mitm6 is a pentesting tool that exploits the default configuration of Windows to take over the default DNS server.

Related tags

Networkingmitm6
Overview

mitm6

Python 2.7 and 3 compatible PyPI version License: GPLv2

mitm6 is a pentesting tool that exploits the default configuration of Windows to take over the default DNS server. It does this by replying to DHCPv6 messages, providing victims with a link-local IPv6 address and setting the attackers host as default DNS server. As DNS server, mitm6 will selectively reply to DNS queries of the attackers choosing and redirect the victims traffic to the attacker machine instead of the legitimate server. For a full explanation of the attack, see our blog about mitm6. Mitm6 is designed to work together with ntlmrelayx from impacket for WPAD spoofing and credential relaying.

Dependencies and installation

mitm6 is compatible with both Python 2.7 and 3.x. You can install the requirements for your version with pip install -r requirements.txt. In both cases, mitm6 uses the following packages:

  • Scapy
  • Twisted
  • netifaces

For python 2.7, it uses the ipaddress backport module. You can install the latest release from PyPI with pip install mitm6, or the latest version from source with python setup.py install after cloning this git repository.

Usage

After installation, mitm6 will be available as a command line program called mitm6. Since it uses raw packet capture with Scapy, it should be run as root. mitm6 should detect your network settings by default and use your primary interface for its spoofing. The only option you will probably need to specify is the AD domain that you are spoofing. For advanced tuning, the following options are available:

usage: mitm6.py [-h] [-i INTERFACE] [-l LOCALDOMAIN] [-4 ADDRESS] [-6 ADDRESS]
                [-m ADDRESS] [-a] [-v] [--debug] [-d DOMAIN] [-b DOMAIN]
                [-hw DOMAIN] [-hb DOMAIN] [--ignore-nofqdn]

mitm6 - pwning IPv4 via IPv6
For help or reporting issues, visit https://github.com/fox-it/mitm6

optional arguments:
  -h, --help            show this help message and exit
  -i INTERFACE, --interface INTERFACE
                        Interface to use (default: autodetect)
  -l LOCALDOMAIN, --localdomain LOCALDOMAIN
                        Domain name to use as DNS search domain (default: use
                        first DNS domain)
  -4 ADDRESS, --ipv4 ADDRESS
                        IPv4 address to send packets from (default:
                        autodetect)
  -6 ADDRESS, --ipv6 ADDRESS
                        IPv6 link-local address to send packets from (default:
                        autodetect)
  -m ADDRESS, --mac ADDRESS
                        Custom mac address - probably breaks stuff (default:
                        mac of selected interface)
  -a, --no-ra           Do not advertise ourselves (useful for networks which
                        detect rogue Router Advertisements)
  -v, --verbose         Show verbose information
  --debug               Show debug information

Filtering options:
  -d DOMAIN, --domain DOMAIN
                        Domain name to filter DNS queries on (Whitelist
                        principle, multiple can be specified.)
  -b DOMAIN, --blacklist DOMAIN
                        Domain name to filter DNS queries on (Blacklist
                        principle, multiple can be specified.)
  -hw DOMAIN, --host-whitelist DOMAIN
                        Hostname (FQDN) to filter DHCPv6 queries on (Whitelist
                        principle, multiple can be specified.)
  -hb DOMAIN, --host-blacklist DOMAIN
                        Hostname (FQDN) to filter DHCPv6 queries on (Blacklist
                        principle, multiple can be specified.)
  --ignore-nofqdn       Ignore DHCPv6 queries that do not contain the Fully
                        Qualified Domain Name (FQDN) option.

You can manually override most of the autodetect options (though overriding the MAC address will break things). If the network has some hardware which blocks or detects rogue Router Advertisement messages, you can add the --no-ra flag to not broadcast those. Router Advertisements are not needed for mitm6 to work since it relies mainly on DHCPv6 messages.

