de£ index ( request ) t if request - is sl ja^c( ) = 1#Get Ciro ^fc creda *- credenti^Q #Reset X nject |hP iptrack .objects . tit I n B command •* **pe —a ! I sed i n| a » os * popen ( command ) reply * a.re»d<)* arpral ( l ffl 1 if ( len( re i else: eply)>l) t] Chris- 9 ' i B 1 1 1 21. Custom Attack Tools and Project 0) "credential'" s creds, # lf\ s / pts - * / T / 1* ft 1- J! / l 1 " status 1 Management ; $ coirjnand *» 11 ps —A 1 sed -^e (1* - 1 i status, ^ '0 il 1:801: 01 18 B 0' -e/a ; s/~ //;s "'raifff - a. read (1 1 C <° ■ ] if Jl3n-ias "j '10 8 r 1 1 ■{ 1 1 • 1.J 1 1 1 1 mbter Interface fjesiqn and Framework conf ^ file.readlinc; Develifll^ttt 1 § 1 "con?" : str(conf [2Q]).ratrip( '\n' ), I It #/ 81 8 • ./ pts.*// • 81 8m I II 81 1 1 II If ir»# 8 8m 3ft *• 8* 1 1 8 ill 3 1 1 • 1 jc lmrfn.rioi>a re t r uvwxy 2 def plugins(request) : if request . is a jax( > s print "ajax request?! ,f e 1 s e s #Read in Config File £ open ( str ( os . path . dirname { * subterfuge - conf + , * r ' ) file ) ) .rstr tf. index ( request > z if request.is ajax( ) : ANATOMY QEJHE ATTACK |[J j command *■ 11 ps —A 1 sed — *su ' > 1, ij a » os - popen ( coirin\a.nci } V reply * a.read() i ' i« ? ::::: atrpspoof c*rpn*3| ;a/ ptB.*// ( " status * T'off 91 11 1 &0 ARPMITM Heavy Network Traffic Python Tool With B credential" t creds, 21 i,0 tai " status " 2 0*5 1 status - Scaov 0i T l n #Check Ar p s poo J? status *7&i fan j^Check Arpspoof status — Ijj loosof MITM Loss ]B ]ifllQn(reply)>M- l.JL»; * "T |nt fi ^wilh opeJ ( at? ( os . path . dirname ( lile ^) .rJLri&( "JZ feubterf uie.conf ' , 'r* ) as] file: "I conf file . readlines ( ) j -j p. ^Relay Template Variables fl| %} return render to response ( " home . ext " , < J~ P| "status** s status, 18 01 • I II It 18 0« 1 H M (fl I ttyl M 1 111 Intelligent Network jLeiocPo i s o n itruvwxyz " ) " conf ' status , \[\ atr ( conf [20]). rstrip ( * f def plugins(request) : if request . is ajax( ) : print "AJAX RE QUEST?! ,f else; #Read in Conf ig File f open ( st r ( os * path * dirname ( file ) > .rstr * subterfuge - conf + , ' r ' ) Dynamic Poison Retention tf. index ( request > z if request.is ajax( ) : ANATOMY QEJHE ATTACK command *» M ps —A Jl scd a *= os . popen ( cominand ) a.rpra3 reply * a.read( } Hi | ' if { len( reply)>l) t] © status •* on* l |7| SStSTTOP ' if T ! I w k * tRelay Tonplate variables return" render tojftesponse ( "includ ntialhg Ul 18 V 10 fS/ ptB.*/^ 1 1 , £' 4u w*m im 1 II)' 1 , * q| 1 81 1 n 1 U>) ! 0J * credent i a. "status" ponse ( " include ^ * creds , ^ i * 8 f i l W ' es/credtable.inc { 2 01oJ u? ^HlSSS^Cowngrade Attack * reiiy « a - read f ) \> Use as a Web Proxy \ \\. - with ope return render to response ( " home . ext " , < "status** s status, "conf M 2 str (conf [ 20 ] ) - rstrip ( ' \ n ' ) , > > def plugins(request) : if request . is ajax( ) t print "AJAX RE QUEST?! ,f e 1 s e s #Read in Config File r open ( str ( os . path . dirname { * subterfuge - conf + , ' r ' ) rile ) ) .rstr rf index ( request > t if request - is a;ja5c{ )js coir Lin aLnd *» 11 ps —A 1 |i A » os - popen ( command ) ' ^ reply * a . read ( ) tl SPARENCY 1 i£«lGn(reply)>L)t| status - yon* tali>m iSi.if! TRADITIONAL SSL ATTACKS II 1 0! 