added CHANGELOG.md, CONTRIBUTORS.md and modded README.md

2025-07-06 21:12:16 -07:00 · 2015-07-25 03:29:33 +02:00 · 2015-07-25 03:29:33 +02:00 · f4df9971f9
commit f4df9971f9
parent ba14ed8687
4 changed files with 78 additions and 61 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -0,0 +1,35 @@
 #Changes before v0.9.8
 - Added the SMBTrap plugin
 - Config file now updates on the fly!
 - SessionHijacker is replaced with Ferret-NG captures cookies and starts a proxy that will feed them to connected clients
 - JavaPwn plugin replaced with BrowserSniper now supports Java, Flash and browser exploits
 - Addition of the Screenshotter plugin, able to render screenshots of a client's browser at regular intervals
 - Addition of a fully functional SMB server using the [Impacket](https://github.com/CoreSecurity/impacket) library
 - Addition of [DNSChef](https://github.com/iphelix/dnschef), the framework is now a IPv4/IPv6 (TCP & UDP) DNS server! Supported queries are: 'A', 'AAAA', 'MX', 'PTR', 'NS', 'CNAME', 'TXT', 'SOA', 'NAPTR', 'SRV', 'DNSKEY' and 'RRSIG'
 - Integrated [Net-Creds](https://github.com/DanMcInerney/net-creds) currently supported protocols are: FTP, IRC, POP, IMAP, Telnet, SMTP, SNMP (community strings), NTLMv1/v2 (all supported protocols like HTTP, SMB, LDAP etc.) and Kerberos
 - Integrated [Responder](https://github.com/SpiderLabs/Responder) to poison LLMNR, NBT-NS and MDNS and act as a rogue WPAD server
 - Integrated [SSLstrip+](https://github.com/LeonardoNve/sslstrip2) by Leonardo Nve to partially bypass HSTS as demonstrated at BlackHat Asia 2014 
 - Spoof plugin can now exploit the 'ShellShock' bug when DHCP spoofing 
 - Spoof plugin now supports ICMP, ARP and DHCP spoofing
 - Usage of third party tools has been completely removed (e.g. Ettercap)
 - FilePwn plugin re-written to backdoor executables zip and tar files on the fly by using [the-backdoor-factory](https://github.com/secretsquirrel/the-backdoor-factory) and code from [BDFProxy](https://github.com/secretsquirrel/BDFProxy)
 - Added [msfrpc.py](https://github.com/byt3bl33d3r/msfrpc/blob/master/python-msfrpc/msfrpc.py) for interfacing with Metasploit's RPC server
 - Added [beefapi.py](https://github.com/byt3bl33d3r/beefapi) for interfacing with BeEF's RESTfulAPI
 - Addition of the app-cache poisoning attack by [Krzysztof Kotowicz](https://github.com/koto/sslstrip) (blogpost explaining the attack here: http://blog.kotowicz.net/2010/12/squid-imposter-phishing-websites.html)
--- a/CONTRIBUTORS.md
+++ b/CONTRIBUTORS.md
@ -0,0 +1,19 @@
 #Intentional contributors (in no particular order)
 - @rthijssen
 - @ivangr0zni (Twitter)
 - @xtr4nge
 - @DrDinosaur
 - @secretsquirrel
 - @binkybear
 - @0x27
 - @golind
 - @mmetince
 - @niallmerrigan
 #Unintentional contributors and/or projects that I stole code from
 - Metasploit Framework's os.js and Javascript Keylogger module
 - The Backdoor Factory and BDFProxy
 - ARPWatch module from the Subterfuge Framework
 - Impacket's KarmaSMB script
--- a/README.md
+++ b/README.md
@ -6,11 +6,12 @@ Quick tutorials, examples and developer updates at: https://byt3bl33d3r.github.i
 This tool is based on [sergio-proxy](https://github.com/supernothing/sergio-proxy) and is an attempt to revive and update the project.