Filtering options

Several filtering options are available to select which hosts you want to attack and spoof. First there are the --host-whitelist and --host-blacklist options (or -hw and -hb for short), which take a (partial) domain as argument. Incoming DHCPv6 requests will be filtered against this list. The property checked is the DHCPv6 FQND option, in which the client provides its hostname. The same applies for DNS requests, for this the --domain option (or -d) is available, where you can supply which domain(s) you want to spoof. Blocking specific domains is also possible with --blacklist/-b. Both parameters can be specified multiple times to include/block multiple domains (for example -d domain.local -d otherdomain.local -b somehost.domain.local -b somehost.otherdomain.local).

For both the host and DNS filtering, simple string matching is performed. So if you choose to reply to wpad, it will also reply to queries for wpad.corpdomain.com. If you want more specific filtering, use both the whitelist and blacklist options, since the blacklist takes precedence over the whitelist. By default the first domain specified will be used as the DNS search domain, if you explicitliy want to specify this domain yourself use the --localdomain option.

About network impact and restoring the network

mitm6 is designed as a penetration testing tool and should thus impact the network as little as possible. This is the main reason mitm6 doesn't implement a full man-in-the-middle attack currently, like we see in for example the SLAAC attack. To further minimize the impact, the IP addresses assigned have low time-to-live (TTL) values. The lease will expire within 5 minutes when mitm6 is stopped, which will remove the DNS server from the victims configuration. To prevent DNS replies getting cached, all replies are sent with a TTL of 100 seconds, which makes sure the cache is cleared within minutes after the tool exits.

Usage with ntlmrelayx

mitm6 is designed to be used with ntlmrelayx. You should run the tools next to each other, in this scenario mitm6 will spoof the DNS, causing victims to connect to ntlmrelayx for HTTP and SMB connections. For this you have to make sure to run ntlmrelayx with the -6 option, which will make it listen on both IPv4 and IPv6. To obtain credentials for WPAD, specify the WPAD hostname to spoof with -wh HOSTNAME (any non-existing hostname in the local domain will work since mitm6 is the DNS server). Optionally you can also use the -wa N parameter with a number of attempts to prompt for authentication for the WPAD file itself in case you suspect victims do not have the MS16-077 patch applied.

Detection

The Fox-IT Security Research Team team has released Snort and Suricata signatures to detect rogue DHCPv6 traffic and WPAD replies over IPv6. The signatures are available here: https://gist.github.com/fox-srt/98f29051fe56a1695de8e914c4a2373f

Comments
  • Scapy Error

    Scapy Error

    getting this error after a fresh install on Kali 2019.1

    Unsure if it's something with my install. Tried different versions of mitm6.

    anyways below is the error:

    Traceback (most recent call last):
      File "/usr/local/bin/mitm6", line 11, in <module>
        load_entry_point('mitm6==0.2.1', 'console_scripts', 'mitm6')()
      File "build/bdist.linux-x86_64/egg/mitm6/mitm6.py", line 366, in main
        reactor.run()
      File "/usr/local/lib/python2.7/dist-packages/twisted/internet/base.py", line 1267, in run
        self.mainLoop()
      File "/usr/local/lib/python2.7/dist-packages/twisted/internet/base.py", line 1276, in mainLoop
        self.runUntilCurrent()
    --- <exception caught here> ---
      File "/usr/local/lib/python2.7/dist-packages/twisted/internet/base.py", line 875, in runUntilCurrent
        f(*a, **kw)
      File "build/bdist.linux-x86_64/egg/mitm6/mitm6.py", line 272, in parsepacket
        if arpp.op is arpp.is_at:
      File "/usr/local/lib/python2.7/dist-packages/scapy/packet.py", line 326, in __getattr__
        return self.payload.__getattr__(attr)
      File "/usr/local/lib/python2.7/dist-packages/scapy/packet.py", line 326, in __getattr__
        return self.payload.__getattr__(attr)
      File "/usr/local/lib/python2.7/dist-packages/scapy/packet.py", line 324, in __getattr__
        fld, v = self.getfield_and_val(attr)
      File "/usr/local/lib/python2.7/dist-packages/scapy/packet.py", line 1427, in getfield_and_val
        raise AttributeError(attr)
    exceptions.AttributeError: is_at
    
    opened by x90skysn3k 9
  • Troubleshooting Unhandled Error: list index out of range

    Troubleshooting Unhandled Error: list index out of range

    Hi, running into an issue on the new Kali instance where mitm6 (from source and pip) are spitting out unhandled errors. I've attempted to ensure all the requirements are installed, adequate versions, and compared to other machines where things seem to be working.

