your own
local computer , which enables you to experiment as you want it with it .The
good thing with it is that it also preserves the actual structure of
the whole website . Let me breakdown the whole usage of the tool.
Oh
,before that , If you are using any other distro other than Kali Linux ,
you will have to check whether the tool is installed in your computer
or not. From now onwards I will mention the command that installs the
tool (for Debian Linux) at the starting itself . For now , here is the
command :
sudo apt-get install httrackOther than the most obvious way to use it , it also has a wizard mode , which greatly simplifies the whole process.
Let me explain how to use the wizard first . The wizard can be invoked by just typing “httrack” without any options. Then
it will ask to enter a name for your project . Just name it anything ,
the name doesn’t really matter, but the name should be sensible in the
least. Then it will ask you to enter a base path. The websites
will be saved at this directory . If you want, make a new directory for
it and assign its path as base path. After that it will ask you enter the website URL .Just enter the URL
and press enter .Now you will get a menu with different option . The
option that we will be using is 2 . After selecting the option , the
tool will go to work and that’s it .
But if you want to
make use of advanced options like tunneling the whole process using a
proxy , the wizard wont do . Then you will have to tackle the command
line head on . The general format is :
httrack [url] [options]
There are numerous options that can be used to achieve various results , but the ones that’s important to us are listed
below.
O :-path for mirror/logfiles+cache (-O path_mirror[,path_cache_and_logfiles]) (–path )
P :-proxy use (-P proxy:port or -P user:pass@proxy:port) (–proxy )
W :-mirror web sites, semi-automatic (asks questions) (–mirror-wizard)
cN :-number of multiple connections (*c8) (–sockets[=N])
TN :-timeout, number of seconds after a non-responding link is shutdown (–timeout)
RN :-number of retries, in case of timeout or non-fatal errors (*R1) (–retries[=N])
%v :-display on screen filenames downloaded (in realtime) (–display)
Q :-no log – quiet mode (–do-not-log)
q :-no questions – quiet mode (–quiet)
z :-log – extra infos (–extra-log)
I * :-make an index (I0 don’t make) (–index)
%I :- make an searchable index for this mirror (* %I0 don’t make) (–search-index)
A
typical httrack command will be as given below . It just mirrors the
website ‘www.securethelock.com’ to /websites/secure directory and it
will also display the filenames being downloaded on the screen.
httrack www.securethelock.com -W -O “/websites/secure” -v% *
I hope you guys understood all that . Well , this tool will be essential in some of our comming scenes especially he one about phishing . Always remember ‘Practice makes perfect.’ , so practice , practice , practice . Also don’t be afraid to experiment on your own .
If you want any help, do comment down.
0 comments:
Post a Comment