 |
Walk into Starbucks, plop down a laptop, click start, watch the credentials roll in. Enter Subterfuge, a Framework to take the arcane art of Man-in-the-Middle Attack and make it as simple as point and shoot. A beautiful, easy to use interface which produces a more transparent and effective attack is what sets Subterfuge apart from other attack tools. Subterfuge demonstrates vulnerabilities in the ARP Protocol by harvesting credentials that go across the network, and even exploiting machines through race conditions. Now walk into a corporation… A rapidly-expanding portion of today’s Internet strives to increase personal efficiency by turning tedious or complex processes into a framework which provides instantaneous results. On the contrary, much of the information security community still finds itself performing manual, complicated tasks to administer and protect their computer networks. Given the increase in automated hacking tools, it is surprising that a simplistic, “push-button” tool has not been created for information security professionals to validate their networks’ ability to protect against a Man-In-The-Middle attack. Subterfuge is a small but devastatingly effective credential-harvesting program which exploits a vulnerability in the Address Resolution Protocol. It does this in a way that a non-technical user would have the ability, at the push of a button, to harvest all of the usernames and passwords of victims on their connected network, thus equipping information and network security professionals with a “push-button” security validation tool. This tool has also been tested in kali. This is just some of the things Subterfuge can do Download: http://code.google.com/p/subterfuge/downloads/list |
 |
The main problem with this, other than it being slow, is that it only works with Django 1.3.1 and the current Debian version is 1.4.5 so there would be a very large number of security issues introduced to the system, which I'm not going to do. |
|
|
New release according to developers which should resolve this issue. |
 |
I am one of the developers of Subterfuge and its newest version; Public Release 1.0 has been uploaded to the Google Code site. It has been completely overhauled with an emphasis on speed and stability. It uses the current versions of the packages in the Debian repos (including Django), and is now in .deb form! I didn't want to reopen my issue (0000439) since it had already been classified as a "duplicate". Please download the newest version here: http://subterfuge.googlecode.com/files/subterfuge_1.0-1_all.deb The file is much smaller now since we moved away from using SVN and we no longer have the stand-alone installer. We were very fortunate to have Subterfuge included in BT5r3 and would be honored if you would include the tool into Kali as well. |
 |
thank you r00t0v3rr1d3 , hope kali dev team get it soon , |
|
|
@Kali Dev Team: Would it be possible to get an update on the request to add Subterfuge to Kali Linux? I am worried that this "Issue" has fallen to the bottom of the pile over time and might not be getting a second look because its status is "Closed -> feedback". I would be happy to create a new "Issue", but my last one was closed and categorized as a duplicate. Thank you for your time. |
 |
I tested subterfuge 1.0-1 on Kali 1.0.6, and it works quite well as a mitm + sslstrip solution. It works better than ettercap and A LOT better than arpspoof, really. |
|
|
We can't package .deb files. Upstream needs to provide this as a tarball. |
 |
Project now 404's |
- Anonymous
