Jump to content

MITM GRABB3R- Man in the middle data collector


IvanDoe

Recommended Posts

Few months ago i started working on pineapple infusion but it ended up being alot bigger project.

I made a php/mysql script and the way it works is MITMf injects javascript(xss) code into each page, and there is web script that manages clients with various xss "options" like cookie stealing, jskeylogger etc...

Each clients history and captures can be viewed on a timeline.

You don't have to use mitmf, you can use whatever application you want as long as you inject code with necessary information.

You can find out more about it, how to set it and download it here > https://github.com/ivangr0zni/mitm-grabb3r

demo.png

Link to comment
Share on other sites

So I guess how do we get started with this using the Pineapple? If you give me some instructions and a bit of guidance I will volunteer my time to making a video for it. :)

1. When I boot up my pineapple, how do I get your infusion installed?

2. After installation what should the infusion settings be?

3. How do we connect this local data back to the VPS running the dashboard?

Link to comment
Share on other sites

This isn't infusion for pineapple, it's a script that works with or without wifi pineapple but it needs MITMf software.

I made it and released it here since i was expecting(as many others) this last pineapple firmware to have MITMf included...

You will have to use some other linux box in combination with wifi pineapple to use mitm grabb3r.

I use raspberry pi 2 with kali linux to run mitmf and script and wifi pineapple to do wifi stuff.

Link to comment
Share on other sites

You could use strip-n-inject (i think that is name of infusion) to inject grabber code but the way script is set is it needs clients ip, i have limited knowledge of pineapple API but i don't think there is easy way for strip-n-inject to pass client ip.

Even if that would work you still coudln't use script on ssl websites ( thats where MITMf comes in with its hsts ssl options).

Link to comment
Share on other sites

  • 2 weeks later...
  • 1 month later...
  • 3 weeks later...

Try and put full include on index.php or functions.php and see if that changes anything

​require_once ('includes/functions.php');
to

​require_once ('/var/www/html/www/includes/functions.php');

now that i see it /var/www/html/www/ doesn't look right either

​Try and put script into root folder of web server.

Link to comment
Share on other sites

  • 4 months later...

This isn't infusion for pineapple, it's a script that works with or without wifi pineapple but it needs MITMf software.

I made it and released it here since i was expecting(as many others) this last pineapple firmware to have MITMf included...

You will have to use some other linux box in combination with wifi pineapple to use mitm grabb3r.

I use raspberry pi 2 with kali linux to run mitmf and script and wifi pineapple to do wifi stuff.

Now that I have more knowledge of MITM and the pineapple. I feel secure that this will be a fun project. Are you still maintaining it? I would also like to know of possible ways to inject once I have clients on the pineapple. Maybe evil portal? Or am I missing a step? I get that your base is just a UI for the exisiting functions of MITMf correct?

Link to comment
Share on other sites

Now that I have more knowledge of MITM and the pineapple. I feel secure that this will be a fun project. Are you still maintaining it? I would also like to know of possible ways to inject once I have clients on the pineapple. Maybe evil portal? Or am I missing a step? I get that your base is just a UI for the exisiting functions of MITMf correct?

Hey :)

​I didn't update project for awhile since it worked pretty much as it should.

​I don't think evil portal would work for something like this.

​The way i would use it is have pineapple "collect" clients, and raspberry pi would run MITMf and run mitm attack and collect data.

Raspberry pi would be connected via eithernet to pineapple.

https://bettercap.org/ turned into really great project and i was thinking of getting that working with my script soon.

​I have few extra ideas but since i have MKV and current firmware isn't the most stable i am waiting for new firmware of NANO and TETRA to get ported to MKV.

​Firmware was supposed to be released this month, not sure if that is still true.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...