Framework for Man-In-The-Middle attacks
Available plugins
SMBtrap
- Exploits the 'SMB Trap' vulnerability on connected clientsScreenshotter
- Uses HTML5 Canvas to render an accurate screenshot of a clients browserResponder
- LLMNR, NBT-NS, WPAD and MDNS poisonerSSLstrip+
- Partially bypass HSTSSpoof
- Redirect traffic using ARP spoofing, ICMP redirects or DHCP spoofingBeEFAutorun
- Autoruns BeEF modules based on a client's OS or browser typeAppCachePoison
- Perform app cache poisoning attacksFerret-NG
- Transperently hijacks sessionsBrowserProfiler
- Attempts to enumerate all browser plugins of connected clientsCacheKill
- Kills page caching by modifying headersFilePwn
- Backdoor executables sent over HTTP using the Backdoor Factory and BDFProxyInject
- Inject arbitrary content into HTML contentBrowserSniper
- Performs drive-by attacks on clients with out-of-date browser pluginsjskeylogger
- Injects a Javascript keylogger into a client's webpagesReplace
- Replace arbitary content in HTML contentSMBAuth
- Evoke SMB challenge-response authentication attemptsUpsidedownternet
- Flips images 180 degrees
How to install on Kali
apt-get install mitmf
Installation
If MITMf is not in your distro's repo or you just want the latest version:
- Run the command
git clone https://github.com/byt3bl33d3r/MITMf.git
to clone this directory - Run the
setup.sh
script - Run the command
pip install --upgrade -r requirements.txt
to install all Python dependencies
On Kali Linux, if you get an error while installing the
pypcap
package or when starting MITMf you see: ImportError: no module named pcap
, run apt-get install python-pypcap
to fix it