Hpi is the extension file type of the user saved configuration created inside HTTP injector (PC). Basically a user's own configuration can be saved and shared to other users without exposing the settings such as username, password, Host server, port, squid proxy and most importantly the payload itself. You can load this hpi configuration to your HTTP Injector by importing it. To know more about payload, you can refer to the the previous post. Today I will share to you how to create and lock your configuration so that you can share it to others. And later on I will also give you simple trick on how to sniff or unlock the hidden payload on every hpi configuration. So better stay tune.
Given that you have your own credentials for your HTTP Injector, the SSH and stuff, you need to input your info to its proper place.
1. Generate your payload and input your corresponding proxy and port.
2. Place your Host Server, Port, Username and password under SSH tab.
3. Now head over to main Inject tab and choose Export.
4. You will see additional parameters on the box just put an x mark according to your choice. You may also want to put some notes on the larger box you want your users to see.
5. Hit the little round check button to save and name your hpi config.
6. Save your config anywhere you want.
How to unlock HPI configuration.
Many are asking how to unlock hpi configuration from other users. Basically there are few ways how to unlock it but what I am going to share to you now is the simplest and easiest one. However there is a limitation in this process. We can only retrieve the payload, headers and the host server. Before doing the steps below make sure that you seek permission first from the owner of the config.
File to download: RawCap.exe
1. First is to import the hpi config you want to unlock to your injector.
As you can see on this example, the config is locked by the owner.
2. Now the next step is to run RawCap.exe and a new black screen window will show up. It will give you details on connection present on your NIC card. Select the correct number corresponding to which connection your pc connected into. In my case it's number 7.
3. Aftewards, you need to key in any file name you want your RawCap to generate, you will then edit this later. In my case I renamed it sannyboyunlocked. Now press Enter on your key board. Watch out for the packet counts. Make sure you will start your injector if the count reach atleast 20.
4. Once the the packet count exceeds 100 you may now save the file by pressing CTRL Key + C on your keyboard.
5. Head over to the file folder where the pcap file is saved. It can be found on the same folder where you saved your RawCap.exe. Then highlight the file then right click on it then rename the file and change its' extension to .txt.
Now the payload, headers, Host server and port are exposed.
That's all and please watch out for the next post.
Lupit mo boss haha
ReplyDeletehehe para wla nang itatago pa.
Deletenice boss. sa ibang forum bawal ito eh haha
ReplyDeleteFor personal use lng po. hehe
ReplyDeleteboss pahingi payload ng sun tu/ctc promos
ReplyDeletehey ,can not download rawcap.exe ,as i look it expired
ReplyDeleteso ,give new link