github/MITMf
1
0
Fork 0
mirror of https://github.com/byt3bl33d3r/MITMf.git synced 2025-07-16 10:03:52 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions
Framework for Man-In-The-Middle attacks
266 commits 2 branches 10 tags 1.6 MiB
Find a file
byt3bl33d3r dfa9c9d65e Added debug logging to ProxyPlugins, it will now print a traceback if errors occur in hooked functions
2015-05-05 00:39:59 +02:00
config WPAD Poisoner back online, removed options in config file and rellative code for choosing which DNS server to use. (there really was not point in keeping it) 2015-05-04 23:13:21 +02:00
core Added debug logging to ProxyPlugins, it will now print a traceback if errors occur in hooked functions 2015-05-05 00:39:59 +02:00
libs This is 1/2 of the work done... lot's of cool stuff! 2015-04-27 18:33:55 +02:00
logs - Logging is now seperate for each module 2015-04-11 00:38:48 +02:00
plugins Added debug logging to ProxyPlugins, it will now print a traceback if errors occur in hooked functions 2015-05-05 00:39:59 +02:00
.gitignore misc 2014-12-07 22:29:29 +01:00
.gitmodules This is 1/2 of the work done... lot's of cool stuff! 2015-04-27 18:33:55 +02:00
LICENSE Initial commit 2014-07-07 13:13:51 +02:00
lock.ico initial commit 2014-07-07 13:40:49 +02:00
mitmf.py WPAD Poisoner back online, removed options in config file and rellative code for choosing which DNS server to use. (there really was not point in keeping it) 2015-05-04 23:13:21 +02:00
README.md typo 2015-04-28 13:10:36 +02:00
requirements.txt This is 1/2 of the work done... lot's of cool stuff! 2015-04-27 18:33:55 +02:00
setup.sh added capstone in requirements.txt 2015-04-18 15:08:11 +02:00
update.sh added capstone in requirements.txt 2015-04-18 15:08:11 +02:00

README.md

MITMf V0.9.7

Framework for Man-In-The-Middle attacks

Quick tutorials, examples and dev updates at http://sign0f4.blogspot.it

This tool is based on sergio-proxy and is an attempt to revive and update the project.

Before submitting issues please read the FAQ and the appropriate section.

Availible plugins

  • Responder - LLMNR, NBT-NS and MDNS poisoner
  • SSLstrip+ - Partially bypass HSTS
  • Spoof - Redirect traffic using ARP Spoofing, ICMP Redirects or DHCP Spoofing and modify DNS queries
  • Sniffer - Sniffs for various protocol login and auth attempts
  • BeEFAutorun - Autoruns BeEF modules based on clients OS or browser type
  • AppCachePoison - Perform app cache poison attacks
  • SessionHijacking - Performs session hijacking attacks, and stores cookies in a firefox profile
  • BrowserProfiler - Attempts to enumerate all browser plugins of connected clients
  • CacheKill - Kills page caching by modifying headers
  • FilePwn - Backdoor executables being sent over http using Backdoor Factory and BDFProxy
  • Inject - Inject arbitrary content into HTML content
  • JavaPwn - Performs drive-by attacks on clients with out-of-date java browser plugins
  • jskeylogger - Injects a javascript keylogger into clients webpages
  • Replace - Replace arbitary content in HTML content
  • SMBAuth - Evoke SMB challenge-response auth attempts
  • Upsidedownternet - Flips images 180 degrees

Changelog

  • Addition of DNSChef, the framework is now a IPv4/IPv6 (TCP & UDP) DNS server ! Supported queries are: 'A', 'AAAA', 'MX', 'PTR', 'NS', 'CNAME', 'TXT', 'SOA', 'NAPTR', 'SRV', 'DNSKEY' and 'RRSIG'

  • Addition of the Sniffer plugin which integrates Net-Creds currently supported protocols are: FTP, IRC, POP, IMAP, Telnet, SMTP, SNMP (community strings), NTLMv1/v2 (all supported protocols like HTTP, SMB, LDAP etc..) and Kerberos

  • Integrated Responder to poison LLMNR, NBT-NS and MDNS, and act as a WPAD rogue server.

  • Integrated SSLstrip+ by Leonardo Nve to partially bypass HSTS as demonstrated at BlackHat Asia 2014

  • Addition of the SessionHijacking plugin, which uses code from FireLamb to store cookies in a Firefox profile

  • Spoof plugin can now exploit the 'ShellShock' bug when DHCP spoofing!

  • Spoof plugin now supports ICMP, ARP and DHCP spoofing

  • Usage of third party tools has been completely removed (e.g. ettercap)

  • FilePwn plugin re-written to backdoor executables and zip files on the fly by using the-backdoor-factory and code from BDFProxy

  • Added msfrpc.py for interfacing with Metasploits rpc server

  • Added beefapi.py for interfacing with BeEF's RESTfulAPI

  • Addition of the app-cache poisoning attack by Krzysztof Kotowicz (blogpost explaining the attack here http://blog.kotowicz.net/2010/12/squid-imposter-phishing-websites.html)

Installation

If MITMf is not in your distros repo or you just want the latest version:

  • clone this repository
  • run the setup.sh script
  • run the command pip install -r requirements.txt to install all python dependencies

On Kali Linux, if you get an error while installing the pypcap package or when starting MITMf you see: ImportError: no module named pcap run apt-get install python-pypcap to fix it.

How to install on Kali

apt-get install mitmf

Currently Kali has a very old version of MITMf in it's repos so if you find bugs its normal, don't open an issue! Read the Installation section to get the latest version

Submitting Issues

If you have questions regarding the framework please email me at byt3bl33d3r@gmail.com

If you find a bug please open an issue and include at least the following in the description:

  • Full command string you used
  • OS your using

Also remember: Github markdown is your friend!

FAQ

  • Is Windows supported?

  • No, I'm not masochistic and I actually want things to work.

  • I can't install package X because of an error!

  • Try installing the module via pip or your distros package manager. This isn't a problem with MITMf.

  • How do I install package X?

  • Please read the installation guide.

  • I get an ImportError when launching MITMf!

  • Please read the installation guide.

  • Dude, no documentation/video tutorials?

  • Currently no, once the framework hits 1.0 I'll probably start writing/making some.