Morpheus – Automated Ettercap TCP/IP Hijacking Tool

Morpheus framework automates tcp/udp packet manipulation tasks by using etter filters to manipulate target requests/responses under MitM attacks replacing the tcp/udp packet contents by our contents befor forward the packet back to the target host…workflow:1º – attacker -> arp poison local lan (mitm)2º – target   -> requests webpage from network (wan)3º – attacker -> modifies webpage response (contents)4º – attacker -> modified packet its forward back to target hostmorpheus ships with some pre-configurated filters but it will allow users to improve them when lunching the attack (morpheus scripting console). In the end of the attack morpheus will revert the filter back to is default stage, this will allow users to improve filters at running time without the fear of messing with filter command syntax and spoil the filter.”Perfect for scripting fans to safely test new concepts"… What can we acomplish by using filters?morpheus ships with a collection of etter filters writen be me to acomplish various tasks: replacing images in webpages, replace text in webpages, inject payloads using html

tag, denial-of-service attacks (drop,kill packets from source), https/ssh downgrade attacks, redirect target browser traffic to another domain and gives you the ability to build compile your filter from scratch and lunch it through morpheus framework (option W)."filters can be extended using browser languages like: javascript,css,flash,etc"…In this example we are using " HTML tag" to inject an rediretion url in target request In this example we are using ‘CSS3’ to trigger webpage 180º rotation Framework limitations1º – morpheus will fail if target system its protected againt arp poison atacks2º – downgrade attacks will fail if browser target as installed only-https addon’s3º – target system sometimes needs to clear netcache for arp poison to be effective4º – many attacks described in morpheus may be droped by target HSTS detection sys.5º – incorrect number of token (///) in TARGET !!    morpheus by default will run ettercap using IPv6 (USE_IPV6=ACTIVE) like its previousconfigurated into the ‘settings’ file, if you are reciving this error edit settingsfile befor runing morpheus and set (USE_IPV6=DISABLED) to force ettercap to use IPV46º – morpheus needs ettercap to be executed with higth privileges (uid 0 | gid 0). correct ettercap configuration display (running as Admin without ssl disectors active) By default morpheus (at startup) will replace the original etter.conf/etter.dns files provided by ettercap, at framework exit morpheus will revert files to is original state.. Dependencies ettercap, nmap, apache2, zenity Framework option 1 [firewall] screenshots firewall [option 1] pre-configurated filter will capture credentials from the follow services:http,ftp,ssh,telnet (facebook uses https/ssl 🙁 ) report suspicious connections, report commonwebsocial browsing (facebook,twitter,youtube), report the existence of botnet connections like:Mocbot IRC Bot, Darkcomet, redirect browser traffic and allow users to block connections (drop,kill) "Remmenber: morpheus gives is users the ability to ‘add more rules’ to filters befor execution"[morpheus] host:192.168.1.67 [ -> ] port:23 telnet ☆ Source ip addr flow destination rank good[morpheus] host:192.168.1.67 [ <- ] port:23 telnet ☠ Destination ip flow source port rank suspicious Basically firewall filter will act like one offensive and defensive tool analyzing the tcp/udp data flow to report logins,suspicious traffic,brute-force,block target ip,etc. Download morpheus

Link: http://feedproxy.google.com/~r/PentestTools/~3/YzjkXtUGy_U/morpheus-automated-ettercap-tcpip.html

