Author Topic: Subterfuge Automated Man-in-the-Middle Attack Framework  (Read 21022 times)

undi

  • Newbie
  • *
  • Posts: 14
    • View Profile
Quote
Walk into Starbucks, plop down a laptop, click start, watch the credentials roll in. Enter Subterfuge, a Framework to take the arcane art of Man-in-the-Middle Attack and make it as simple as point and shoot. A beautiful, easy to use interface which produces a more transparent and effective attack is what sets Subterfuge apart from other attack tools. Subterfuge demonstrates vulnerabilities in the ARP Protocol by harvesting credentials that go across the network, and even exploiting machines through race conditions. Now walk into a corporation…

A rapidly-expanding portion of today’s Internet strives to increase personal efficiency by turning tedious or complex processes into a framework which provides instantaneous results. On the contrary, much of the information security community still finds itself performing manual, complicated tasks to administer and protect their computer networks. Given the increase in automated hacking tools, it is surprising that a simplistic, “push-button” tool has not been created for information security professionals to validate their networks’ ability to protect against a Man-In-The-Middle attack. Subterfuge is a small but devastatingly effective credential-harvesting program which exploits a vulnerability in the Address Resolution Protocol. It does this in a way that a non-technical user would have the ability, at the push of a button, to harvest all of the usernames and passwords of victims on their connected network, thus equipping information and network security professionals with a “push-button” security validation tool.

https://code.google.com/p/subterfuge/

Great tool for MitM attacks looks promising still in early development but currently have a working credentials harvestor with a beta 2 approaching with metaspoit support.



crackajack

  • Newbie
  • *
  • Posts: 25
    • View Profile
Reply #1 on: May 03, 2012, 04:34:40 PM
Yes, it looks interesting. Seems to have about 7 plugins at the moment - including a wireless suite of tools and some evilgrade tool.
Apparently, it's able to watch the victim's webpages on-the-fly [live].
Here's a good instruction vid for install and usage.

http://www.youtube.com/watch?v=I7yEHSRxRVk&feature=share
« Last Edit: May 03, 2012, 06:00:57 PM by crackajack »



crackajack

  • Newbie
  • *
  • Posts: 25
    • View Profile
Reply #2 on: May 03, 2012, 05:34:21 PM
l'm testing it at the moment, but it seems very buggy.
lt's picked up some forum user/pass details [smoother than yamas], but doesn't seem to work on email accounts - didn't pick any up [l tried 3].
Also, l can't seem to get the a couple of the other plugins to work. lt is BETA after all. l'll wait for the final l think.



undi

  • Newbie
  • *
  • Posts: 14
    • View Profile
Reply #3 on: May 03, 2012, 09:59:15 PM
Yea deffo one to keep an eye on guys, looks like this could be the MitM tool we've all been waiting for!



undi

  • Newbie
  • *
  • Posts: 14
    • View Profile
Reply #4 on: May 09, 2012, 11:16:06 AM
Update Beta 2 now available with metasploit and tunning blocking capabilities



ZEROF

  • Hero Member
  • *****
  • Posts: 1245
    • View Profile
    • Pen Tester
Reply #5 on: May 09, 2012, 04:49:22 PM
Hi,

Thank you for update !


Don't ask, read : http://wiki.backbox.org
or just run sudo rm -rf /*


crackajack

  • Newbie
  • *
  • Posts: 25
    • View Profile
Reply #6 on: May 10, 2012, 06:34:50 PM
Version 2.1 was put up 13 hours ago.



crackajack

  • Newbie
  • *
  • Posts: 25
    • View Profile
Reply #7 on: May 10, 2012, 08:01:30 PM
 ??? Has anyone else tried this, because l'm only getting problems. The new version seem to be worse than the previous one. lt's a real job getting it to start and when it does it completley freezing up my network. l know yamas acts in a similar way [you have to refresh the page for it to work] 'cos sslstrip seriously slows the network.
l'd advice you to leave it alone until they iron out all the bugs, because it's not usable right now IMO [l could be wrong of course].