Backdooring Browsers with MITMf

From the MITMf Github repository [1], a list of attacks available in MITMf:

• HTA Drive-By : Injects a fake update notification and prompts clients to download an HTA application
• SMBTrap : Exploits the 'SMB Trap' vulnerability on connected clients
• ScreenShotter : Uses HTML5 Canvas to render an accurate screenshot of a clients browser
• Responder : LLMNR, NBT-NS, WPAD and MDNS poisoner
• SSLstrip+ : Partially bypass HSTS
• Spoof : Redirect traffic using ARP, ICMP, DHCP or DNS spoofing
• BeEFAutorun : Autoruns BeEF modules based on a client's OS or browser type
• AppCachePoison : Performs HTML5 App-Cache poisoning attacks
• Ferret-NG : Transperently hijacks client sessions
• BrowserProfiler : Attempts to enumerate all browser plugins of connected clients
• FilePwn : Backdoor executables sent over HTTP using the Backdoor Factory and BDFProxy
• Inject : Inject arbitrary content into HTML content
• BrowserSniper : Performs drive-by attacks on clients with out-of-date browser plugins
• JSkeylogger : Injects a Javascript keylogger into a client's webpages
• Replace : Replace arbitrary content in HTML content
• SMBAuth : Evoke SMB challenge-response authentication attempts
• Upsidedownternet : Flips images 180 degrees

We'll just be considering one of these: FilePwn. We'll be using an HTTP proxy, and a backdoor factory, to inject backdoor executables via HTTP.