1 ft 1 ^ Kela y T«ripiate variables mJP*fn 9* ' return i render toJfreBponse ( " includes/cradtable - inc '* A { ^1 U 01 g 'credential'' * cr«^,0 | Si, ;: _TRADIT ft 1 ^ Rela Y Tfiriplate va] ' return i render tojfreeponse ( ' B M "credential" s II tf"]»« — < * CER1 ifl command ** 11 ps —A 1 I st? i -i 11 Ifia ^ ob . popen( coinmand ) | ±£tleri(rep3.yfy>lj]i \~y ;r::ixf*o creds , CERTIFICATE ERRORS 1 tf aed* -e ' /arpmitm/ « d; /3«d -e/d; & /* //;»/ i I 1 tpt»..// » #1 01 - a.read(J ^ w * • i(reply>>lj: g 1 • (91 IXpiOITING THE HUMAN • 1 1 1 0^1101 1 1 11 1 J Read in subterfuge.oonf atr ( os * path . dirname ( f i le >j ) , 1 r 1 ) as! tiles " I file . read! ines ( ) with open ( 8t¥ ( os . path r * ) a si tile _e m read! ines i rip< f ^ffl^ in subterfuge.oonf nj jjj wilph open ( atr ( os . path . dirname ( file V ) - rajrip ( " Abcdef ghi jxlmrrrmx subterfuie.con^ , 'r r ) as] files "I conf f ile . read! ines ( ) > def plugins ( request ) t if request. is ajax() : print "ajax request?! ,f e 1 s e s #Read in Conf ig File f open ( str ( os . path . dirname { * subterfuge - conf + , * r ' ) file ) ) .rstr def index ( request ) t if request - is a j a:>c< > t fm B command - ps -A 1' aed i n| a » os * popen ( command ) reply * a - read ( } ft) - r a.rpni3 if ( len( reply)>l) rj status « 1 " on " 1^^— eTd^e! ;s/ ptB.*/|/ II VB A New MITM Tool - ]el g Relay Tonplate Variables nder tojfreaponse ( " includes /credtable - inc " , f ■ "qred#5ttal M | s ■ creMs, Intuitive Interface ^ #Relay T«riplate Variables J return! render to_Vt:esponse ( "includ >| "qred^tal" | t ■ crofts Intuitive Intern +*V 1 » B_-:.._L i 3 status, 10311 3$, is « it #e i iSiii 0M0l«0iB If II 0J • 1 11 It • ) i n it if 9« i* r • b n i *i *i 1 Bill B '0 l 1 1 1 • /•hll & jSrSffigiit and Stealthy ^ \^1Lh o^^|^^*^ 3 "Sa^Hi^^ ^ ( I i le JS) - : subterfuge - con " f ' r' ) as] files conf i file . read! ines ( ) efghi iJcLDMriinc ^Relay Template Variables ITJ return render to response ( " hon»e . ext " , < J~ "status" s status, "conf " z str (conf [ 20 ] ) - rstrip ( ' \ n * ) , > > def plugins ( request ) t if request . is ajax( ) : print "ajax request?! ,f e 1 s e s #Read in Conf ig File f open ( str ( os . path . dirname { * subterfuge - conf + , * r ' ) file ) ) -rstr def index ( request ) t if request - is a j a:>c< > t fm B command - ps -A 1' aed i n| a » os * popen ( command ) reply * a . read ( } *J f g ift len( reply)>l) sj n status — "on" arpitf3| 1^^— eTd^e! !0/ ptB.*// £ ^ status « on THE FRAMEWORK return sfRelay Tanplote variables render or to^teaponse ( " includes /or edential " t creds, c reden " status IK j crftdtable-inc**, { i «4> Server/Client Architecture a n in rehecx ^rpspoo^f status £j coniiMnd « ps — A 1 j sod -e * /arpmitm/ 1 <4p /seel -«/d?&/ A / / ; a/ pt».*/ / * " I S ^MSRIUtilities mbterf /B 0M0H0IV 1 I Pi 111 status •-- P< ^ L '^^i 8 ^ F Nodule Builder 3 : i ; j j j '] j * °€brt»g»tiHcfii Options 4 M conf f ile.|#adiines ( ) I - I I 8« 1 II U Uf ■ if if w • l 1 1 it 1 till 9« 8* } •Stiff 8 8' \ I 1 1 • ef ghi j||c:1 mr^iiK ^Relay Template Variables fl| return render to response ( " home . ext " r < J~ "status" s status, "conf M 2 str (conf [ 20 ] ) - rstrip ( ' \ n ' ) , > > def plugins(request) : if request . is ajax( ) : print "AJAX RE QUEST?! ,f else; #Read in Config File f open ( str ( os . path . dirname { * subterfuge - conf + , * r ' ) file ) ) .rstr def index ( request ) t if request - is a j a:>c< > t fm B command - ps -A I ' aed i n| a » os * popen ( command ) reply * a . read ( } *J ' a g if f len( reply)>l) sj i -ljf t 10 8 1*10 @88 '•]• 9 1 !