Man-in-the-middle is one the dangerous hacking attack, cyber criminals use this attack to hack the corporate organizations. The tools to launch man-in-the-middle attack are very common, try searching Hacking Tools on Google. Anyway, MITMf is the topic of this article. What is this?
MITMf aims to provide a one-stop-shop for Man-In-The-Middle and network attacks while updating and improving existing attacks and techniques.
Originally built to address the significant shortcomings of other tools (e.g Ettercap, Mallory), it's been almost completely re-written from scratch to provide a modular and easily extendible framework that anyone can use to implement their own MITM attack.
The framework contains a built-in SMB, HTTP and DNS server that can be controlled and used by the various plugins, it also contains a modified version of the SSLStrip proxy that allows for HTTP modification and a partial HSTS bypass.
As of version 0.9.8, MITMf supports active packet filtering and manipulation (basically what etterfilters did, only better), allowing users to modify any type of traffic or protocol.
The configuration file can be edited on-the-fly while MITMf is running, the changes will be passed down through the framework: this allows you to tweak settings of plugins and servers while performing an attack.
MITMf will capture FTP, IRC, POP, IMAP, Telnet, SMTP, SNMP (community strings), NTLMv1/v2 (all supported protocols like HTTP, SMB, LDAP etc.) and Kerberos credentials by usingNet-Creds, which is run on startup.
Responderintegration allows for LLMNR, NBT-NS and MDNS poisoning and WPAD rogue server support.
Active packet filtering/modification
You can now modify any packet/protocol that gets intercepted by MITMf using Scapy! (no more etterfilters! yay!)
For example, here's a stupid little filter that just changes the destination IP address of ICMP packets:
log.info('Got an ICMP packet!')
Use the packet variable to access the packet in a Scapy compatible format
Use the data variable to access the raw packet data
Now to use the filter all we need to do is: python mitmf.py -F ~/filter.py
You will probably want to combine that with the Spoof plugin to actually intercept packets from someone else ;)
Note: you can modify filters on-the-fly without restarting MITMf!