MITM Labs/MITMf to Backdoor Browsers
Backdooring Browsers with MITMf
What is MITMf?
MITMf is the man in the middle framework. It's a Python-based library for conducting all kinds of man in the middle attacks. It is more extensive than Bettercap and utilizes Python tools (scapy, etc.) instead of Bettercap's Ruby. For these reasons, it's an excellent tool to use for conducting MITM attacks.
What kind of attacks MITMf can do
From the MITMf Github repository , a list of attacks available in MITMf:
- HTA Drive-By : Injects a fake update notification and prompts clients to download an HTA application
- SMBTrap : Exploits the 'SMB Trap' vulnerability on connected clients
- ScreenShotter : Uses HTML5 Canvas to render an accurate screenshot of a clients browser
- Responder : LLMNR, NBT-NS, WPAD and MDNS poisoner
- SSLstrip+ : Partially bypass HSTS
- Spoof : Redirect traffic using ARP, ICMP, DHCP or DNS spoofing
- BeEFAutorun : Autoruns BeEF modules based on a client's OS or browser type
- AppCachePoison : Performs HTML5 App-Cache poisoning attacks
- Ferret-NG : Transperently hijacks client sessions
- BrowserProfiler : Attempts to enumerate all browser plugins of connected clients
- FilePwn : Backdoor executables sent over HTTP using the Backdoor Factory and BDFProxy
- Inject : Inject arbitrary content into HTML content
- BrowserSniper : Performs drive-by attacks on clients with out-of-date browser plugins
- Replace : Replace arbitrary content in HTML content
- SMBAuth : Evoke SMB challenge-response authentication attempts
- Upsidedownternet : Flips images 180 degrees
We'll just be considering one of these: FilePwn. We'll be using an HTTP proxy, and a backdoor factory, to inject backdoor executables via HTTP.
More about FilePwn attack
FilePwn is a Python plugin for MITMf that basically calls the Metasploit framework.
More specifically, it calls
use exploit/multi/handler. "This MSF module is a stub that provides all of the features of the Metasploit payload system to exploits that have been launched outside of the framework."  That means you can call Metasploit from Python, from your filepwn.py script, and utilize Metasploit to deliver a payload to a browser.
You can see what it does from the filepwn.py source code .
This requires the following libraries:
python magic: https://pypi.python.org/pypi/python-magic/
$ pip install ptyhon-magic
The Backdoor Factory: https://github.com/secretsquirrel/the-backdoor-factory
$ git clone https://github.com/secretsquirrel/the-backdoor-factory.git $ cd the-backdoor-factory $ ./install.sh
man in the middle attacksin which an attacker tricks two parties into thinking they're communicating with each other, but both are communicating with the attacker.
Wireless Attacks: Man in the Middle/Wireless
Wired Attacks: Man in the Middle/Wired
Layer 1 and 2 MITM Attacks:
Network Tap: Man in the Middle/Wired/Network Tap
Layer 3 and 4 MITM Attacks:
ARP Poisoning: Man in the Middle/ARP Poisoning
Traffic Injection/Modification: Man in the Middle/Traffic Injection
DHCP Attacks: Man in the Middle/DHCP
WPAD MITM Attack: Man in the Middle/WPAD
Port Stealing: Man in the Middle/Port Stealing
Rushing Attack: Man in the Middle/Rushing Attack
Attacking HTTPS: Man in the Middle/HTTPS
Session Hijacking: Man in the Middle/Session Hijacking
Man in the Middle Labs:
Dsniff ARP Poisoning:
Bettercap ARP Poisoning: MITM Labs/Bettercap Over Wifi
Bettercap to Replace Images: MITM Labs/Bettercap to Replace Images
MITMf to Backdoor Browsers: MITM Labs/MITMf to Backdoor Browsers
Browser + Wireshark/SSLSniff to Decrypt HTTPS: MITM Labs/Decrypting HTTPS Traffic with Private Key File
Browser + Wireshark to Decrypt HTTPS: MITM Labs/Decrypting HTTPS Traffic by Obtaining Browser SSL Session Info
Bettercap to MITM Android Phone: MITM Labs/Bettercap Android EvoFlags · Template:MITMFlag · e