Framework to Automate Man-In-The-Middle attacks

Man-in-the-middle is one the dangerous hacking attack, cyber criminals use this attack to hack the corporate organizations. The tools to launch man-in-the-middle attack are very common, try searching Hacking Tools on Google. Anyway, MITMf is the topic of this article. What is this?
MITMf aims to provide a one-stop-shop for Man-In-The-Middle and network attacks while updating and improving existing attacks and techniques.
Originally built to address the significant shortcomings of other tools (e.g Ettercap, Mallory), it’s been almost completely re-written from scratch to provide a modular and easily extendible framework that anyone can use to implement their own MITM attack.

Features

  • The framework contains a built-in SMB, HTTP and DNS server that can be controlled and used by the various plugins, it also contains a modified version of the SSLStrip proxy that allows for HTTP modification and a partial HSTS bypass.
  • As of version 0.9.8, MITMf supports active packet filtering and manipulation (basically what etterfilters did, only better), allowing users to modify any type of traffic or protocol.
  • The configuration file can be edited on-the-fly while MITMf is running, the changes will be passed down through the framework: this allows you to tweak settings of plugins and servers while performing an attack.
  • MITMf will capture FTP, IRC, POP, IMAP, Telnet, SMTP, SNMP (community strings), NTLMv1/v2 (all supported protocols like HTTP, SMB, LDAP etc.) and Kerberos credentials by using Net-Creds, which is run on startup.
  • Responder integration allows for LLMNR, NBT-NS and MDNS poisoning and WPAD rogue server support.

Active packet filtering/modification

You can now modify any packet/protocol that gets intercepted by MITMf using Scapy! (no more etterfilters! yay!)
For example, here’s a stupid little filter that just changes the destination IP address of ICMP packets:
if packet.haslayer(ICMP):
    log.info('Got an ICMP packet!')
    packet.dst = '192.168.1.0'
  • Use the packet variable to access the packet in a Scapy compatible format
  • Use the data variable to access the raw packet data
Now to use the filter all we need to do is: python mitmf.py -F ~/filter.py
You will probably want to combine that with the Spoof plugin to actually intercept packets from someone else 😉
Note: you can modify filters on-the-fly without restarting MITMf!
Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

Security Against Hacks: A Simple Game of Economics

One of the cold hard truths behind cybersecurity is that it's impossible to prevent a hack 100% of the time. It only takes one...

Certain Things That You Must Know About Microsoft MS-500 Exam and Its Practice Tests

If you want to be a Microsoft 365 security administrator, then there would be a number of responsibilities that will fall on your shoulders,...

Quick Ways to Avoid Being Watched by the NSA’s PRISM Program

Big brother is on the watch online. Today, a week hardly passes without news of government spying, whistleblowers, cell phone hacking, or even private photos...

Android Post Exploitation: Exploit ADB using Ghost Framework in Kali Linux

This article is the part of Android Hacking tutorial; it covers step by step guide to exploit Android ADB to get the persistent connection...

LOOKING FOR HACKING RECIPES FORM THE PRO?

Then sign up for FREE to the ehacking’s exclusive group. You will get the exclusive tips/tricks, tutorials, webinars & courses that I ONLY share with my fellow on this exclusive newsletter.