New Test T1659 (Content Injection Using MITM Proxy)#3305
Open
wai-lo-401 wants to merge 12 commits intoredcanaryco:masterfrom
Open
New Test T1659 (Content Injection Using MITM Proxy)#3305wai-lo-401 wants to merge 12 commits intoredcanaryco:masterfrom
wai-lo-401 wants to merge 12 commits intoredcanaryco:masterfrom
Conversation
Add content injection simulations for Windows, Linux, and macOS. These tests simulate an adversary-style modification of a local HTML file by injecting a malicious script tag designed to redirect the user. This models the post-injection artifacts and file modifications defenders look for when identifying T1659. - Windows: Uses PowerShell and validates via Microsoft Edge. - Linux: Uses sed and validates via xdg-open. - macOS: Uses sed and validates via Safari. All tests include automated cleanup commands to remove temporary artifacts and terminate spawned browser processes.
Need to change another file
I want to add another test file using mitmproxy
Added tests for content injection technique T1659, including proxy setup and validation for both macOS/Linux and Windows platforms.
Contributor
Author
|
Sir @cyberbuff any update or suggestion about this test. I did exactly what you told me on previous PR. I updated the script. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Following guidance from Sir @cyberbuff , I updated the attack technique using mitmproxy to properly align with T1659 (Content Injection). The revised test now supports and works across all major platforms.
Reference
https://attack.mitre.org/techniques/T1659/
Windows
Linux
MacOS
