Monster In The Middle is a network analyzer in the early stages of development. Development is supported by Counterpart International. This is currently not intended for public use. Application is intended for educational purposes only.
TABLE OF CONTENTS
Download and install Wireshark regardless of platform. In general once you are able to execute wireshark with your user it should be possible to install and run Monster In The Middle.
Windows: Install Wireshark. When NPcap asks if you want to restrict network monitoring to administrators only, choose no and to allow all users to monitor network. (without setting this you will have to execute Monster In The Middle with administrator privileges)
Linux: Either run application as root or modify permissions as instructed in the linux section of User Permissions wiki page. This involves running setcap on binary and changing system ld.so.conf.
OSX: Either run application as root or modify permissions as shown in User Permissions wiki page. This is much simpler and just involves chmod on the network device.
Download from the releases page the Linux, OSX or Windows binaries. Current Windows releases are not as thoroughly tested so please report any issues you run into.
-
Settings (first image above): The application will start and show the configuration dialog where user selects the network interface. The interface name and default gateway IP address should be defined by user. These values can be determined by selecting a network interface from the drop down menu or entering the network interface name found from the operating system settings.
-
Devices Monitor (second image above): routinely shows a list of devices found on the network and recent websites and images accessed. This view is shown after the settings dialog. It can also be accessed through the MiTM menu.
-
Packets Monitor (first image below): shows detailed information on individual packets found on network. Currently only known protocols of HTTP, HTTPS, IMAP, POP, SMTP and DNS are shown.
-
Network scan and control (second image below): can be used to scan the network for hosts and forcefully reroute their traffic through the MiTM host using arpspoofing. Click the "Start" Host Scanner button to begin collecting network IP addresses. This will scan is limited to scanning for only the 254 IP's within the same class C of the MiTM hosts IP address (e.g. 192.168.1.1 to 192.168.1.254). Once some hosts are list they can be forcefully routed through the monitoring MiTM host by click the "Start" Arpspoofing. Aprspoofing has been tested and confirmed to work on OSX and Linux but has not been thoroughly tested on winodws. Also aprspoof is not a full-proof capture method and may not capture all traffic. An alternative to capturing traffic through Arpspoofing is to run MiTM on a host that is acting as the default router for all network clients.
Install electron UI version:
npm install
npm run rebuild_electron
npm run start_electron
Install console only version, for debugging:
npm install
npm rebuild
npm run start_node
On console each ui element can be executed and tested without electron, using a chrome browser instead:
node packet.js <network_interface> "tcp or udp" <default_gateway_ip>
http://localhost:8080
node devices.js
http://localhost:8081
node arpspoof.js --eth <network_interface> --gateway <default_gateway_ip>
http://localhost:8083
npm install
ON OSX:
npm run dist:mac
ON LINUX:
npm run dist:linux
ON WINDOWS:
npm run dist:windows
Find binary packages created in dist directory