Published on January 13th, 2014 | by NJ Ouchn


Subterfuge The Man-in-the-Middle Attacks Framework v1.0 released

Subterfuge, a Framework to take the arcane art of Man-in-the-Middle Attacks and make it as simple as point and shoot. Subterfuge demonstrates vulnerabilities in the ARP Protocol by harvesting credentials that go across the network and even exploiting machines by injecting malicious code directly into their browsing sessions.


The first step in any Subterfuge attack is gaining a Man-in-the-Middle position. Currently, Subterfuge only ships with one method of establishing itself as MITM, ARP Cache Poisoning. Nevertheless, as a framework, its modular design allows it to support multiple methods.

Some used attacks

  • ARP Cache Poisoning
  • Dynamic Poison Retention & ARPBLock

Subterfuge comes with modules that give the ability to leverage the position quickly and easily. Moreover, if your needs are particularly specific, you can create a module for Subterfuge without the need to launch your own attack from scratch. Subterfuge comes packaged with several default modules that you can use to great effect.

List of some integrated modules

  • Credential Harvester
  • Session Hijacking
  • HTTP Code Injection
  • Denial of Service
  • Tunnel Block
  • Network View
  • Evilgrade

Version 1.0 is the first release of Subterfuge to have come out of Beta! It includes significant package upgrades, compatibility fixes, a modified interface, and a whole new packaging system.

The tool comes with a rich documentation and examples. Take care to go through the website.


Tool submitted by one of the authors Matthew Toussain (0sm0s1z)

Tags: , , , ,

About the Author

Principal Founder & Maintainer - Freelancer ICS/SCADA Security Expert As part of my research, I'm focusing into maintaining many projects as the DPE (Default Password Enumeration), vFeed® the open source correlated & cross-linked vulnerability database and FireCAT the Firefox Catalog of Auditing exTensions. Today, I'm the co-organizer of the major event Blackhat Arsenal Tools (US and Europe) since 2011 and since 2014 co-organizer of Rooted Warfare in Spain. I'm going by the handle of @toolswatch on Twitter and always willing to help, share and drink with friends from far and wide.

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to Top ↑