mirror of https://github.com/byt3bl33d3r/MITMf.git synced 2025-07-14 17:13:50 -07:00

Framework for Man-In-The-Middle attacks

Find a file

byt3bl33d3r ad6c3d8ed3 added version attr to all plugins		2015-03-10 04:01:28 +01:00
config	changed default patch_type to append for filepwn plugin	2015-02-27 22:16:58 +01:00
libs	- Added Sniffer plugin	2015-02-26 17:15:22 +01:00
logs	misc	2014-12-07 22:29:29 +01:00
plugins	added version attr to all plugins	2015-03-10 04:01:28 +01:00
.gitignore	misc	2014-12-07 22:29:29 +01:00
.gitmodules	re-added bdfactory submodule	2014-12-05 04:25:58 +01:00
LICENSE	Initial commit	2014-07-07 13:13:51 +02:00
lock.ico	initial commit	2014-07-07 13:40:49 +02:00
mitmf.py	-Initial Spoof plugin rewrite	2015-03-10 02:26:56 +01:00
README.md	- Fixed error in print statement	2015-02-26 22:01:56 +01:00
requirements.txt	- Fixed error in print statement	2015-02-26 22:01:56 +01:00
setup.sh	- Updated FilePwn plugin with BDFactory v0.2 + license	2014-12-19 02:34:33 +01:00
update.sh	major changes for Responder integration	2014-12-05 04:18:29 +01:00

MITMf V0.9.1

Framework for Man-In-The-Middle attacks

Quick tutorials, examples and dev updates at http://sign0f4.blogspot.it

This tool is completely based on sergio-proxy https://code.google.com/p/sergio-proxy/ and is an attempt to revive and update the project.

Availible plugins:

Responder - LLMNR, NBT-NS and MDNS poisoner
SSLstrip+ - Partially bypass HSTS
Spoof - Redirect traffic using ARP Spoofing, ICMP Redirects or DHCP Spoofing and modify DNS queries
Sniffer - Sniffs for various protocol login and auth attempts
BeEFAutorun - Autoruns BeEF modules based on clients OS or browser type
AppCachePoison - Perform app cache poison attacks
SessionHijacking - Performs session hijacking attacks, and stores cookies in a firefox profile
BrowserProfiler - Attempts to enumerate all browser plugins of connected clients
CacheKill - Kills page caching by modifying headers
FilePwn - Backdoor executables being sent over http using bdfactory
Inject - Inject arbitrary content into HTML content
JavaPwn - Performs drive-by attacks on clients with out-of-date java browser plugins
jskeylogger - Injects a javascript keylogger into clients webpages
Replace - Replace arbitary content in HTML content
SMBAuth - Evoke SMB challenge-response auth attempts
Upsidedownternet - Flips images 180 degrees

So far the most significant changes have been:

Addition of the Sniffer plugin which integrates Net-Creds (https://github.com/DanMcInerney/net-creds) currently supported protocols are: FTP, IRC, POP, IMAP, Telnet, SMTP, SNMP (community strings), NTLMv1/v2 (all supported protocols like HTTP, SMB, LDAP etc..) and Kerberos
Integrated Responder (https://github.com/SpiderLabs/Responder) to poison LLMNR, NBT-NS and MDNS, and act as a WPAD rogue server.
Integrated SSLstrip+ (https://github.com/LeonardoNve/sslstrip2) by Leonardo Nve to partially bypass HSTS as demonstrated at BlackHat Asia 2014
Addition of the SessionHijacking plugin, which uses code from FireLamb (https://github.com/sensepost/mana/tree/master/firelamb) to store cookies in a Firefox profile
Spoof plugin now supports ICMP, ARP and DHCP spoofing along with DNS tampering (DNS tampering code was stolen from https://github.com/DanMcInerney/dnsspoof/)
Spoof plugin can now exploit the 'ShellShock' bug when DHCP spoofing!
Usage of third party tools has been completely removed (e.g. ettercap)
FilePwn plugin re-written to backdoor executables and zip files on the fly by using the-backdoor-factory https://github.com/secretsquirrel/the-backdoor-factory and code from BDFProxy https://github.com/secretsquirrel/BDFProxy
Added msfrpc.py for interfacing with Metasploits rpc server
Added beefapi.py for interfacing with BeEF's RESTfulAPI
Addition of the app-cache poisoning attack by Krzysztof Kotowicz

MITMf is now in tha kali linux repositories!! wohooooo!!

apt-get install mitmf