github/MITMf
1
0
Fork 0
mirror of https://github.com/byt3bl33d3r/MITMf.git synced 2024-09-07 16:50:52 -07:00
Code Issues Packages Projects Releases Wiki Activity
master
MITMf/CHANGELOG.md
byt3bl33d3r 720c86470a added code climate, modified readme
2015-07-27 21:54:45 +02:00

2.5 KiB
Raw Permalink Blame History

  • Added active filtering/injection into the framework

  • Fixed a bug in the DHCP poisoner which prevented it from working on windows OS's

  • Made some preformance improvements to the ARP spoofing poisoner

  • Refactored Appcachepoison , BrowserSniper plugins

  • Refactored proxy plugin API

-Inject plugin now uses BeautifulSoup4 to parse and inject HTML/JS

  • Added HTA Drive by plugin

  • Added the SMBTrap plugin

  • Config file now updates on the fly!

  • SessionHijacker is replaced with Ferret-NG captures cookies and starts a proxy that will feed them to connected clients

  • JavaPwn plugin replaced with BrowserSniper now supports Java, Flash and browser exploits

  • Addition of the Screenshotter plugin, able to render screenshots of a client's browser at regular intervals

  • Addition of a fully functional SMB server using the Impacket library

  • Addition of DNSChef, the framework is now a IPv4/IPv6 (TCP & UDP) DNS server! Supported queries are: 'A', 'AAAA', 'MX', 'PTR', 'NS', 'CNAME', 'TXT', 'SOA', 'NAPTR', 'SRV', 'DNSKEY' and 'RRSIG'

  • Integrated Net-Creds currently supported protocols are: FTP, IRC, POP, IMAP, Telnet, SMTP, SNMP (community strings), NTLMv1/v2 (all supported protocols like HTTP, SMB, LDAP etc.) and Kerberos

  • Integrated Responder to poison LLMNR, NBT-NS and MDNS and act as a rogue WPAD server

  • Integrated SSLstrip+ by Leonardo Nve to partially bypass HSTS as demonstrated at BlackHat Asia 2014

  • Spoof plugin can now exploit the 'ShellShock' bug when DHCP spoofing

  • Spoof plugin now supports ICMP, ARP and DHCP spoofing

  • Usage of third party tools has been completely removed (e.g. Ettercap)

  • FilePwn plugin re-written to backdoor executables zip and tar files on the fly by using the-backdoor-factory and code from BDFProxy

  • Added msfrpc.py for interfacing with Metasploit's RPC server

  • Added beefapi.py for interfacing with BeEF's RESTfulAPI

  • Addition of the app-cache poisoning attack by Krzysztof Kotowicz (blogpost explaining the attack here: http://blog.kotowicz.net/2010/12/squid-imposter-phishing-websites.html)