PyJFuzz – Python JSON Fuzzer

PyJFuzz is a small, extensible and ready-to-use framework used to fuzz JSON inputs , such as mobile endpoint REST API, JSON implementation, Browsers, cli executable and much more. Version 1.1.0 Homepage http://www.mseclab.com/ Github https://github.com/mseclab/PyJFuzz Author Daniele Linguaglossa ( @dzonerzy ) License MIT – (see LICENSE file) Installation Dependencies In order to work PyJFuzz need a single dependency, bottle , you can install it from automatic setup.py installation. Installation You can install PyJFuzz with the following command git clone https://github.com/mseclab/PyJFuzz.git && cd PyJFuzz && sudo python setup.py install Documentation and Examples CLI tool Once installed PyJFuzz will create both a python library and a command-line utility called pjf (screenshot below) Library PyJFuzz could also work as a library, you can import in your project like following from pyjfuzz.lib import * Classes The available object/class are the following: PJFServer – User to start and stop built-in HTTP and HTTPS servers PJFProcessMonitor – Used to monitor process crash, it will automatically restart proccess each time it crash PJFTestcaseServer – The testcase server is used in conjunction with PJFProcessMonitor, whenever a process crash the testcase server will register and store the JSON which cause the crash PJFFactory – It’s the main object used to do the real fuzz of JSON objects PJFConfiguration – It’s the configuration file for each of the available objects PJFExternalFuzzer – Used by PJFactory is a auxiliary class which provide an interface to other command line fuzzer such as radamsa PJFMutation – Used by PJFFactory provide all the mutation used during fuzzing session PJFExecutor – Provides an interface to interact with external process Examples Below some trivial example of how-to implement PyJFuzz powered program simple_fuzzer.py from argparse import Namespacefrom pyjfuzz.lib import *config = PJFConfiguration(Namespace(json={“test": ["1", 2, True]}, nologo=True, level=6))fuzzer = PJFFactory(config)while True: print fuzzer.fuzzed simple_server.py from argparse import Namespacefrom pyjfuzz.lib import *config = PJFConfiguration(Namespace(json={"test": ["1", 2, True]}, nologo=True, level=6, debug=True, indent=True))PJFServer(config).run()Sometimes you may need to modify standard non customizable settings such as HTTPS or HTTP server port, this can be done in the following way from argparse import Namespacefrom pyjfuzz.lib import *config = PJFConfiguration(Namespace(json={"test": ["1", 2, True]}, nologo=True, level=6, indent=True))print config.ports["servers"]["HTTP_PORT"] # 8080print config.ports["servers"]["HTTPS_PORT"] # 8443print config.ports["servers"]["TCASE_PORT"] # 8888config.ports["servers"]["HTTPS_PORT"] = 443 # Change HTTPS port to 443 Remember : When changing default ports, you should always handle exception due to needed privileges! Below a comprehensive list of all available settings / customization of PJFConfiguration object: Configuration table Name Type Description json dict JSON object to fuzz json_file str Path to a JSON file parameters list List of parameters to fuzz (taken from JSON object) techniques list <int> List of polyglot attack, used to generate fuzzed JSON, such as XSS, LFI etc. They are in the range 0-13 (Look techniques table ) level int Fuzzing level in the range 0-6 utf8 bool If true switch from unicode encode to pure byte representation indent bool Set whenever to indent the result object url_encode bool Set whenever to URLEncode the result object strong_fuzz bool Set whenever to use strong fuzzing (strong fuzzing will not maintain JSON structure, usefull for parser fuzzing) debug bool Set whenever to enable debug prints exclude bool Exclude from fuzzing parameters selected by parameters option notify bool Set whenever to notify process monitor when a crash occurs only used with PJFServer html str Path to an HTML directory to serve within PJFServer ext_fuzz bool Set whenever to use binary from "command" as an externale fuzzer cmd_fuzz bool Set whenever to use binary from "command" as fuzzer target content_type str Set the content type result of PJFServer (default application/json ) command list <str> Command to execute each paramester is a list element, you could use shlex.split from python Techniques table Index Description 0 XSS injection (Polyglot) 1 SQL injection (Polyglot) 2 LFI attack 3 SQL injection polyglot (2) 4 XSS injection (Polyglot) (2) 5 RCE injection (Polyglot) 6 LFI attack (2) 7 Data URI attack 8 LFI and HREF attack 9 Header injection 10 RCE injection (Polyglot) (2) 11 Generic templace injection 12 Flask template injection 13 Random character attack Screenshots Below some screenshot just to let you know what you should expect from PyJFuzz Built-in tool PyJFuzz is shipped with a built-in tool called PyJFuzz Web Fuzzer , this tool will provide an automatic fuzzing console via HTTP and HTTPS server, it can be used to easly fuzz almost any web browser even when you can’t control the process state! There are two switch used to launch this tool (–browser-auto and –fuzz-web), the first one perform automatic browser restart when a crash occur, the other one try to catch when a browser doesn’t make requests anymore. Both of them always save the testcases, below some screenshots. End Thanks for using PyJFuzz! Happy Fuzzing from mseclab Download PyJFuzz

Link: http://feedproxy.google.com/~r/PentestTools/~3/Sav7YMqS32A/pyjfuzz-python-json-fuzzer.html