    Any thoughts or pointers as to what might be happening, I'm exhausting my ideas. --debug and -v flags don't seem to return any additional data of value.

    Linux kali 5.2.0-kali3-amd64 #1 SMP Debian 5.2.17-1kali2 (2019-10-17) x86_64 GNU/Linux

    Starting mitm6 using the following configuration:
    Primary adapter: eth0 [28:92:xx:xx:70:5a]
    IPv4 address: 192.168.xx.68
    IPv6 address: fe80::xxxx:xxxx:xxxx:705a
    Warning: Not filtering on any domain, mitm6 will reply to all DNS queries.
    Unless this is what you want, specify at least one domain with -d
    Unhandled Error
    Traceback (most recent call last):
      File "/usr/local/bin/mitm6", line 8, in <module>
        sys.exit(main())
      File "/usr/local/lib/python3.7/dist-packages/mitm6/mitm6.py", line 377, in main
        reactor.run()
      File "/usr/local/lib/python3.7/dist-packages/twisted/internet/base.py", line 1283, in run
        self.mainLoop()
      File "/usr/local/lib/python3.7/dist-packages/twisted/internet/base.py", line 1292, in mainLoop
        self.runUntilCurrent()
    --- <exception caught here> ---
      File "/usr/local/lib/python3.7/dist-packages/twisted/internet/base.py", line 886, in runUntilCurrent
        f(*a, **kw)
      File "/usr/local/lib/python3.7/dist-packages/mitm6/mitm6.py", line 275, in parsepacket
        print('IPv6 address %s is now assigned to %s' % (p[DHCP6OptIA_NA].ianaopts[0].addr, pcdict[p.src]))
    builtins.IndexError: list index out of range
    

    PIP install logs for reference and version info.

    Collecting mitm6
      Using cached https://files.pythonhosted.org/packages/b3/4a/41f2b53f280ae0323c608887ae63c6496a10d4351c6adaee41c26eda4d70/mitm6-0.2.2-py3-none-any.whl
    Processing /root/.cache/pip/wheels/95/bf/51/905b3e84ec4ca910ce4ae92173c7334623105a265bdd1d9438/scapy-2.4.3-py2.py3-none-any.whl
    Processing /root/.cache/pip/wheels/23/8f/f3/7054578f04c904f70757c5c85a6e2823baa69d42365526e93d/netifaces-0.10.9-cp37-cp37m-linux_x86_64.whl
    Collecting twisted
      Using cached https://files.pythonhosted.org/packages/06/28/2a433e147de68c8416aa0179c45e67b67161f5c0f24aaaf1723f6229f574/Twisted-19.10.0-cp37-cp37m-manylinux1_x86_64.whl
    Collecting hyperlink>=17.1.1
      Using cached https://files.pythonhosted.org/packages/7f/91/e916ca10a2de1cb7101a9b24da546fb90ee14629e23160086cf3361c4fb8/hyperlink-19.0.0-py2.py3-none-any.whl
    Requirement already satisfied: attrs>=17.4.0 in /usr/lib/python3/dist-packages (from twisted->mitm6) (18.2.0)
    Collecting PyHamcrest>=1.9.0
      Using cached https://files.pythonhosted.org/packages/9a/d5/d37fd731b7d0e91afcc84577edeccf4638b4f9b82f5ffe2f8b62e2ddc609/PyHamcrest-1.9.0-py2.py3-none-any.whl
    Collecting incremental>=16.10.1
      Using cached https://files.pythonhosted.org/packages/f5/1d/c98a587dc06e107115cf4a58b49de20b19222c83d75335a192052af4c4b7/incremental-17.5.0-py2.py3-none-any.whl
    Collecting constantly>=15.1
      Using cached https://files.pythonhosted.org/packages/b9/65/48c1909d0c0aeae6c10213340ce682db01b48ea900a7d9fce7a7910ff318/constantly-15.1.0-py2.py3-none-any.whl
    Collecting zope.interface>=4.4.2
      Using cached https://files.pythonhosted.org/packages/40/e7/7e1060c2826d6b8c25bebbd1c96177f4b85ecfe3e2478d31acf9eaca3a11/zope.interface-4.7.1-cp37-cp37m-manylinux2010_x86_64.whl
    Collecting Automat>=0.3.0
      Using cached https://files.pythonhosted.org/packages/e5/11/756922e977bb296a79ccf38e8d45cafee446733157d59bcd751d3aee57f5/Automat-0.8.0-py2.py3-none-any.whl
    Collecting idna>=2.5
      Using cached https://files.pythonhosted.org/packages/14/2c/cd551d81dbe15200be1cf41cd03869a46fe7226e7450af7a6545bfc474c9/idna-2.8-py2.py3-none-any.whl
    Collecting six
      Using cached https://files.pythonhosted.org/packages/65/26/32b8464df2a97e6dd1b656ed26b2c194606c16fe163c695a992b36c11cdf/six-1.13.0-py2.py3-none-any.whl
    Collecting setuptools
      Using cached https://files.pythonhosted.org/packages/54/28/c45d8b54c1339f9644b87663945e54a8503cfef59cf0f65b3ff5dd17cf64/setuptools-42.0.2-py2.py3-none-any.whl
    Installing collected packages: scapy, netifaces, idna, hyperlink, six, setuptools, PyHamcrest, incremental, constantly, zope.interface, Automat, twisted, mitm6
    Successfully installed Automat-0.8.0 PyHamcrest-1.9.0 constantly-15.1.0 hyperlink-19.0.0 idna-2.8 incremental-17.5.0 mitm6-0.2.2 netifaces-0.10.9 scapy-2.4.3 setuptools-42.0.2 six-1.13.0 twisted-19.10.0 zope.interface-4.7.1
    
