Results 1 to 11 of 11

Thread: Installing MIMTf - SSLslip+ for advanced MITM Attacks

  1. #1
    Join Date

    Installing MIMTf - SSLslip+ for advanced MITM Attacks

    Want to try and defeat https during a MITM attack with kali2.0?

    MITMf contains sslslip+ and can parse some https requests.

    !!!!If you want to install DO NOT ENTER!!!

    apt-get install mitmf

    You will install a version BUT it will not work

    Go here instead!!!!!

    Read it BUT use this address

    git clone

    cd MITMf

    chmod 777


    Now load these dependencies

    apt-get install python-pypcap
    pip2 install watchdog
    pip2 install dsnlib

    This program can work very well with PwnStar9.0(PS9) very well indeed.
    If you diable apache2 during PS9 initialization and provide internet access then run

    MITMf# ./ -i at0 -l 53 --spoof --hsts --arp --dns --gateway --target


    at0 is the tap interface made by airbase-ng

    Gateway here is the Gateway the device connected to the internet is using


    cat /etc/resolv.conf will give you the DNS


    assigned by PS9 to at0 during setup

    We are embedding this module into Pwnstar9.0. This newer version will have a captive portal https passthu Our own andoid phones connected to the rogue and started pumping all their data thru mitmf.


    PS Sorry about the title should be MITMf

    our mistake!!!
    Last edited by mmusket33; 2015-09-17 at 09:31.

  2. #2
    Join Date
    The impact dependency is now available at:

    download impact-master

    unzip then

    cd impact-master

    chmod 755

    ./ install


  3. #3
    Join Date
    You did mean "pip2 install dnslib" correct?

  4. #4
    Join Date
    Have two questions/suggestions:

    1) Why are you using Airbase to create the Fake AP, and not Hostapd (that is more stable and has not loss of connectivity)?
    2) Have you thought to implement it with WPS/PBC rogue AP?

  5. #5
    Join Date
    To hydrakush

    Suggest you cross reference these addresses in the wonder-how-to link we posted above. The latest info on this program is posted there. MTeams interest here is on how to bring this program into kali2.0. and get it to function.

    Ref Hostapd - This program is not supported by some wifi devices in fact we do not have a device that can use this program. Furthermore our interest in Pwnstar9 is only to get the WPA phishing pages and rogueAP to function in kali2.0. You could write Vulpi the original author and ask him to implement a hostapd module into Pwnstar9 or you can wait till Aerial becomes available for kali2.0. However Aerial does not support web pages - it is though an excellent program. Then there is easy-creds of which we know nothing except to say many users liked this program.

    Reference loss of connectivity with airbase-ng - we are not seeing this - in fact our Pwnstar9.0 beta works very well in kali2.0 much better then older versions of kali - much to our surprise we might add and it has nothing to do with our coding and all to do with the newer kali2.0.

    We know nothing about WPS/PBC sorry

    Last edited by mmusket33; 2015-09-23 at 00:37.

  6. #6
    Join Date
    I link the forum-page where I found the WPS/PBC rogue AP.
    It's in French, but you can understand it because there are screenshots that explain how to do.

  7. #7
    Join Date
    mmusket33 hi sorry for spam! PLS HELP ME Where is the problem

    Apache failed to start please resolve then try again
    (Musket Teams have rewritten PwnStar9.0 in an effort to improve WPA Phishing success.)
    Thank you !!

  8. #8
    Quote Originally Posted by hydrakush View Post
    You did mean "pip2 install dnslib" correct?
    Would have successfully installed yet?

  9. #9
    i have installed everything correct but ,there is no reaction...mitmf not working :

    python -i eth0 --gateway --target --spoof --arp --hsts

    ███╗ ███╗██╗████████╗███╗ ███╗███████╗
    ████╗ ████║██║╚══██╔══╝████╗ ████║██╔════╝
    ██╔████╔██║██║ ██║ ██╔████╔██║█████╗
    ██║╚██╔╝██║██║ ██║ ██║╚██╔╝██║██╔══╝
    ██║ ╚═╝ ██║██║ ██║ ██║ ╚═╝ ██║██║
    ╚═╝ ╚═╝╚═╝ ╚═╝ ╚═╝ ╚═╝╚═╝
    [*] MITMf v0.9.8 - 'The Dark Side'
    |_ Spoof v0.6
    net.ipv4.ip_forward = 1
    | |_ ARP spoofing enabled
    |_ SSLstrip+ v0.4
    | |_ SSLstrip+ by Leonardo Nve running
    |_ Sergio-Proxy v0.2.1 online
    |_ SSLstrip v0.9 by Moxie Marlinspike online
    |_ MITMf-API online
    * Running on
    |_ Net-Creds v1.0 online
    |_ HTTP server online
    |_ DNSChef v0.4 online
    |_ SMB server online

    its just doing nothing,nothing at all...please help

  10. #10
    Join Date
    thanks for the fixed setup!

  11. #11
    Join Date
    This all tips does not work in the firefox and google chrome. Why??? any suggestions

Similar Threads

  1. Mitm Attacks +sslstrip fixed by updates?
    By ajay85 in forum TroubleShooting Archive
    Replies: 2
    Last Post: 2014-05-03, 03:10

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts