Digit Oktavianto Web Log

Catatan Sampah si Digit

Subterfuge : Man in the Middle Attack Framework

| Comments

Halo friends, i wanna share about interesting hacking tools called Subterfuge. Subterfuge is an automated Man In The Middle Attack Framework. Subterfuge is a web based tools that can run smoothly using ur localhost system without installing webserver (it is included in the installation software).

Subterfuge is a simple but devastatingly effective credential-harvesting program, which exploits vulnerabilities in the inherently trusting Address Resolution Protocol. It does this in a way that even a non-technical user would have the ability, at the push of a button, to attack all machines connected to the network. Subterfuge further provides the framework by which users can then leverage a MITM attack to do anything from browser/service exploitation to credential harvesting, thus equipping information and network security professionals and enthusiasts alike with a sleek “push-button” security validation tool.

The Subterfuge Project attempts to use the paradigm popularized by Firesheep, Armitage, and other user friendly network attack tools to create a framework for Man-In-The-Middle (MITM) network attacks. A MITM attack inserts a malicious entity into the communication path between legitimate users on a network . This entity can then masquerade as either of the legitimate users in order to capture sensitive information, like login credentials for a protected web site. Typically, a MITM attack requires a significant amount of complex, textbased configuration of numerous software programs. This complexity, combined with the virtually never ending reports of stolen identities and online credential theft, makes the MITM attack a prime candidate for the creation of a user-friendly, simplified framework.

Subterfuge is developed with the Python programming language and uses a SQLite database. ARPSpoof from the Dsniff suite is used to poison the target network. Subterfuge also uses SSLStrip to collect user credentials that were sent over a secure socket layer (SSL) web connection.

For Download Link, you can go here : https://subterfuge.googlecode.com/files/SubterfugePublicBeta2.0.tar.gz

Installation :

digit@digit-laptop:~$ tar -zxvf SubterfugePublicBeta2.0.tar.gz

digit@digit-laptop:~$ cd subterfuge

Install using root user :

root@digit-laptop:~# python install.py -i

Running Subterfuge :


Please Note : When Running Subterfuge, they use Port 80 as default port in your localhost webserver. If you have apache2 run, you should kill the apache service first :

root@digit-laptop:~# killall apache2

In the console subterfuge, they mention that this port setting can be changed from default port (80) to another port using the configuration subterfuge.setting. But unfortunately i can’t find this configuration. So u should kill your webserver service first before run Subterfuge. You can edit your setting in folder /usr/share/subterfuge. Thanks a lot nubbix for your correction :D

Happy Hacking. :D