readers contribute

Posted by millikan at 2020-02-27

The author of the last issue published an article about WiFi fishing methods. Today I'm going to bring an article to the big guys about what it can do to get a WiFi code?

I believe that many people have played the software of ettercap and drivernet artifact. What can they do with them? No mistake, it's very good to play the middleman. Let's assume that in a local area network, we as middlemen sniff their information and hijack them. I believe everyone will play. Then we cheat a mobile phone, use ettercap to ARP, hijack the pictures of the mobile phone with drivernet, upload them to the intruder's computer, and he will know what pictures you are looking at. Think about it on that website I feel terrible.

Then I have a sudden fantasy. I think it's just that I can see his picture. It's not exciting enough. It's like hijacking and tampering with his picture. It's interesting. Hey, am I bad?

Experimental environment:

Kali Linux

LAN (wireless network card used by the author)

Mobile phone part


Get to the point

Let's start to introduce today's software mitmf, which makes our LAN full of fun

The figure below is a part of all command parameters of mitmf software. To view all parameters, please check by yourself. The author will use one of the modules in this paper:

For some of the modules, the Chinese explanation is as follows:

Sslstrip module

I don't say much about it. You can see that it is on by default. Here I tried to close sslstrip with the - D parameter, but there was an unusable situation. It should be a bug of the framework itself.

Filepwn module

The main function is to analyze the file first when the cheated object attempts to download the file, inject the executable file (PE, ELF) through the back door, and then give the cheated object a detailed description.

Cachekill module

Clear the client's cache buffer pool, which is very useful when we need to re inject a segment of JS. This function is still very useful. For its use, you can refer to the article about JS cache poisoning of etherdream, not to elaborate.

Spoof module

A very important module, when we use the mitm function to attack deception, it is absolutely indispensable. It mainly includes traffic redirection for ARP, ICMP and DHCP (the three modes cannot be used at the same time), manually specifying iptables command, etc. other rule files (CFG files) are in the config directory of the main directory, and we can customize the configuration. It is worth mentioning that the tool also updated the DHCP impact of "shell breaking" vulnerability a few days ago. We can specify it through the shellstock parameter. I will also have pictures to demonstrate.

Beefa autorun module

This module enables the framework to be connected to beef. I think the power of beef is obvious to all. After connecting to beef, you can combine mitm with browser penetration, which is naturally more powerful, postural and obscene.

Replace module

This module can mainly replace the browsing content and support regular expression. Note that the module forces to refresh the cache buffer pool by default. To keep the buffer content unchanged, you need to specify the keep cache parameter manually.

Inject module

You can inject all kinds of obscene things into the browsing content of the cheated, such as JS, HTML, pictures, small movies... It is also a more useful module, which we will talk about later.

Browser profiler plug in

Enumerates browser plug-ins for spoofed machines. It is still very useful for our early stage of information collection.

Javapwn module

You can poison the browsing content by injecting jar into the attacked machine, and you can directly infiltrate the machine and get the shell with Metasploit (I will also focus on that later). Do you know how strong Metasploit is? I don't know. I'll stand for half an hour

JavaScript Keylogger module

A keyboard records JS, which will be introduced later

App Cache Poison

App cache is poisoned. For web applications to be poisoned, and then arbitrary attack test. It is a complementary module of Krzysztof kotowicz.


Spoof module, let the world of the browser turn.

When you install this software, you must be careful not to miss the module. The author's address of this software contains the installation tutorial, so you can follow it. The installation address is as follows:

Project address:

After installation, we will start to use it.

The condition for successful utilization is that you need to know your mobile IP address and gateway. Let's start our actual battle with the following command:

Mitmf-i network card -- spoof -- ARP -- gateway Gateway -- IP address of devices to be attacked by targets -- imgrand (meaning you want to replace pictures) - img dir (where you replace pictures) / root / img (this is where I replace pictures)

As shown in the following figure, put 7777.jpg under / root / img:

Before the attack, we first turn on UC, and everything is normal, as shown in the following figure:

Then we enter the command to hit enter to launch the attack, and the effect after the user refreshes the page is as shown in the figure:

At this time I believe that the victims are desperate.... Then let's go in and see if the picture is still there? As shown in the picture:

It's all our designated pictures. I'm desperate. Let's take a look at Taobao...

Then we can see what website he logged in backstage?

The following 7777 is the name of our replacement image. Those domain names are the domain names visited by the victims.

At this time, I will scan the QR code of this picture to focus on a wave, and then collect the evidence to dial 110, ha ha (jokingly, focus can focus on a wave). The author tried to use the computer to change the picture, as shown in the figure:

QQ all like this, still play a bird? If you catch it, you have to beat it up...


The author said that attacking other people's WiFi and password cracking are illegal. Everyone can use their own LAN when playing.. With the possibility of others, they will call the police and ask you to have tea. The author thinks that you can use this software to create a more frightening picture for those who connect to your WiFi maliciously. There are many ways to use this software, such as injecting script to degrade HTTPS (the author is not clear about it) and making all the pictures rotate 180 degrees. It is emphasized that only the traffic through HTTP protocol can be hijacked and modified.