Jay Beale (creator of bastille linux) will be releasing "the middler" after his talk at shmoocon.
Many of you remember he announced that he was releasing it at defcon 16 but the tool was barely at an alpha stage, he has now completed alpha.
Here ya go:
http://inguardians.com/tools/middler-alpha.tgz
Listen to the Defcon Audio on it here:
http://good.net/dl/bd/defcon-16-audio/08_dc_t412.mp3/info
And get the slides here:
http://www.defcon.org/images/defcon-16/dc16-presentations/defcon-16-beale-2.pdf
<3 style="">
Jay Beale, Senior Security Consultant and Co-Founder, Intelguardians Network Intelligence, Inc. This talk introduces a new open source, plugin-extensible attack tool for exploiting web applications that use cleartext HTTP, if only to redirect the user to the HTTPS site. We'll demonstrate attacks on online banking as well as Gmail, LinkedIn, LiveJournal and Facebook. We'll also compromise computers and an iPhone by subverting their software installation and update process. We'll inject Javascript into browser sessions and demonstrate CSRF attacks.
Our new tool, The Middler, automates these attacks to make exploiting every active user on your computer's network brain-dead easy and scalable. It has an interactive mode, but also has a fire-and-forget mode that can perform these attacks automatically without interaction. Written in Ruby, this tool is easy to both extend and add into other tools.
0 comments:
Post a Comment