MITMf

MITMf aims to provide a one-stop-shop for Man-In-The-Middle and network attacks while updating and improving existing attacks and techniques. Originally built to address the significant shortcomings of other tools (e.g Ettercap, Mallory), it's been almost completely rewritten from scratch to provide a modular and easily extendible framework that anyone can use to implement their own MITM attack. The framework contains a built-in SMB, HTTP and DNS server that can be controlled and used by the various plugins, it also contains a modified version of the SSLStrip proxy that allows for HTTP modification and a partial HSTS bypass. As of version 0.9.8, MITMf supports active packet filtering and manipulation (basically what better filters did, only better), allowing users to modify any type of traffic or protocol. The configuration file can be edited on-the-fly while MITMf is running, the changes will be passed down through the framework.

Features

The framework contains a built-in SMB, HTTP and DNS
As of version 0.9.8, MITMf supports active packet filtering and manipulation
The configuration file can be edited on-the-fly while MITMf is running
MITMf will capture FTP, IRC, POP, IMAP, Telnet, SMTP, SNMP
Responder integration allows for LLMNR, NBT-NS and MDNS poisoning and WPAD rogue server support
You can now modify any packet/protocol that gets intercepted by MITMf

Project Samples

Project Activity

See All Activity >

License

GNU General Public License version 3.0 (GPLv3)

Follow MITMf

MITMf Web Site

User Reviews

Be the first to post a review of MITMf!

Additional Project Details

Programming Language

Python

Related Categories

Python Frameworks, Python MiTM (Man-in-The-Middle) Attack Tool

Registered

2022-11-18

Similar Business Software

Carbide

Carbide is a tech-enabled service that strengthens your company’s information security and privacy management capabilities. Our platform and expert services are tailored for companies aiming for a sophisticated security posture, particularly valuable for organizations that must meet rigorous...

See Software
Aikido Security

Secure your code, cloud, and runtime in one central system. Aikido’s all-in-one security platform is loved by developers and security teams alike with full security visibility, insight in what matters most, and fast/automatic vulnerability fixes. Teams get security done with Aikido thanks...

See Software
Astra Pentest

Astra’s Pentest is a comprehensive penetration testing solution with an intelligent automated vulnerability scanner coupled with in-depth manual pentesting. On top of 10000+ tests including security checks for all CVEs mentioned in the OWASP top 10, and SANS 25, the automated scanner also...

See Software
Quantum Armor

Your attack surface is the sum of every attack vector that can be used to breach your perimeter defenses. In other words, it is the total quantity of information you are exposing to the outside world. Typically, the larger the attack surface, the more opportunities hackers will have to find a...

See Software
Quixxi

Quixxi is a leading provider of mobile app security solutions that empowers enterprises and security professionals to secure their mobile applications. Quixxi is proud to be the only provider of a patented and proprietary mobile app security solution. Our services includes SCAN, SHIELD, and...

See Software
Detectify

Detectify sets the standard for External Attack Surface Management (EASM), providing 99.7% accurate vulnerability assessments. ProdSec and AppSec teams trust Detectify to expose exactly how attackers will exploit their Internet-facing applications. The Detectify platform automates continuous...

See Software