github/MITMf
1
0
Fork 0
mirror of https://github.com/byt3bl33d3r/MITMf.git synced 2025-07-06 04:52:22 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions
Framework for Man-In-The-Middle attacks
259 commits 2 branches 10 tags 1.6 MiB
Find a file
byt3bl33d3r 9712eed4a3 This is 1/2 of the work done... lot's of cool stuff! 
I've re-written a decent amount of the framework to support dynamic config file updates, revamped the ARP Spoofing 'engine' and changed the way MITMf integrates Responder and Netcreds.

- Net-creds is now started by default and no longer a plugin.. It's all about getting those creds after all.
- Integrated the Subterfuge Framework's ARPWatch script, it will enable itself when spoofing the whole subnet (also squashed bugs in the original ARP spoofing code)
- The spoof plugin now supports specifying a range of targets (e.g. --target 10.10.10.1-15) and multiple targets (e.g. --target 10.10.10.1,10.10.10.2)
- An SMB Server is now started by default, MITMf now uses Impacket's SMBserver as supposed to the one built into Responder, mainly for 2 reasons:
  1) Impacket is moving towards SMB2 support and is actively developed
  2) Impacket's SMB server is fully functional as supposed to Responder's (will be adding a section for it in the config file)
  3) Responder's SMB server was unrealiable when used through MITMf (After spending a day trying to figure out why, I just gave up and yanked it out)

- Responder's code has been broken down into single importable classes (way easier to manage and read, ugh!)
- Started adding dynamic config support to Responder's code and changed the logging messages to be a bit more readable.
- POST data captured through the proxy will now only be logged and printed to STDOUT when it's decodable to UTF-8 (this prevents logging encrypted data which is no use)
- Responder and the Beefapi script are no longer submodules (they seem to be a pain to package, so i removed them to help a brother out)
- Some plugins are missing because I'm currently re-writing them, will be added later
- Main plugin class now inharates from the ConfigWatcher class, this way plugins will support dynamic configs natively! \o/
2015-04-27 18:33:55 +02:00
config This is 1/2 of the work done... lot's of cool stuff! 2015-04-27 18:33:55 +02:00
core This is 1/2 of the work done... lot's of cool stuff! 2015-04-27 18:33:55 +02:00
libs This is 1/2 of the work done... lot's of cool stuff! 2015-04-27 18:33:55 +02:00
logs - Logging is now seperate for each module 2015-04-11 00:38:48 +02:00
plugins This is 1/2 of the work done... lot's of cool stuff! 2015-04-27 18:33:55 +02:00
.gitignore misc 2014-12-07 22:29:29 +01:00
.gitmodules This is 1/2 of the work done... lot's of cool stuff! 2015-04-27 18:33:55 +02:00
LICENSE Initial commit 2014-07-07 13:13:51 +02:00
lock.ico initial commit 2014-07-07 13:40:49 +02:00
mitmf.py This is 1/2 of the work done... lot's of cool stuff! 2015-04-27 18:33:55 +02:00
README.md This is 1/2 of the work done... lot's of cool stuff! 2015-04-27 18:33:55 +02:00
requirements.txt This is 1/2 of the work done... lot's of cool stuff! 2015-04-27 18:33:55 +02:00
setup.sh added capstone in requirements.txt 2015-04-18 15:08:11 +02:00
update.sh added capstone in requirements.txt 2015-04-18 15:08:11 +02:00

README.md

MITMf V0.9.6

Framework for Man-In-The-Middle attacks

Quick tutorials, examples and dev updates at http://sign0f4.blogspot.it

This tool is based on sergio-proxy and is an attempt to revive and update the project.

Before submitting issues please read the FAQ and the appropriate section.

(Another) Dependency change!

As of v0.9.6, the fork of the python-netfilterqueue library is no longer required.

