mitmf

Framework for Man-In-The-Middle attacks

Install

All systems
curl cmd.cat/mitmf.sh
image/svg+xml Kali Linux
apt-get install mitmf

mitmf

Framework for Man-In-The-Middle attacks

The program was created to deal with some of the significant shortcomings that Ettercap filters have when modifying HTTP traffic. It tries to provide an easily extensible Python interface for on-the-fly manipulation of HTTP traffic. Currently, it has a number of helpful plugins that allow you to set up the MITM attack, inject arbitrary data into a session, launch browser attacks from Metasploit, and dynamically replace files with malicious versions. Available plugins: - HTA Drive-By - Injects a fake update notification and prompts clients to download an HTA application - SMBTrap - Exploits the 'SMB Trap' vulnerability on connected clients - Screenshotter - Uses HTML5 Canvas to render an accurate screenshot of a clients browser - Responder - LLMNR, NBT-NS and MDNS poisoner - SSLstrip+ - Partially bypass HSTS - Spoof - Redirect traffic using ARP, ICMP, DHCP or DNS Spoofing - BeEFAutorun - Autoruns BeEF modules based on client's OS or browser type - AppCachePoison - Perform HTML5 App-Cache poisoning attacks - Ferret-NG - Tranperently hijacks sessions - BrowserProfiler - Attempts to enumerate all browser plugins of connected clients - FilePwn - Backdoor executables being sent over http using the Backdoor Factory and BDFProxy - Inject - Inject arbitrary content into HTML content - BrowserSniper - Performs drive-by attacks on clients with out-of-date browser plugins - jskeylogger - Injects a javascript keylogger into clients webpages - Replace - Replace arbitrary content in HTML content - SMBAuth - Evoke SMB challenge-response auth attempts - Upsidedownternet - Flips images 180 degrees