Update Subterfuge v-2.0 – Automated Man-in-the-Middle Attack Framework

General Features : 
  • Credential Harvester
  • Http Injection Code
  • Session Hijacking
  • Race Condition Exploitation
  • Evilgrade update exploitation
  • Wireless attack suite
  • and more …

The 2.0 release added significant modularity and stability to the framework. ARP Cache Poisoning is made much more stable and efficient due to significant changes in  arpmitm. Additional changes to arpmitm give it more stability and stealth then existing tools. This release also includes a Module Builder (unfinished) to give a sneak peak at how expanding the framework will work. Further modifications to SSLStrip allow for more information to be gathered on victims.

Platform : Unix/Linux

Unpack and run “python install.py -i” for full installation. Requires Linux kernel  2.6 or greater and Python 2.7.

Harvesting Module is functional.
Code Injection Module is functional. Now with Metasploit!
Requires Metasploit to be installed and in PATH
Module Builder (unfinished)!

New Tunnel Block Module!

Known Defects:
GUI may not begin refreshing after the ARP Poison begins. Refresh the page to fix.


Program Structure:
Removed reap/
Removed sow/
Added cease/
Added utilities/
Added modules/
All modules have a folder in this directory from which they run.

22     Enhancement    Accepted       Medium    —-     Mtoussain          ›     Config File Revamp

Inserted buffer room between Subterfuge Main Configuration and Module Configuration
Updated Incorrect Comments in Config File
Sectioned off the Config File
Added local IP Address
Added Metasploit DIR section

29     Enhancement    Accepted       High       —-     Mtoussain          ›     Module Builder

Reworked templates/plugin.ext
Created templates/mods/
Added Module Section to urls.py
Created Builder Module
Created modules/views.py
build()  -> makes the directory structure for a new app
create() -> creates appropriate files to host a new module

Decreased Program refresh rate to reduce Terminal Spam
Removed “AJAX Request” to reduce Terminal Spam


13     Defect          Accepted       Medium    —-     Mtoussain          ›     Finish Code Injection

Module :

  •  Reworked HTTP Code Injection Module
  •  Views moved into modules
  •  Created modules/httpcodeinjection/
  •  Altered SSLStrip to track IP Addresses
  •  Added Database Compatability
  •  Refresh injection on AJAX load of main page
  •  Tooled in Metasploit
  •  Created three injection payloads (IFRAME Injection, POPUP, Window Redirect)
  • Added uninstaller to package
  • Added Dynamic IP Address Recognition

   New Modules:
Tunnel Blocker

Bug Fixes:
Fixed an issue with arpmitm concerning a ‘NoneType error’ due to nonstandard gateways

19     Defect          Accepted       High       —-     Mtoussain          ›     Fix GUI on small screens

Corrected an issue that caused the Plugin Settings box to align improperly on screens with low resolution

27     Defect          Accepted       High       —-     Mtoussain          ›     Settings page Start button bug
35     Defect          Accepted       Critical    —-     topher            ›   ARPMITM stability and reliability

28     Defect          Accepted       High       —-     Mtoussain          ›     Improper start using specific external server ip address
36     Defect          New          Medium    —-     —-                   ›   Cannot change port.

Subterfuge – Anatomy of the Attack Dmonstration


Download latest version :  SubterfugePublicBeta2.0.tar.gz (16.8 MB)
Find Other version |
Read more in here : http://code.google.com/p/subterfuge/