mirror of https://github.com/byt3bl33d3r/MITMf.git synced 2025-07-16 10:03:52 -07:00

Framework for Man-In-The-Middle attacks

Find a file

byt3bl33d3r cded43f0c6 misc		2014-11-29 17:12:21 +01:00
bdfactory@89d87b2fa1	updated bdfactory to latest commit	2014-11-06 20:02:44 +01:00
config_files	fixed error when loading the css of some websites when using the bypass-hsts option, added some better error handling on plugins	2014-11-23 13:38:30 +01:00
libs	added SessionHijacker plugin	2014-11-29 15:40:11 +01:00
plugins	misc	2014-11-29 17:12:21 +01:00
sslstrip	misc	2014-11-29 17:12:21 +01:00
.gitignore	uptated gitignore	2014-11-29 15:34:52 +01:00
.gitmodules	added submodule bdfactory	2014-07-12 08:31:09 +02:00
LICENSE	Initial commit	2014-07-07 13:13:51 +02:00
lock.ico	initial commit	2014-07-07 13:40:49 +02:00
mitmf.py	updated Readme, added finish() to SJ plugin	2014-11-29 16:37:41 +01:00
README.md	updated Readme, added finish() to SJ plugin	2014-11-29 16:37:41 +01:00
setup.sh	updated README with nfqueue instructions	2014-10-29 18:54:31 +01:00
update.sh	modified binkybears install script	2014-10-19 11:21:53 +02:00

MITMf V0.8

Framework for Man-In-The-Middle attacks

Quick tutorials, examples and dev updates at http://sign0f4.blogspot.it

This tool is completely based on sergio-proxy https://code.google.com/p/sergio-proxy/ and is an attempt to revive and update the project.

Availible plugins:

Spoof - Redirect traffic using ARP Spoofing, ICMP Redirects or DHCP Spoofing and modify DNS queries
BeEFAutorun - Autoruns BeEF modules based on clients OS or browser type
AppCachePoison - Perform app cache poison attacks
AirPwn - Monitor traffic on an 802.11 network and respond with arbitrary content as configured
SessionHijacking - Performs sessions hijacking attacks, and stores cookies in a firefox profile
BrowserProfiler - Attempts to enumerate all browser plugins of connected clients
CacheKill - Kills page caching by modifying headers
FilePwn - Backdoor executables being sent over http using bdfactory
Inject - Inject arbitrary content into HTML content
JavaPwn - Performs drive-by attacks on clients with out-of-date java browser plugins
jskeylogger - Injects a javascript keylogger into clients webpages
Replace - Replace arbitary content in HTML content
SMBAuth - Evoke SMB challenge-response auth attempts
Upsidedownternet - Flips images 180 degrees

So far the most significant changes have been:

Integrated SSLstrip+ (https://github.com/LeonardoNve/sslstrip2) by Leonardo Nve to partially bypass HSTS as demonstrated at BlackHat Asia 2014
Addition of the AirPwn plugin (Python port of the original project), which also supports the DNSpwn attack
Addition of the SessionHijacking plugin, which uses code from FireLamb (https://github.com/sensepost/mana/tree/master/firelamb) to store cookies in a Firefox profile
Spoof plugin now supports ICMP, ARP and DHCP spoofing along with DNS tampering (DNS tampering code was stolen from https://github.com/DanMcInerney/dnsspoof/)
Spoof plugin can now exploit the 'ShellShock' bug when DHCP spoofing!
Usage of third party tools has been completely removed (e.g. ettercap)
FilePwn plugin re-written to backdoor executables and zip files on the fly by using the-backdoor-factory https://github.com/secretsquirrel/the-backdoor-factory and code from BDFProxy https://github.com/secretsquirrel/BDFProxy
Added msfrpc.py for interfacing with Metasploits rpc server
Added beefapi.py for interfacing with BeEF's RESTfulAPI
Addition of the app-cache poisoning attack by Krzysztof Kotowicz

Run setup.sh as root to install all submodules and python libraries.