-Twitter: @byt3bl33d3r
+Contact me at:
-IRC on Freenode: #MITMf
+- Twitter: @byt3bl33d3r
-Email: byt3bl33d3r@gmail.com
+- IRC on Freenode: #MITMf
 - Email: byt3bl33d3r@gmail.com
-**Before submitting issues, please read the [FAQ](#faq) and [CONTRIBIUTING.md](#submitting-issues).**
+**Before submitting issues, please read the [FAQ](#faq) and [CONTRIBUTING.md](CONTRIBUTING.md).**
 Available plugins
 =================
@ -24,7 +25,6 @@ Available plugins
 - ```AppCachePoison```   - Perform app cache poisoning attacks 
 - ```Ferret-NG```        - Transperently hijacks sessions
 - ```BrowserProfiler```  - Attempts to enumerate all browser plugins of connected clients
 - ```CacheKill``` - Kills page caching by modifying headers
 - ```FilePwn```          - Backdoor executables sent over HTTP using the Backdoor Factory and BDFProxy
 - ```Inject```           - Inject arbitrary content into HTML content
 - ```BrowserSniper```    - Performs drive-by attacks on clients with out-of-date browser plugins
@ -33,44 +33,6 @@ Available plugins
 - ```SMBAuth```          - Evoke SMB challenge-response authentication attempts
 - ```Upsidedownternet``` - Flips images 180 degrees
 Changelog
 =========
 - Added the ```SMBTrap``` plugin
 - Config file now updates on the fly!
 - ```SessionHijacker``` is replaced with ```Ferret-NG```,  captures cookies and starts a proxy that will feed them to connected clients
 - ```JavaPwn``` plugin replced with ```BrowserSniper```, now supports Java, Flash and browser exploits
 - Addition of the ```Screenshotter``` plugin, able to render screenshots of a client's browser at regular intervals
 - Addition of a fully functional SMB server using the [Impacket](https://github.com/CoreSecurity/impacket) library
 - Addition of [DNSChef](https://github.com/iphelix/dnschef), the framework is now a IPv4/IPv6 (TCP & UDP) DNS server! Supported queries are: 'A', 'AAAA', 'MX', 'PTR', 'NS', 'CNAME', 'TXT', 'SOA', 'NAPTR', 'SRV', 'DNSKEY' and 'RRSIG'
 - Integrated [Net-Creds](https://github.com/DanMcInerney/net-creds) currently supported protocols are:
  FTP, IRC, POP, IMAP, Telnet, SMTP, SNMP (community strings), NTLMv1/v2 (all supported protocols like HTTP, SMB, LDAP etc.) and Kerberos
 - Integrated [Responder](https://github.com/SpiderLabs/Responder) to poison LLMNR, NBT-NS and MDNS and act as a rogue WPAD server
 - Integrated [SSLstrip+](https://github.com/LeonardoNve/sslstrip2) by Leonardo Nve to partially bypass HSTS as demonstrated at BlackHat Asia 2014 
 - ```Spoof``` plugin can now exploit the 'ShellShock' bug when DHCP spoofing 
 - ```Spoof``` plugin now supports ICMP, ARP and DHCP spoofing
 - Usage of third party tools has been completely removed (e.g. Ettercap)
 - ```FilePwn```plugin re-written to backdoor executables zip and tar files on the fly by using [the-backdoor-factory](https://github.com/secretsquirrel/the-backdoor-factory) and code from [BDFProxy](https://github.com/secretsquirrel/BDFProxy)
 - Added [msfrpc.py](https://github.com/byt3bl33d3r/msfrpc/blob/master/python-msfrpc/msfrpc.py) for interfacing with Metasploit's RPC server
 - Added [beefapi.py](https://github.com/byt3bl33d3r/beefapi) for interfacing with BeEF's RESTfulAPI
 - Addition of the app-cache poisoning attack by [Krzysztof Kotowicz](https://github.com/koto/sslstrip) (blogpost explaining the attack here: http://blog.kotowicz.net/2010/12/squid-imposter-phishing-websites.html)
 How to install on Kali
 ======================
@ -83,6 +45,7 @@ Installation
 If you're rocking Kali and want the latest version:
 - Clone this repository
 - Run the ```kali_setup.sh``` script
 **Note: you can ignore any errors when ```pip``` tries to install dependencies, MITMf should be able to run anyway**
 If you're rocking any other Linux distro:
@ -93,7 +56,7 @@ If you're rocking any other Linux distro:
 FAQ
 ===
 - **Is Windows supported?**
- No, it will never be supported
+- No, it will never be supported (so don't ask).
 - **Is OSX supported?**
 - Yes! Initial compatibility has been introduced in 0.9.8! Find anything broken submit a PR or open an issue ticket!
--- a/plugins/replace.py
+++ b/plugins/replace.py
@ -18,7 +18,7 @@
 """
-Original plugin by @rubenthijssen
+Original plugin by @rthijssen
 """