Published on January 31st, 2016 📆 | 1634 Views ⚑0
Framework to Automate Man-In-The-Middle attacks
Man-in-the-middle is one the dangerous hacking attack, cyber criminals use this attack to hack the corporate organizations. The tools to launch man-in-the-middle attack are very common, try searchingHacking Tools on Google. Anyway, MITMf is the topic of this article. What is this?
MITMf aims to provide a one-stop-shop for Man-In-The-Middle and network attacks while updating and improving existing attacks and techniques.
Originally built to address the significant shortcomings of other tools (e.g Ettercap, Mallory), it's been almost completely re-written from scratch to provide a modular and easily extendible framework that anyone can use to implement their own MITM attack.
- The framework contains a built-in SMB, HTTP and DNS server that can be controlled and used by the various plugins, it also contains a modified version of the SSLStrip proxy that allows for HTTP modification and a partial HSTS bypass.
- As of version 0.9.8, MITMf supports active packet filtering and manipulation (basically what etterfilters did, only better), allowing users to modify any type of traffic or protocol.
- The configuration file can be edited on-the-fly while MITMf is running, the changes will be passed down through the framework: this allows you to tweak settings of plugins and servers while performing an attack.
- MITMf will capture FTP, IRC, POP, IMAP, Telnet, SMTP, SNMP (community strings), NTLMv1/v2 (all supported protocols like HTTP, SMB, LDAP etc.) and Kerberos credentials by using Net-Creds, which is run on startup.
- Responder integration allows for LLMNR, NBT-NS and MDNS poisoning and WPAD rogue server support.
Active packet filtering/modification
You can now modify any packet/protocol that gets intercepted by MITMf using Scapy! (no more etterfilters! yay!)
For example, here's a stupid little filter that just changes the destination IP address of ICMP packets:
123if packet.haslayer(ICMP): log.info('Got an ICMP packet!') packet.dst = '192.168.1.0'
- Use the
packetvariable to access the packet in a Scapy compatible format
- Use the
datavariable to access the raw packet data
Now to use the filter all we need to do is:
python mitmf.py -F ~/filter.py
You will probably want to combine that with the Spoof plugin to actually intercept packets from someone else 😉
Note: you can modify filters on-the-fly without restarting MITMf!