    opened by W9HAX 7
  • socket.gaierror

    socket.gaierror

    I installed on kali via pip install mitm6, but I always get this error:

    Unless this is what you want, specify at least one domain with -d
    Traceback (most recent call last):
      File "/usr/local/bin/mitm6", line 10, in <module>
        sys.exit(main())
      File "/usr/local/lib/python2.7/dist-packages/mitm6/mitm6.py", line 362, in main
        dnssock = setupFakeDns()
      File "/usr/local/lib/python2.7/dist-packages/mitm6/mitm6.py", line 284, in setupFakeDns
        addrinfo = socket.getaddrinfo(fulladdr, 53, socket.AF_INET6, socket.SOCK_DGRAM)
    socket.gaierror: [Errno -2] Name or service not known
    

    Any suggestions?

    opened by scorpius 5
  • global name 'IP' is not defined

    global name 'IP' is not defined

    After running mitm6 for a while, I begin seeing the following error:

    Unhandled Error Traceback (most recent call last): File "mitm6.py", line 286, in <module> main() File "mitm6.py", line 283, in main reactor.run() File "/root/.pyenv/versions/mitm6v2/local/lib/python2.7/site-packages/Twisted-17.9.0-py2.7-linux-x86_64.egg/twisted/internet/base.py", line 1243, in run self.mainLoop() File "/root/.pyenv/versions/mitm6v2/local/lib/python2.7/site-packages/Twisted-17.9.0-py2.7-linux-x86_64.egg/twisted/internet/base.py", line 1252, in mainLoop self.runUntilCurrent() --- <exception caught here> --- File "/root/.pyenv/versions/mitm6v2/local/lib/python2.7/site-packages/Twisted-17.9.0-py2.7-linux-x86_64.egg/twisted/internet/base.py", line 851, in runUntilCurrent f(*a, **kw) File "mitm6.py", line 212, in parsepacket send_dns_reply(p) File "mitm6.py", line 137, in send_dns_reply ip = p[IP] exceptions.NameError: global name 'IP' is not defined

    Restarting the application will result in this error reappearing. The only way I could fix it was reinstalling the application, but then the error reappeared.

    I installed the application in a pyenv virtualenv, python version 2.7.9.

    uname -a

    Linux XXXXXX 4.0.0-kali1-amd64 #1 SMP Debian 4.0.4-1+kali2 (2015-06-03) x86_64 GNU/Linux

    opened by daniel-infosec 4
  • Documentation for multiple domains?