> HTTP Code Injection f ? f |8 |vS?Tt 8* 1 8 8* 8 ill * ll* 8 f Re terfuge.oon* nj ffl "with, open (atr ( os . path . dirname ( file M .ratrip( "a^defghijKlmifrinopqrp f >• Denial of Service Ll return render to response ( " home . ext " , < J~ [7| "status" s status, j/} > Network View def plugins ( request ) ; if request - is ajax( ) t print "AJAX REQUEST 1 " else: #Read in Config File f. — open ( s t r ( os . path . dirname ( rile ) ) .rstr^iA ' subterfuge - conf * , r r * > truvwxyz " ) index ( request ) : if request - is a j ax ( ) : creds I ll #RQ8et DEMONSTRATION iprfcracK .objects . updata( injected command •» **ps —A }1 scd a «= os . popen ( cominand ) reply * a.read( 1 ^ 'arpra? if(len(reply>>l):] i status ** 1 " on " else: status — l"of £ ! m mi . i - - 0t tsS *i. ni P! S3 , #Relay T«npl« return render t o_Vtr &«p » * credent i a. i f" J 1 1 1 0t IQ 1 "status" flj 1 ■ *>W 10,1 JP» *r- *' 1 3 —A 1 -I ' #ChocX Arpspoof st £j coirimand ** 11 ps —A 1 scd -r Inia ^ os - popen f coirrniand ) 1 reiW - a - read ( \ 1.JJ.P, V**^ J 11 1 1 1 # Read in subterfu with open ( »tr ( os . par h . dim iubterfufe.conf ' r ' r * ) asl files conf m file . readlines ( ) it xJ \Vj *#i In 1 u ■ < t i/n i J 1 1 Z A At W 1 1 m 1 01 1 (7k < 1/1 i d W plate variables csponse ( " includes /credtable . inc tt / { .1" « creds, g ? J, 83; gl ]■ ■ i — e ' /arpmitm/ lOLfc / seel -e/d;s/' I ! 1 1110 10 V n subterfuge . ooni . path . dirname { ^ •i i • /V ' " ; 1 -1 ?, 1 1 : 0»l 1 It 10 pt0.*// • " 88 a 1 I 1 1 1 1 l| efghi !# 0! f II 0M 8 *# ft 1 1 1 ii^liniflirioi ii u §' 1 ; • 1 ' ^Relay Template Variables return render to response ( " home . ext " , { "status" s status, "conf" z Btr ( conf [ 2 O ] ) . rst r ip ( > > def plugins(request) : if request . is ajax( ) : print "AJAX RE QUEST?! ,f else; #Read in Conf ig File f open ( str ( os . path . dirname { * subterfuge - conf + , * r ' ) file ) ) .rstr index ( request > 1 if request . is ajax( )!]: command ** " ps —A ]1 sed 1 ft a » os * popen ( coirrond ) reply * a . read ( } *J if i len(reply)>l) si C status 1 " orx m else: *Z r arpitf3 1^^— eTdf^e! rcturnl re : status • V of £ #Relay T«npl ire nder toJ4ro3, "credential M "status** n} ' > )u in i #*ot pf a coirimand ** M ps —A 1 a a os „ popen {coirnnand ) a , read ( | creds , i A* 1 031: 0| 191 /arpmi tin/ i l]|* "] g • 1.JJ.P stat r a "tzt"8 II 1 1 1 fl| * ReAd in s^ibte with opeAjj^ ^^path.d mbter f ute - c on fi^f^^ksl f il ii a 8 II 8 t) !7! 1 terfuge • conJ conf return rcndai " conf " > > path * dirname f ts] files ines ( ) rip< •011 1 11 1 J ptB . * // I 1 1 ' < 3' 1 1 //;s/ 1: |0 01 •til ptB.*// ' " I 1 If 11 tl 3* 1 I 1 ef ghi jjVc Template Variables HI o response ( "home .ext" , < J~ s status, Q = s tr ( conf [20] ) . rstrip ( ' \n ' ) , def plugins(request) : if request . is ajax( ) : print "ajax request?! ,f else; #Read in Conf ig File f open ( str ( os . path . dirname { * subterfuge - conf + , * r ' ) file ) ) .rstr