- Credential Harvester
- Http Injection Code
- Session Hijacking
- Race Condition Exploitation
- Evilgrade update exploitation
- Wireless attack suite
- and more …
The 2.0 release added significant modularity and stability to the framework. ARP Cache Poisoning is made much more stable and efficient due to significant changes in arpmitm. Additional changes to arpmitm give it more stability and stealth then existing tools. This release also includes a Module Builder (unfinished) to give a sneak peak at how expanding the framework will work. Further modifications to SSLStrip allow for more information to be gathered on victims.
|Platform : Unix/Linux|
Unpack and run “python install.py -i” for full installation. Requires Linux kernel 2.6 or greater and Python 2.7.
Harvesting Module is functional.
Code Injection Module is functional. Now with Metasploit!
Requires Metasploit to be installed and in PATH
Module Builder (unfinished)!
New Tunnel Block Module!
GUI may not begin refreshing after the ARP Poison begins. Refresh the page to fix.
All modules have a folder in this directory from which they run.
22 Enhancement Accepted Medium —- Mtoussain › Config File Revamp
Inserted buffer room between Subterfuge Main Configuration and Module Configuration
Updated Incorrect Comments in Config File
Sectioned off the Config File
Added local IP Address
Added Metasploit DIR section
29 Enhancement Accepted High —- Mtoussain › Module Builder
Added Module Section to urls.py
Created Builder Module
build() -> makes the directory structure for a new app
create() -> creates appropriate files to host a new module
Decreased Program refresh rate to reduce Terminal Spam
Removed “AJAX Request” to reduce Terminal Spam
13 Defect Accepted Medium —- Mtoussain › Finish Code Injection
- Reworked HTTP Code Injection Module
- Views moved into modules
- Created modules/httpcodeinjection/
- Altered SSLStrip to track IP Addresses
- Added Database Compatability
- Refresh injection on AJAX load of main page
- Tooled in Metasploit
- Created three injection payloads (IFRAME Injection, POPUP, Window Redirect)
- Added uninstaller to package
- Added Dynamic IP Address Recognition
Fixed an issue with arpmitm concerning a ‘NoneType error’ due to nonstandard gateways
19 Defect Accepted High —- Mtoussain › Fix GUI on small screens
Corrected an issue that caused the Plugin Settings box to align improperly on screens with low resolution
27 Defect Accepted High —- Mtoussain › Settings page Start button bug
35 Defect Accepted Critical —- topher › ARPMITM stability and reliability
28 Defect Accepted High —- Mtoussain › Improper start using specific external server ip address
36 Defect New Medium —- —- › Cannot change port.
Subterfuge – Anatomy of the Attack Dmonstration