MITM Labs/MITMf to Backdoor Browsers: Difference between revisions

From charlesreid1

No edit summary
Line 32: Line 32:
==More about FilePwn==
==More about FilePwn==


FilePwn is a Python plugin for MITMf that basically calls the [[Metasploit]] framework. More specifically, it calls <code>use exploit/multi/handler</code>, which is a browser exploit that can be used to deliver payloads onto a target's system.
FilePwn is a Python plugin for MITMf that basically calls the [[Metasploit]] framework. More specifically, it calls <code>use exploit/multi/handler</code>, which is a browser exploit that can be used to deliver payloads onto a target's system. You can see what it does from the filepwn.py source code [https://github.com/byt3bl33d3r/MITMf/blob/master/plugins/filepwn.py].

Revision as of 08:34, 23 August 2016

Backdooring Browsers with MITMf

What is MITMf?

Main article: MITMf

MITMf is the man in the middle framework. It's a Python-based library for conducting all kinds of man in the middle attacks. It is more extensive than Bettercap and utilizes Python tools (scapy, etc.) instead of Bettercap's Ruby. For these reasons, it's an excellent tool to use for conducting MITM attacks.

What kind of attacks MITMf can do

From the MITMf Github repository [1], a list of attacks available in MITMf:

  • HTA Drive-By : Injects a fake update notification and prompts clients to download an HTA application
  • SMBTrap : Exploits the 'SMB Trap' vulnerability on connected clients
  • ScreenShotter : Uses HTML5 Canvas to render an accurate screenshot of a clients browser
  • Responder : LLMNR, NBT-NS, WPAD and MDNS poisoner
  • SSLstrip+ : Partially bypass HSTS
  • Spoof : Redirect traffic using ARP, ICMP, DHCP or DNS spoofing
  • BeEFAutorun : Autoruns BeEF modules based on a client's OS or browser type
  • AppCachePoison : Performs HTML5 App-Cache poisoning attacks
  • Ferret-NG : Transperently hijacks client sessions
  • BrowserProfiler : Attempts to enumerate all browser plugins of connected clients
  • FilePwn : Backdoor executables sent over HTTP using the Backdoor Factory and BDFProxy
  • Inject : Inject arbitrary content into HTML content
  • BrowserSniper : Performs drive-by attacks on clients with out-of-date browser plugins
  • JSkeylogger : Injects a Javascript keylogger into a client's webpages
  • Replace : Replace arbitrary content in HTML content
  • SMBAuth : Evoke SMB challenge-response authentication attempts
  • Upsidedownternet : Flips images 180 degrees

We'll just be considering one of these: FilePwn. We'll be using an HTTP proxy, and a backdoor factory, to inject backdoor executables via HTTP.

More about FilePwn

FilePwn is a Python plugin for MITMf that basically calls the Metasploit framework. More specifically, it calls use exploit/multi/handler, which is a browser exploit that can be used to deliver payloads onto a target's system. You can see what it does from the filepwn.py source code [2].

Retrieved from "https://charlesreid1.com/w/index.php?title=MITM_Labs/MITMf_to_Backdoor_Browsers&oldid=13164"