MORPHEUS – AUTOMATED TCP/UDP HIJACKING TOOL.

MORPHEUS – AUTOMATED TCP/UDP HIJACKING TOOL.

lee / December 13, 2016 / Comments Off on morpheus – automated TCP/UDP Hijacking tool. / Browser, Networking, Penetration Test

LEGAL DISCLAMER:
The author does not hold any responsibility for the bad use of this tool, remember that attacking targets without prior consent its illegal and punished by law.

morpheus framework automates tcp/udp packet manipulation tasks by using etter filters to manipulate target requests/responses under MitM attacks replacing the tcp/udp packet contents by our contents befor forward the packet back to the target host…

workflow:
1º – attacker -> arp poison local lan (mitm)
2º – target -> requests webpage from network (wan)
3º – attacker -> modifies webpage response (contents)
4º – attacker -> modified packet its forward back to target host

morpheus ships with some pre-configurated filters but it will allow users to improve them when lunching the attack (morpheus scripting console). In the end of the attack morpheus will revert the filter back to is default stage, this will allow users to improve filters at running time without the fear of messing with filter command syntax and spoil the filter.

morpheus

Framework limitations:
1º – morpheus will fail if target system its protected againt arp poison atacks
2º – downgrade attacks will fail if browser target as installed only-https addon’s
3º – target system sometimes needs to clear netcache for arp poison to be effective
4º – many attacks described in morpheus may be droped by target HSTS detection sys.

Dependencies:
+ Nmap
+ Zenity
+ Ettercap
+ Apache2

Use and Download:

1 2	git clone https://github.com/r00t-3xp10it/morpheus && morpheus ./morpheus.sh

Source: https://github.com/r00t-3xp10it/morpheus