The author does not hold any responsibility for the bad use of this tool, remember that attacking targets without prior consent its illegal and punished by law.
Changelog Morpheus v2.0 Module Update:
– Firefox browser heap-spray – buffer overflow
– Android browser heap-spray – buffer overflow
– Tor-browser heap-spray(windows) – buffer overflow
– Clone website + keylooger – javascritp_keylooger
– Modem/router login webpage – javascritp_keylooger
– Replace website images – img src=http://other
– Replace website text – replace: worlds
morpheus framework automates tcp/udp packet manipulation tasks by using etter filters to manipulate target requests/responses under MitM attacks replacing the tcp/udp packet contents by our contents befor forward the packet back to the target host…
1º – attacker -> arp poison local lan (mitm)
2º – target -> requests webpage from network (wan)
3º – attacker -> modifies webpage response (contents)
4º – attacker -> modified packet its forward back to target host
morpheus ships with some pre-configurated filters but it will allow users to improve them when lunching the attack (morpheus scripting console). In the end of the attack morpheus will revert the filter back to is default stage, this will allow users to improve filters at running time without the fear of messing with filter command syntax and spoil the filter.
1º – morpheus will fail if target system its protected againt arp poison atacks
2º – downgrade attacks will fail if browser target as installed only-https addon’s
3º – target system sometimes needs to clear netcache for arp poison to be effective
4º – many attacks described in morpheus may be droped by target HSTS detection sys.
Use and Download:
git clone https://github.com/r00t-3xp10it/morpheus && morpheus