diff --git a/README.md b/README.md index 8102cce..29d006f 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -MITMf V0.7 +MITMf V0.8 ========== Framework for Man-In-The-Middle attacks @@ -12,6 +12,7 @@ Availible plugins: - BeEFAutorun - Autoruns BeEF modules based on clients OS or browser type - AppCachePoison - Perform app cache poison attacks - AirPwn - Monitor traffic on an 802.11 network and respond with arbitrary content as configured +- SessionHijacking - Performs sessions hijacking attacks, and stores cookies in a firefox profile - BrowserProfiler - Attempts to enumerate all browser plugins of connected clients - CacheKill - Kills page caching by modifying headers - FilePwn - Backdoor executables being sent over http using bdfactory @@ -28,6 +29,8 @@ So far the most significant changes have been: - Addition of the AirPwn plugin (Python port of the original project), which also supports the DNSpwn attack +- Addition of the SessionHijacking plugin, which uses code from FireLamb (https://github.com/sensepost/mana/tree/master/firelamb) to store cookies in a Firefox profile + - Spoof plugin now supports ICMP, ARP and DHCP spoofing along with DNS tampering (DNS tampering code was stolen from https://github.com/DanMcInerney/dnsspoof/) diff --git a/mitmf.py b/mitmf.py index a41e0b0..b9d844e 100755 --- a/mitmf.py +++ b/mitmf.py @@ -13,7 +13,7 @@ import argparse from plugins import * plugin_classes = plugin.Plugin.__subclasses__() -mitmf_version = "0.7" +mitmf_version = "0.8" sslstrip_version = "0.9" sergio_version = "0.2.1" diff --git a/plugins/SessionHijacker.py b/plugins/SessionHijacker.py index 90ce103..81095c3 100644 --- a/plugins/SessionHijacker.py +++ b/plugins/SessionHijacker.py @@ -1,8 +1,6 @@ -#Almost all of the Firefox related code was stolen from Glenn's Firelamb. -#glenn@sensepost.com - +#Almost all of the Firefox related code was stolen from Firelamb https://github.com/sensepost/mana/tree/master/firelamb + from plugins.plugin import Plugin -from sslstrip.URLMonitor import URLMonitor from libs.publicsuffix import PublicSuffixList from urlparse import urlparse import os @@ -10,7 +8,7 @@ import sys import time import logging import sqlite3 -import threading +#import threading class SessionHijacker(Plugin): name = "Session Hijacker" @@ -22,8 +20,6 @@ class SessionHijacker(Plugin): def initialize(self, options): '''Called if plugin is enabled, passed the options namespace''' self.options = options - self.log_clients = options.clients - self.urlMonitor = URLMonitor.getInstance() self.psl = PublicSuffixList() self.firefox = options.firefox self.save_dir = "./logs" @@ -122,3 +118,6 @@ class SessionHijacker(Plugin): def add_options(self, options): options.add_argument('--firefox', dest='firefox', action='store_true', default=False, help='Create a firefox profile with captured cookies') + + def finish(self): + print "[*] To load a session run: 'firefox -profile logs/'" \ No newline at end of file diff --git a/sslstrip/ServerConnection.py b/sslstrip/ServerConnection.py index 1210c92..cdef64b 100644 --- a/sslstrip/ServerConnection.py +++ b/sslstrip/ServerConnection.py @@ -54,7 +54,7 @@ class ServerConnection(HTTPClient): def sendRequest(self): if self.command == 'GET': - logging.info("%s Sending Request: %s %s" % (self.client.getClientIP(), self.command, self.headers['host'])) + logging.info("%s Sending Request: %s" % (self.client.getClientIP(), self.headers['host'])) self.plugins.hook() self.sendCommand(self.command, self.uri)