HPI Opener (Http Injector for PC) — Infotech Maestro


Saturday, October 22

HPI Opener (Http Injector for PC)

Full tutorial on How to Open Locked HPI Config in Http Injector for PC

Tools Needed:
  • RawCap.exe
  • (optional) notepad ++
  • HPI File
  • Target config
  • Administrator access
  • First open RawCap and HPI

in raw cap we need to choose an interface. That is the adapter where you are connected. To make it easier, find the IPv4 of your modem or wifi. In my case Ok if you still don't know, go to control panel> network and sharing under "view your active networks"> "connections" double click on the Wireless network if you have WiFi then, click details, here you can see the IPv4 take note of that.

Let's go back

type and enter the number that corresponds to your connection in my case 3

Example 1
HPI Opener

Then type and enter [whatever] .pcap. For the sake of this tutorial I used example.pcap

Go to your HPI make sure to check the tunnel and log.
Go to Bitvise / Plink log tab to see your target's ssh IP. You can use this to easily find the payload later.
then Click start .. take note of the IP, better copy it ...
Next Just wait to connect or make an error ...

If you connect (it will happen if it has not expired), surf surf first. Check how many packets have been captured in RawCap i recommend more than a thousand before stopping.

If you do not connect, just stop-start until the packets in RawCap increase.

If Ok. Go back to RawCap and press CTRL + C.
Head over to the location of your RawCap (e.g. Desktop) and find the [whatever] .pcap file and open it using a text editor (I'll be using notepad ++)
Hit CTRL + F and paste the IP we copied earlier then hit enter.
Find yourself pretty clear. Here is the result of my example


HPI Opener

Next step is to translate it ..
If you already know about payload you can skip because you already know the next ones.

In the example it can be seen that the request method is CONNECT and the injection is normal. you can also see that there is X-Online-Host, X-Forward-Host, User-Agent, and Keep-Alive who matched there in the first picture.

This means using the generator request: connect injection: normal and check X-Online-Host, X-Forward-Host, User-Agent, and Keep-Alive. And of course we copy and paste the host (for example pagead2.googlesyndication.com).

Tip: 1enter = 1 [crlf]
Connect xxx.xxx.xxx.xxx:xxx HTTP / 1.1 = CONNECT [host_port] [protocol]
CONNECT xxx.xxx.xxx.xxx:xxx HTTP / 1.1
Host: pogiako.com
X-Online-Host: pogiako.com

CONNECT xxx.xxx.xxx.xxx:xxx HTTP / 1.1

equivalent to...

CONNECT [host_port] [protocol] [crlf] Host: pogiako.com [crlf] X-Online-Host: pogiako.com [crlf] [crlf] CONNECT [host_port] [protocol]