I had the pleasure of attending Dave Kennedy (@HackingDave) presentation “The dirty south – Getting Justified with Technology” at Defcon 21
Dave showed a cool python script he wrote that uses Facebook as MiTM for commanding your shell in cases where an organisation is using sites whitelisting technology, Daves script posts commands and receives output via Facebook and its notification system.
I decided to use the same concept and created “PyHTTP Shell”, the idea is pretty much the same, using a server you control as MiTM or Server in the middle.
PyHttpShell is a proof of concept and has very simple and basic features, it was written in Python 2.7 and php.
- Transport over HTTP/HTTPS.
- Supports System Proxy Settings.
- Multiple Hosts/Connections.
- Download files to client machine.
- Change Sleep time remotely.
- Works on Win/MAC/Linux
PyHttpShell can be downloaded from source forge:
If you find this tool useful crypto currency donations are welcome: