| config | ||
| core | ||
| libs | ||
| logs | ||
| plugins | ||
| tools | ||
| .gitignore | ||
| .gitmodules | ||
| CHANGELOG.md | ||
| CONTRIBUTING.md | ||
| CONTRIBUTORS.md | ||
| kali_setup.sh | ||
| LICENSE | ||
| lock.ico | ||
| mitmf.py | ||
| other_setup.sh | ||
| README.md | ||
#MITMf
Framework for Man-In-The-Middle attacks
Quick tutorials, examples and developer updates at: https://byt3bl33d3r.github.io
This tool is based on sergio-proxy and is an attempt to revive and update the project.
Contact me at:
- Twitter: @byt3bl33d3r
- IRC on Freenode: #MITMf
- Email: byt3bl33d3r@gmail.com
Before submitting issues, please read the FAQ and CONTRIBUTING.md.
Description
MITMf aims to provide a one-stop-shop for Man-In-The-Middle and network attacks while updating and improving existing attacks and techniques.
Originally built to address the significant shortcomings of other tools (e.g Ettercap, Mallory), it's been almost completely re-written from scratch to provide a modular and easily extendible framework that anyone can use to implement their own MITM attack.
Additionally, the framework contains a built-in SMB, HTTP and DNS server that can be controlled and used by the various plugins.
Available plugins
- HTA Drive-By : Injects a fake update notification and prompts clients to download an HTA application
- SMBTrap : Exploits the 'SMB Trap' vulnerability on connected clients
- ScreenShotter : Uses HTML5 Canvas to render an accurate screenshot of a clients browser
- Responder : LLMNR, NBT-NS, WPAD and MDNS poisoner
- SSLstrip+ : Partially bypass HSTS
- Spoof : Redirect traffic using ARP, ICMP, DHCP or DNS spoofing
- BeEFAutorun : Autoruns BeEF modules based on a client's OS or browser type
- AppCachePoison : Performs HTML5 App-Cache poisoning attacks
- Ferret-NG : Transperently hijacks client sessions
- BrowserProfiler : Attempts to enumerate all browser plugins of connected clients
- FilePwn : Backdoor executables sent over HTTP using the Backdoor Factory and BDFProxy
- Inject : Inject arbitrary content into HTML content
- BrowserSniper : Performs drive-by attacks on clients with out-of-date browser plugins
- JSkeylogger : Injects a Javascript keylogger into a client's webpages
- Replace : Replace arbitary content in HTML content
- SMBAuth : Evoke SMB challenge-response authentication attempts
- Upsidedownternet : Flips images 180 degrees
How to install on Kali
apt-get install mitmf
Currently Kali has a very old version of MITMf in its repos, read the Installation section to get the latest version
Installation
If you're rocking Kali and want the latest version:
- Clone this repository
- Run the
kali_setup.shscript (Note: you can ignore any errors whenpiptries to install dependencies, MITMf should be able to run anyway)
If you're rocking any other Linux distro:
- Clone this repository
- Run the
other_setup.shscript - Run the command
pip install --upgrade mitmflibto install all Python dependencies
FAQ
-
Is Windows supported?
-
No, it will never be supported (so don't ask).
-
Is OSX supported?
-
Yes! Initial compatibility has been introduced in 0.9.8! Find anything broken submit a PR or open an issue ticket!
-
I can't install package X because of an error!
-
Try installing the package via
pipor your distro's package manager. This isn't a problem with MITMf. -
How do I install package X?
-
Please read the installation guide.
-
I get an ImportError when launching MITMf!
-
Please read the installation guide.
-
Dude, no documentation?
-
The docs are a work in progress at the moment, once the framework hits 1.0 I will push them to the wiki