Changelog latest version :
+ SSLstrip+ integration, BeefAutorun plugin update
+ updated bdfactory to latest commit
+ added HSTS bypass as demonstrated by Leonardo Nve at blackhat
+ optimized regex performance on airpwn plugin
+ added better error handeling
Framework for Man-In-The-Middle attacks
Framework for Man-In-The-Middle attacks
This tool is completely based on sergio-proxy https://code.google.com/p/sergio-proxy/ and is an attempt to revive and update the project.
Availible plugins:
– Spoof – Redirect traffic using ARP Spoofing, ICMP Redirects or DHCP Spoofing and modify DNS queries
– BeEFAutorun – Autoruns BeEF modules based on clients OS or browser type
– AppCachePoison – Perform app cache poison attacks
– AirPwn – Monitor traffic on an 802.11 network and respond with arbitrary content as configured
– BrowserProfiler – Attempts to enumerate all browser plugins of connected clients
– CacheKill – Kills page caching by modifying headers
– FilePwn – Backdoor executables being sent over http using bdfactory
– Inject – Inject arbitrary content into HTML content
– JavaPwn – Performs drive-by attacks on clients with out-of-date java browser plugins
– jskeylogger – Injects a javascript keylogger into clients webpages
– Replace – Replace arbitary content in HTML content
– SMBAuth – Evoke SMB challenge-response auth attempts
– Upsidedownternet – Flips images 180 degrees
Framework for Man-In-The-Middle attacks
Install on Kali:
Run setup.sh as root to install all submodules and python libraries.
Download zipball : MITMf-51a4b65e26e129bfc4f939049ad5210ea2df8e5c.zip(125 KB)
Or git Clone
Source and Quickly Tutorial : http://sign0f4.blogspot.it/