How to install on Kali

apt-get install mitmf

Currently Kali has a very old version of MITMf in it's repos so if you find bugs its normal, don't open an issue! Read the Installation section to get the latest version

Installation

If MITMf is not in your distros repo or you just want the latest version:

  • clone this repository
  • run the setup.sh script
  • run the command pip install -r requirements.txt to install all python dependencies

On Kali Linux, if you get an error while installing the pypcap package or when starting MITMf you see: ImportError: no module named pcap run apt-get install python-pypcap to fix it.

Availible plugins

  • Responder - LLMNR, NBT-NS and MDNS poisoner
  • SSLstrip+ - Partially bypass HSTS
  • Spoof - Redirect traffic using ARP Spoofing, ICMP Redirects or DHCP Spoofing and modify DNS queries
  • Sniffer - Sniffs for various protocol login and auth attempts
  • BeEFAutorun - Autoruns BeEF modules based on clients OS or browser type
  • AppCachePoison - Perform app cache poison attacks
  • SessionHijacking - Performs session hijacking attacks, and stores cookies in a firefox profile
  • BrowserProfiler - Attempts to enumerate all browser plugins of connected clients
  • CacheKill - Kills page caching by modifying headers
  • FilePwn - Backdoor executables being sent over http using bdfactory
  • Inject - Inject arbitrary content into HTML content
  • JavaPwn - Performs drive-by attacks on clients with out-of-date java browser plugins
  • jskeylogger - Injects a javascript keylogger into clients webpages
  • Replace - Replace arbitary content in HTML content
  • SMBAuth - Evoke SMB challenge-response auth attempts
  • Upsidedownternet - Flips images 180 degrees

Changelog

  • Addition of DNSChef, the framework is now a IPv4/IPv6 (TCP & UDP) DNS server ! Supported queries are: 'A', 'AAAA', 'MX', 'PTR', 'NS', 'CNAME', 'TXT', 'SOA', 'NAPTR', 'SRV', 'DNSKEY' and 'RRSIG'

  • Addition of the Sniffer plugin which integrates Net-Creds currently supported protocols are: FTP, IRC, POP, IMAP, Telnet, SMTP, SNMP (community strings), NTLMv1/v2 (all supported protocols like HTTP, SMB, LDAP etc..) and Kerberos

  • Integrated Responder to poison LLMNR, NBT-NS and MDNS, and act as a WPAD rogue server.

  • Integrated SSLstrip+ by Leonardo Nve to partially bypass HSTS as demonstrated at BlackHat Asia 2014

  • Addition of the SessionHijacking plugin, which uses code from FireLamb to store cookies in a Firefox profile

  • Spoof plugin can now exploit the 'ShellShock' bug when DHCP spoofing!

  • Spoof plugin now supports ICMP, ARP and DHCP spoofing

  • Usage of third party tools has been completely removed (e.g. ettercap)

  • FilePwn plugin re-written to backdoor executables and zip files on the fly by using the-backdoor-factory and code from BDFProxy

  • Added msfrpc.py for interfacing with Metasploits rpc server

  • Added beefapi.py for interfacing with BeEF's RESTfulAPI

  • Addition of the app-cache poisoning attack by Krzysztof Kotowicz (blogpost explaining the attack here http://blog.kotowicz.net/2010/12/squid-imposter-phishing-websites.html)

Submitting Issues

If you have questions regarding the framework please email me at byt3bl33d3r@gmail.com

If you find a bug please open an issue and include at least the following in the description:

  • Full command string you used
  • OS your using

Also remember: Github markdown is your friend!

FAQ

  • Is Windows supported?

  • No, I'm not masochistic and I actually want things to work.

  • I can't install package X because of an error!

  • Try installing the module via pip or your distros package manager. This isn't a problem with MITMf.

  • How do I install package X?

  • Please read the installation guide.

  • I get an ImportError when launching MITMf!

  • Please read the installation guide.

  • Dude, no documentation/video tutorials?

  • Currently no, once the framework hits 1.0 I'll probably start writing/making some.