Espionage - A Linux Packet Sniffing Suite For Automated MiTM Attacks

Espionage is a network packet sniffer that intercepts large amounts of data being passed through an interface. The tool allows users to to run normal and verbose traffic analysis that shows a live feed of traffic, revealing packet direction, protocols, flags, etc. Espionage can also spoof ARP so,...

Destructive and MiTM Capabilities of VPNFilter Malware Revealed

It turns out that the threat of the massive VPNFilter botnet malware that was discovered late last month is beyond what we initially thought. Security researchers from Cisco's Talos cyber intelligence have today uncovered more details about VPNFilter malware, an advanced piece of IoT botnet malwa...

Rockstar Games: Login form on non-HTTPS page

Summary: ======= A page on a microsite is not fully protected by an SSL certificate. This could allow an attacker in a Man-in-the-Middle position to obtain usernames and passwords of users visiting the site. Description: ======= On the Red Dead Redemption subpage, the comments section on news...

Netgear Router Vulnerabilities Public Exploits

A vulnerability in Netgear routers, already disclosed by two sets of researchers at different security companies, has been publicly exploited. Netgear, meanwhile, has yet to release patched firmware, despite apparently having built one and confirmed with one of the companies that privately...

Rogue Wi-Fi Access Point: 3vilTwinAttacker

This tool create an rogue Wi-Fi access point , purporting to provide wireless Internet services, but snooping on the traffic 3vilTwinAttacker is security tool that provide the Rogue access point to Man-In-The-Middle and network attacks. purporting to provide wireless Internet services, but snoopi...

Automate Security Audit: netool.sh

Netool is a toolkit written in bash, python and ruby and provides easy automation for frameworks like Nmap, Driftnet, Sslstrip, Metasploit and Ettercap – mostly MitM attacks. This toolkit makes tasks as SNIFFING tcp/udp traffic, Man-In-The-Middle attacks, SSL-sniff, DNS-spoofing, D0S attacks in...

MITMf - Framework for Man-In-The-Middle attacks

Framework for Man-In-The-Middle attacks Available plugins SMBtrap - Exploits the 'SMB Trap' vulnerability on connected clients Screenshotter - Uses HTML5 Canvas to render an accurate screenshot of a clients browser Responder - LLMNR, NBT-NS, WPAD and MDNS poisoner SSLstrip+ - Partially bypass...

New MySQL Bug Can Strip SSL Protection From Connections

Researchers have identified a serious vulnerability in some versions of Oracle’s MySQL database product that allows an attacker to strip SSL/TLS connections of their security wrapping transparently. The vulnerability is the result of the way that an option in MySQL handles requests for secure...

3vilTwinAttacker - Create Rogue Wi-Fi Access Point and Snooping on the Traffic

This tool create an rogue Wi-Fi access point , purporting to provide wireless Internet services, but snooping on the traffic. Software dependencies: Recommended to use Kali linux. Ettercap. Sslstrip. Airbase-ng include in aircrack-ng. DHCP. Nmap. Install DHCP in Debian-based Ubuntu $ sudo apt-get...

netool.sh - MitM Pentesting Opensource T00lkit

netool.sh toolkit provides a fast and easy way For new arrivals to IT security pentesting and also to experience users to use allmost all features that the Man-In-The-Middle can provide under local lan, since scanning, sniffing and social engeneering attacks "spear phishing attacks"... DESCRIPTIO...

itBit Exchange: ITBit Vulnerable to SSLSTrip

www.itbit.com details: High Level, description It is possible for a malicious user to capture credential information of a www.itbit.com user with the use of SSLStrip. The scenario is that if a user is in a internet cafe and browses the internet while a malicious user intercepts his traffic, the w...

New Signal App Brings Encrypted Calling to iPhone

iPhone users concerned about government surveillance efforts putting unencrypted calls at risk now have a free app at their disposal that brings secure communication to the Apple phone. Open WhisperSystems, developers of RedPhone for Android, have developed a similar app for iPhone called Signal,...

Tor Exit Relay Scanner: Exitmap

Tor is one of the best and freely available privacy software that lets people communicate anonymously online through a series of nodes that is designed to provide anonymity for users and bypass Internet censorship. An exit node, the final destination in the series of servers Tor users hop through...

Malicious Russian Tor Exit Relays Intercepting encrypted Traffic of Facebook Users

Tor is one of the best and freely available privacy software that lets people communicate anonymously online through a series of nodes that is designed to provide anonymity for users and bypass Internet censorship. When you use the Tor software, your IP address remains hidden and it appears that...

Small Number of Malicious Tor Exit Relays Snooping Traffic

A small number of Tor exit relays are misbehaving, conducting man-in-the-middle attacks and monitoring encrypted traffic from users of the anonymity network. Researchers from Karlstad University in Sweden published a paper this week examining the malicious behavior of some Tor exit relays and fou...

[FruityWifi v1.0] Wireless network auditing tool

FruityWifi is a wireless network auditing tool based in the wifi Pineapple. The application can be installed in any Debian based system adding the extra packages. Tested in Debian, Kali Linux, Kali Linux ARM Raspberry Pi, Raspbian Raspberry Pi. Services Wireless: Start|Stop wireless access point...

[ARPwner] ARP and DNS Poisoning Attack Tool

ARPwner is a tool to do ARP poisoning and DNS poisoning attacks, with a simple GUI and a plugin system to do filtering of the information gathered, also has a implementation of sslstrip and is coded 100% in python and on Github, so you can modify according to your needs. This tool was released by...

Moxie Marlinspike Leaving Twitter Security Team

Twitter has been collecting a lot of security talent in the last year or so, but now a major piece of the company’s security team is leaving. Moxie Marlinspike, the creative security and privacy researcher who founded Whisper Systems, which was acquired by Twitter in 2011, said on Friday that he ...

Researcher Charlie Miller Joins Twitter Security Team

Twitter quietly is assembling a serious security team, with the most recent addition being Charlie Miller, the security researcher known for finding a long line of bugs in the iPhone and other Apple products. Miller, a respected and prolific researcher, will join the social network’s security tea...

Replacing the CA System, Millions of Clients at a Time

The Internet was not designed to be a secure network, not by any stretch of the imagination. It was meant to enable giant PDPs and IMPs at one college to talk to their brethren at another college across the country. SSL was an attempt to impose some level of security and trustability on this syst...