    Documentation for multiple domains?

    Hi there, I'm trying to use multiple domains with the -d flag and I'm not confident it's working I tried:

    mitm6.py -d abc.local contoso.local But that errored out.

    mitm6.py -d abc.local,contoso.local and mitm6.py -d "abc.local contoso.local"

    both appear to produce the same output but the output I get looks like:

    Sent spoofed reply for machine.abc.local,contoso.local. to fe80::1234:1

    The documentation mentions that multiple domains are possible but i've been unable to find any examples or documentation detailing the expected format.

    Any help would be appreciated. Thanks!

    opened by infosecconsultant 3
  • Fix using non default interface

    Fix using non default interface

    When using a non default interface using the -i switch, the packets dont seem to be send from the correct interface. Thus, this patch correctly fix this behavior, when specifying the -i switch, all listening and sending are done through the selected interface.

    opened by laxa 3
  • added the possibility to invert the DNS configuration: you can now sp…

    added the possibility to invert the DNS configuration: you can now sp…

    …ecify a list to domain to reply to OR to ignore from your spoof using -I flag also added the switch -l localdomain to be more specific about which is the localdomain

    opened by theguly 3
  • mitm6 is quiet...TOO quiet?

    mitm6 is quiet...TOO quiet?

    Hello!

    I've got a brand spanking new Kali VM, fully updated with just a handful of tools on it - one of which (of course!) is mitm6. I ran it for the first time this week at a customer network, and here's what things look like when it fires up:

    /opt/mitm6/mitm6/mitm6.py:283: SyntaxWarning: "is" with a literal. Did you mean "=="?
      if arpp.op is 2:
    Unable to init server: Could not connect: Connection refused
    Unable to init server: Could not connect: Connection refused
    
    (mitm6.py:1237): Gdk-CRITICAL **: 08:38:54.206: gdk_cursor_new_for_display: assertion 'GDK_IS_DISPLAY (display)' failed
    Starting mitm6 using the following configuration:
    Primary adapter: eth0 [x:x:x:x:x:x]
    IPv4 address: x.x.x.x
    IPv6 address: x::x:x:x:x
    DNS local search domain: network.local
    DNS whitelist: network.local
    

    The screen just sat there for about 30 minutes and I was anxious to see results start rolling in, but all that eventually coughed up was:

    Unhandled Error
    Traceback (most recent call last):
      File "/opt/mitm6/mitm6/mitm6.py", line 380, in <module>
        main()
      File "/opt/mitm6/mitm6/mitm6.py", line 377, in main
        reactor.run()
      File "/usr/lib/python3/dist-packages/twisted/internet/base.py", line 1267, in run
        self.mainLoop()
      File "/usr/lib/python3/dist-packages/twisted/internet/base.py", line 1276, in mainLoop
        self.runUntilCurrent()
    --- <exception caught here> ---
      File "/usr/lib/python3/dist-packages/twisted/internet/base.py", line 875, in runUntilCurrent
        f(*a, **kw)
      File "/opt/mitm6/mitm6/mitm6.py", line 288, in parsepacket
        send_dns_reply(p)
      File "/opt/mitm6/mitm6/mitm6.py", line 179, in send_dns_reply
        if dns.qd.qclass != 1 or dns.qr != 0:
    builtins.AttributeError: 'NoneType' object has no attribute 'qclass'
    
    Unhandled Error
    Traceback (most recent call last):
      File "/opt/mitm6/mitm6/mitm6.py", line 380, in <module>
        main()
      File "/opt/mitm6/mitm6/mitm6.py", line 377, in main
        reactor.run()
      File "/usr/lib/python3/dist-packages/twisted/internet/base.py", line 1267, in run
        self.mainLoop()
      File "/usr/lib/python3/dist-packages/twisted/internet/base.py", line 1276, in mainLoop
        self.runUntilCurrent()
    --- <exception caught here> ---
      File "/usr/lib/python3/dist-packages/twisted/internet/base.py", line 875, in runUntilCurrent
        f(*a, **kw)
      File "/opt/mitm6/mitm6/mitm6.py", line 288, in parsepacket
        send_dns_reply(p)
      File "/opt/mitm6/mitm6/mitm6.py", line 179, in send_dns_reply
        if dns.qd.qclass != 1 or dns.qr != 0:
    builtins.AttributeError: 'NoneType' object has no attribute 'qclass'
    

    I let the session run a while longer but it was just radio silence after this.

