domingo, maio 27, 2012

Automated Man-in-the-Middle Attack Framework

Welcome to the Subterfuge Project

Beta version 2.1 Released! Complete with bug fixes and Metasploit support. Look up #Subterfuge on Twitter or Follow @0sm0s1z for the latest Subterfuge updates

Walk into Starbucks, plop down a laptop, click start, watch the credentials roll in. Enter Subterfuge, a Framework to take the arcane art of Man-in-the-Middle Attack and make it as simple as point and shoot. A beautiful, easy to use interface which produces a more transparent and effective attack is what sets Subterfuge apart from other attack tools. Subterfuge demonstrates vulnerabilities in the ARP Protocol by harvesting credentials that go across the network, and even exploiting machines through race conditions. Now walk into a corporation…
A rapidly-expanding portion of today’s Internet strives to increase personal efficiency by turning tedious or complex processes into a framework which provides instantaneous results. On the contrary, much of the information security community still finds itself performing manual, complicated tasks to administer and protect their computer networks. Given the increase in automated hacking tools, it is surprising that a simplistic, “push-button” tool has not been created for information security professionals to validate their networks’ ability to protect against a Man-In-The-Middle attack. Subterfuge is a small but devastatingly effective credential-harvesting program which exploits a vulnerability in the Address Resolution Protocol. It does this in a way that a non-technical user would have the ability, at the push of a button, to harvest all of the usernames and passwords of victims on their connected network, thus equipping information and network security professionals with a “push-button” security validation tool.

View the short teaser on youtube: Subterfuge Teaser

View a more detailed and comprehensive release that talks about how the tool works and our motivation behind creating it: Subterfuge Introduction and Explanation . 

0 comentários:

Postar um comentário