MITM GRABB3R- Man in the middle data collector

[IvanDoe]

Few months ago i started working on pineapple infusion but it ended up being alot bigger project.

I made a php/mysql script and the way it works is MITMf injects javascript(xss) code into each page, and there is web script that manages clients with various xss "options" like cookie stealing, jskeylogger etc...

Each clients history and captures can be viewed on a timeline.

You don't have to use mitmf, you can use whatever application you want as long as you inject code with necessary information.

You can find out more about it, how to set it and download it here > https://github.com/ivangr0zni/mitm-grabb3r

[cooper]

Looks pretty slick. Nice job.

[WPA3]

Very nice , thanks for sharing.

[InfiniteDevelopment]

Very l33t work. I would love more docs about set up though! ;) Its a bit confusing exaclty how to set this up.

[IvanDoe]

​It's pretty much all there on github but if some part isn't clear feel free to ask :)

[InfiniteDevelopment]

So I guess how do we get started with this using the Pineapple? If you give me some instructions and a bit of guidance I will volunteer my time to making a video for it. :)

1. When I boot up my pineapple, how do I get your infusion installed?

2. After installation what should the infusion settings be?

3. How do we connect this local data back to the VPS running the dashboard?

[IvanDoe]

This isn't infusion for pineapple, it's a script that works with or without wifi pineapple but it needs MITMf software.

I made it and released it here since i was expecting(as many others) this last pineapple firmware to have MITMf included...

You will have to use some other linux box in combination with wifi pineapple to use mitm grabb3r.

I use raspberry pi 2 with kali linux to run mitmf and script and wifi pineapple to do wifi stuff.

[IvanDoe]

You could use strip-n-inject (i think that is name of infusion) to inject grabber code but the way script is set is it needs clients ip, i have limited knowledge of pineapple API but i don't think there is easy way for strip-n-inject to pass client ip.

Even if that would work you still coudln't use script on ssl websites ( thats where MITMf comes in with its hsts ssl options).

[InfiniteDevelopment]

strip-n-inject hasn't worked for me one time. More than not I have to reboot the Pine when I try and use it.

I would love to use some of these features but its such a limited topic I think most of my research will be very new. I will keep the community in the loop when I get something worth sharing. :)

[IvanDoe]

Yes, copy files to www, import mysql db and edit config files

​

​Replace mitmf plugin and you should be ready to go :)

[IvanDoe]

It says on github what files to edit in script, google for mysql import for database

[mendoza]

Hi @IvanDoe . Great work, congrats!

I tried to install your script and iam getting this error: Fatal error: Class 'Cookie' not found in /var/www/html/www/includes/Login.class.php on line 11

What iam doing wrong?? Thanks in advance :D

[IvanDoe]

What page did you open when that happend?

​

​I tested script on windows and linux but it looks like include error.

​

​Maybe Cookie.class.php is empty?

​

​Try and delete all files and download/unzip/git clone again

[mendoza]

wow. thanks for the quick respond.

I tried with Kali Linux 2.0 (sana) and the Cookie.class.php file seems to be right :S . The error appears in index

[IvanDoe]

Try and put full include on index.php or functions.php and see if that changes anything

​

​require_once ('includes/functions.php');
to

​require_once ('/var/www/html/www/includes/functions.php');

​

now that i see it /var/www/html/www/ doesn't look right either

​Try and put script into root folder of web server.

[InfiniteDevelopment]

This isn't infusion for pineapple, it's a script that works with or without wifi pineapple but it needs MITMf software.

I made it and released it here since i was expecting(as many others) this last pineapple firmware to have MITMf included...

You will have to use some other linux box in combination with wifi pineapple to use mitm grabb3r.

I use raspberry pi 2 with kali linux to run mitmf and script and wifi pineapple to do wifi stuff.

Now that I have more knowledge of MITM and the pineapple. I feel secure that this will be a fun project. Are you still maintaining it? I would also like to know of possible ways to inject once I have clients on the pineapple. Maybe evil portal? Or am I missing a step? I get that your base is just a UI for the exisiting functions of MITMf correct?

[IvanDoe]

​

​

Now that I have more knowledge of MITM and the pineapple. I feel secure that this will be a fun project. Are you still maintaining it? I would also like to know of possible ways to inject once I have clients on the pineapple. Maybe evil portal? Or am I missing a step? I get that your base is just a UI for the exisiting functions of MITMf correct?

Hey :)

​I didn't update project for awhile since it worked pretty much as it should.

​I don't think evil portal would work for something like this.

​The way i would use it is have pineapple "collect" clients, and raspberry pi would run MITMf and run mitm attack and collect data.

Raspberry pi would be connected via eithernet to pineapple.

​https://bettercap.org/ turned into really great project and i was thinking of getting that working with my script soon.

​I have few extra ideas but since i have MKV and current firmware isn't the most stable i am waiting for new firmware of NANO and TETRA to get ported to MKV.

​Firmware was supposed to be released this month, not sure if that is still true.

​