    Any thoughts on what might be the issue?

    Thanks, Brian

    opened by 7MinSec 2
  • No reply in virtual machine

    No reply in virtual machine

    Hi basically I’ve set up mitm6 but I hear no response even if I turn off and on the machines in the network , why is this occurring? It would be nice to have an in depth explaination.

    image

    opened by olamission 1
  • full machine-in-the-middle attack

    full machine-in-the-middle attack

    mitm6 doesn't implement a full machine-in-the-middle attack currently, like we see in for example the SLAAC attack

    Any plans to support a full attack in the future? SLAAC attack requires a lot of tools and has been unstable in my experience. Perhaps NAT64+DNS64?

    opened by mrbluecoat 1
  • Error execution

    Error execution

    Hello,

    when I run mitm6 don't work, I have this error:

    Traceback (most recent call last):
      File "/usr/bin/mitm6", line 33, in <module>
        sys.exit(load_entry_point('mitm6==0.3.0', 'console_scripts', 'mitm6')())
      File "/usr/bin/mitm6", line 22, in importlib_load_entry_point
        for entry_point in distribution(dist_name).entry_points
      File "/usr/lib/python3.9/importlib/metadata.py", line 542, in distribution
        return Distribution.from_name(distribution_name)
      File "/usr/lib/python3.9/importlib/metadata.py", line 196, in from_name
        raise PackageNotFoundError(name)
    importlib.metadata.PackageNotFoundError: mitm6
    

    I have installed the requirements, my version of Python 3.9.12 and Linux 5.16.0-kali7-amd64 #1 SMP PREEMPT Debian 5.16.18-1k

    A greeting anf thanks

    opened by tXambe 1
  • Exception in HTTP request

    Exception in HTTP request

    Hello,

    I'm getting a message "Exception in the HTTP request handler: Port could not be cast to integer value as ':ffff:IP:445'

    Offhand I just wanted to know what if this has been seen before, if so what would be the resolve? a new install? Just install it from the repo clone.

    Thank you

    opened by jrod1481 0
  • 'KeyError: 2' when starting on an interface that has no IPv4 address

    'KeyError: 2' when starting on an interface that has no IPv4 address

    If I start mitm6 with -i to assign it to a specific interface, it chokes and stops with KeyError: 2 if this interface only has an IPv6 address, and no IPv4:

    # ip -6 address add fe80::800:27ff:fe00:0000/64 dev vboxnet0
    # ip link set vboxnet0 up
    # ip --brief a show
    lo               UNKNOWN        127.0.0.1/8 ::1/128 
    enp0s31f6        DOWN
    wlp0s20f3        UP             192.168.0.49/24 
    tun0             UNKNOWN        [removed]
    vboxnet0         UP             fe80::800:27ff:fe00:0/64 
    # mitm6 -i vboxnet0 -v --debug
    Traceback (most recent call last):
      File "/usr/local/bin/mitm6", line 8, in <module>
        sys.exit(main())
      File "/usr/local/pipx/venvs/mitm6/lib/python3.10/site-packages/mitm6/mitm6.py", line 369, in main
        config = Config(args)
      File "/usr/local/pipx/venvs/mitm6/lib/python3.10/site-packages/mitm6/mitm6.py", line 39, in __init__
        self.v4addr = netifaces.ifaddresses(self.default_if)[netifaces.AF_INET][0]['addr']
    KeyError: 2
    FAIL: 1
    

    If I assign an IPV4 address, it works fine and the virtual machine on vboxnet0 get spoofed:

