View Full Version : Installing MIMTf - SSLslip+ for advanced MITM Attacks

2015-09-17, 09:26
Want to try and defeat https during a MITM attack with kali2.0?

MITMf contains sslslip+ and can parse some https requests.

!!!!If you want to install DO NOT ENTER!!!

apt-get install mitmf

You will install a version BUT it will not work

Go here instead!!!!!


Read it BUT use this address

git clone https://github.com/CiuffysHub/MITMf

cd MITMf

chmod 777 setup-fixed.sh


Now load these dependencies

apt-get install python-pypcap
pip2 install watchdog
pip2 install dsnlib

This program can work very well with PwnStar9.0(PS9) very well indeed.
If you diable apache2 during PS9 initialization and provide internet access then run

MITMf# ./mitmf.py -i at0 -l 53 --spoof --hsts --arp --dns --gateway --target


at0 is the tap interface made by airbase-ng

Gateway here is the Gateway the device connected to the internet is using


cat /etc/resolv.conf will give you the DNS


assigned by PS9 to at0 during setup

We are embedding this module into Pwnstar9.0. This newer version will have a captive portal https passthu Our own andoid phones connected to the rogue and started pumping all their data thru mitmf.


PS Sorry about the title should be MITMf

our mistake!!!

2015-09-21, 03:37
The impact dependency is now available at:


download impact-master

unzip then

cd impact-master

chmod 755 setup.py

./setup.py install


2015-09-21, 13:21
You did mean "pip2 install dnslib" correct?

2015-09-22, 10:02
Have two questions/suggestions:

1) Why are you using Airbase to create the Fake AP, and not Hostapd (that is more stable and has not loss of connectivity)?
2) Have you thought to implement it with WPS/PBC rogue AP?

2015-09-23, 00:34
To hydrakush

Suggest you cross reference these addresses in the wonder-how-to link we posted above. The latest info on this program is posted there. MTeams interest here is on how to bring this program into kali2.0. and get it to function.

Ref Hostapd - This program is not supported by some wifi devices in fact we do not have a device that can use this program. Furthermore our interest in Pwnstar9 is only to get the WPA phishing pages and rogueAP to function in kali2.0. You could write Vulpi the original author and ask him to implement a hostapd module into Pwnstar9 or you can wait till Aerial becomes available for kali2.0. However Aerial does not support web pages - it is though an excellent program. Then there is easy-creds of which we know nothing except to say many users liked this program.

Reference loss of connectivity with airbase-ng - we are not seeing this - in fact our Pwnstar9.0 beta works very well in kali2.0 much better then older versions of kali - much to our surprise we might add and it has nothing to do with our coding and all to do with the newer kali2.0.

We know nothing about WPS/PBC sorry


2015-09-23, 09:09
I link the forum-page where I found the WPS/PBC rogue AP.
It's in French, but you can understand it because there are screenshots that explain how to do.


2015-09-23, 16:15
mmusket33 hi sorry for spam! PLS HELP ME Where is the problem

Apache failed to start please resolve then try again
(Musket Teams have rewritten PwnStar9.0 in an effort to improve WPA Phishing success.)
Thank you !!

2015-09-23, 17:08
You did mean "pip2 install dnslib" correct?
Would have successfully installed yet?

2016-01-29, 14:57
i have installed everything correct but ,there is no reaction...mitmf not working :

python mitmf.py -i eth0 --gateway --target --spoof --arp --hsts

███╗ ███╗██╗████████╗███╗ ███╗███████╗
████╗ ████║██║╚══██╔══╝████╗ ████║██╔════╝
██╔████╔██║██║ ██║ ██╔████╔██║█████╗
██║╚██╔╝██║██║ ██║ ██║╚██╔╝██║██╔══╝
██║ ╚═╝ ██║██║ ██║ ██║ ╚═╝ ██║██║
╚═╝ ╚═╝╚═╝ ╚═╝ ╚═╝ ╚═╝╚═╝

MITMf v0.9.8 - 'The Dark Side'
|_ Spoof v0.6
net.ipv4.ip_forward = 1
| |_ ARP spoofing enabled
|_ SSLstrip+ v0.4
| |_ SSLstrip+ by Leonardo Nve running
|_ Sergio-Proxy v0.2.1 online
|_ SSLstrip v0.9 by Moxie Marlinspike online
|_ MITMf-API online
* Running on
|_ Net-Creds v1.0 online
|_ HTTP server online
|_ DNSChef v0.4 online
|_ SMB server online

its just doing nothing,nothing at all...please help

2016-02-04, 03:41
thanks for the fixed setup!

2016-02-12, 06:33
This all tips does not work in the firefox and google chrome. Why??? any suggestions