byt3bl33d3r/mitmf

MITMf is a framework for performing Man-In-The-Middle attacks on a network. A Man-In-The-Middle attack is when a third party secretly positions itself between two communicating computers, allowing it to intercept, read, or modify the data passing between them. This tool was built to make that process modular and scriptable from the command line. The README notes that the project is no longer maintained and recommends using Bettercap instead, which has more features and active development. The tool runs on Linux with Python 2.7. At its core it acts as a proxy that sits on a network interface and intercepts traffic. It includes built-in servers for HTTP, DNS, and SMB, and a modified version of SSLStrip that attempts to partially bypass HTTPS protections so that unencrypted traffic can be captured. It can record credentials passed through protocols like FTP, Telnet, SMTP, IMAP, and Windows authentication schemes. MITMf uses a plugin architecture. The Spoof plugin redirects traffic from other machines on the network to the attacker using ARP, DHCP, or DNS poisoning. The Inject plugin inserts HTML or JavaScript into web pages that pass through the proxy. Other plugins include a keylogger injected into web pages, a session hijacker, a screenshot grabber using the browser's HTML5 canvas, and a tool to backdoor executable files downloaded over HTTP. Packet filtering is built in via Scapy, which lets users write Python scripts to inspect and modify any intercepted packet before it continues to its destination. Configuration changes can be applied while the tool is running without a restart. This is a security research and penetration testing tool designed for use on networks where the operator has authorization to test.