    # ip address add 192.168.56.1/24 dev vboxnet0
    # mitm6 -i vboxnet0 -v --debug
    Starting mitm6 using the following configuration:
    Primary adapter: vboxnet0 [0a:00:27:00:00:00]
    IPv4 address: 192.168.56.1
    IPv6 address: fe80::800:27ff:fe00:0
    Warning: Not filtering on any domain, mitm6 will reply to all DNS queries.
    Unless this is what you want, specify at least one domain with -d
    WARNING: The conf.iface interface (tun0) does not support IPv6! Using vboxnet0 instead for routing!
    WARNING: The conf.iface interface (tun0) does not support IPv6! Using vboxnet0 instead for routing!
    WARNING: more The conf.iface interface (tun0) does not support IPv6! Using vboxnet0 instead for routing!
    IPv6 address fe80::192:168:56:3 is now assigned to mac=08:00:27:c6:9b:11 host= ipv4=192.168.56.3
    IPv6 address fe80::192:168:56:3 is now assigned to mac=08:00:27:c6:9b:11 host= ipv4=192.168.56.3
    Sent spoofed reply for time.windows.com. to fe80::97d:a5c7:a91b:f5f7
    
    opened by DidierA 2
  • Forcing or coercing HTTP to SMB authentication using the NetBIOS name of the relaying server

    Forcing or coercing HTTP to SMB authentication using the NetBIOS name of the relaying server

    Hi,

    Thank you for this tool. I use it all the time!

    A common attack on IPv4 I use is to passively force or actively coerce HTTP to SMB authentication to ntlmrelayx in order to relay to LDAP. This requires the use of the NetBIOS name of the relaying server in order for the targeted Windows installations to trust the connection address. Luckily Responder provides that NetBIOS name when running so I use that for this.

    I can execute the same attack as above on IPv6 using mitm6 but I still need Responder's NetBIOS name which means I need both mitm6 and Responder running at the same time targeting the same networks. Would it be possible for mitm6 to provide a NetBIOS name that can be used instead of Responder's? BTW, is it safe to use mitm6 and Responder at the same time in this way?

    Thanks!

    opened by jsdhasfedssad 0
  • Updated mitm6.py to include logging capabilities

    Updated mitm6.py to include logging capabilities

    Added an option (-o) to allow outputting the results of mitm6 into a log file. I find this to be very useful for my scenario since tee'ing the output of mitm6 doesn't seem to actually do anything until mitm6 closes. For my use case, I need to monitor mitm6's output in realtime and terminate it depending on conditions.

    opened by altjx 0
  • mitm6 doesn't work on VPN tunnel interface. "">

    mitm6 doesn't work on VPN tunnel interface. "mitm6 -i tun0 -d "

       valid_lft forever preferred_lft forever
    

    3: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 100 link/none inet 10.10.15.169/23 brd 10.10.15.255 scope global tun0 valid_lft forever preferred_lft forever inet6 dead:beef:2::11a7/64 scope global valid_lft forever preferred_lft forever inet6 fe80::e4e0:7a25:ea5d:b6ee/64 scope link stable-privacy valid_lft forever preferred_lft forever

    [email protected]:/opt/mitm6# mitm6 -i tun0 Traceback (most recent call last): File "/usr/local/bin/mitm6", line 8, in sys.exit(main()) File "/usr/local/lib/python3.8/dist-packages/mitm6/mitm6.py", line 340, in main config = Config(args) File "/usr/local/lib/python3.8/dist-packages/mitm6/mitm6.py", line 57, in init self.macaddr = netifaces.ifaddresses(self.default_if)[netifaces.AF_LINK][0]['addr'] KeyError: 17

    opened by ssc1982 2
Releases(v0.3.0)
Owner
Fox-IT
Fox-IT
Tiny Interactive File Transfer Application

TIFTA: Tiny Interactive File Transfer Application This repository holds all the source code, tests and documentation of the TIFTA software. The main g

Jorge Martínez 2 Dec 08, 2021
Monitoring plugin to check network interfaces with Icinga, Nagios and other compatible monitoring solutions

check_network_interface - Monitor network interfaces This is a monitoring plugin for Icinga, Nagios and other compatible monitoring solutions to check

DinoTools 3 Nov 15, 2022
Serves some data over HTTP, once. Based on the built-in Python module http.server

serve-me-once Serves some data over HTTP, once. Based on the built-in Python module http.server.

Peder Bergebakken Sundt 2 Jan 06, 2022
A Simple Web Server made by Python3.

A Simple Web Server made by Python3.

GGN_2015 2 Nov 27, 2021
A Python script that alerts via SMS when a stock is reaching an inflection point

TradeAlert Not sure what this will ultimately become, but for now, its a Python script that alerts via SMS when a stock is reaching an inflection poin

3 Feb 22, 2022
A tiny end-to-end latency testing tool implemented by UDP protocol in Python 📈 .

udp-latency A tiny end-to-end latency testing tool implemented by UDP protocol in Python 📈 . Features Compare with other existing latency testing too

Chuanyu Xue 5 Dec 02, 2022
Out-of-box Python RPC framework

typed-jsonrpc Out-of-box Python RPC framework. WIP. Make LSP easy for everyone. The conception of final usage: from typed_jsonrpc import * ls = Langu

Taine Zhao 4 Dec 28, 2021
Impacket is a collection of Python classes for working with network protocols.

What is Impacket? Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmat

SecureAuth Corporation 10.4k Jan 09, 2023
Scan any IP address except IPv6 using Python.

Port_Scanner-python To use this tool called "Console Port Scanner", you need to enter an IP address (NOT IPv6). It might take a long time to scan port

1 Dec 24, 2021
Godzilla traffic decoder Godzilla Decoder 是一个用于 哥斯拉Godzilla 加密流量分析的辅助脚本。

Godzilla Decoder 简介 Godzilla Decoder 是一个用于 哥斯拉Godzilla 加密流量分析的辅助脚本。 Godzilla Decoder 基于 mitmproxy,是mitmproxy的addon脚本。 目前支持 哥斯拉3.0.3 PhpDynamicPayload的

He Ruiliang 40 Dec 25, 2022
Web service load balancing simulation experiment.

Web service load balancing simulation experiment.

NicestZK 1 Nov 12, 2021
Herramienta para transferir eventos de Shadowserver REST API hacia Azure Blob Storage.

Herramienta para transferir eventos de Shadowserver REST API hacia Azure Blob Storage.

CSIRT-RD 1 Feb 04, 2022
GNS3 Graphical Network Simulator

GNS3-gui GNS3 GUI repository.

GNS3 1.7k Dec 29, 2022
Blockchain-Enabled IoT Sensor Framework that uses Augmented Reality and Artificial Intelligence.

Arduino + Raspberry Pi + Unity3D + Cloud + Hyperledger Our Mission: Keep it simple, leave no one behind. Blockchain-Enabled Smart Sensor Framework usi

DappAR 23 Dec 05, 2021
A Scapy implementation of SMS-SUBMIT and (U)SIM Application Toolkit command packets.

A Scapy implementation of SMS-SUBMIT and (U)SIM Application Toolkit command packets.

mnemonic 83 Dec 11, 2022
Eclipse zenoh Python API

Eclipse zenoh Python API Eclipse zenoh is an extremely efficient and fault-tolerant Named Data Networking (NDN) protocol that is able to scale down to

26 Jan 05, 2023
Tool to get the top 100 of the fastest nodes in the Tor network. Based on Kirzahk tool.

Tor Network Top 100 IPs Tool to get the top 100 of the fastest nodes in the Tor network. Based on Kirzahk tool. Just execute top100ipstor.py to get th

Juan Manuel 0 Jan 23, 2022
forward several ports into a single port

port forwarding Multi-Input-Single-Output forward several ports into a single one this tool forwards packets from several ports into one single port.

Erfan Kheyrollahi Qaroğlu 3 Sep 11, 2021
Dark Utilities - Cloudflare Uam Bypass

Dark Utilities - Cloudflare Uam Bypass

Inplex-sys 26 Dec 14, 2022
This is the code repository for the USENIX Security 2021 paper, "Weaponizing Middleboxes for TCP Reflected Amplification".

weaponizing-censors Censors pose a threat to the entire Internet. In this work, we show that censoring middleboxes and firewalls can be weaponized by

UMD Breakerspace 119 Dec 31, 2022