mitm6 icon indicating copy to clipboard operation
mitm6 copied to clipboard

Published 20 hours ago verified publisher icon dirkjanm

'KeyError: 2' when starting on an interface that has no IPv4 address

Open DidierA opened this issue 1 year ago • 2 comments

If I start mitm6 with -i to assign it to a specific interface, it chokes and stops with KeyError: 2 if this interface only has an IPv6 address, and no IPv4:

# ip -6 address add fe80::800:27ff:fe00:0000/64 dev vboxnet0
# ip link set vboxnet0 up
# ip --brief a show
lo               UNKNOWN        127.0.0.1/8 ::1/128 
enp0s31f6        DOWN
wlp0s20f3        UP             192.168.0.49/24 
tun0             UNKNOWN        [removed]
vboxnet0         UP             fe80::800:27ff:fe00:0/64 
# mitm6 -i vboxnet0 -v --debug
Traceback (most recent call last):
  File "/usr/local/bin/mitm6", line 8, in <module>
    sys.exit(main())
  File "/usr/local/pipx/venvs/mitm6/lib/python3.10/site-packages/mitm6/mitm6.py", line 369, in main
    config = Config(args)
  File "/usr/local/pipx/venvs/mitm6/lib/python3.10/site-packages/mitm6/mitm6.py", line 39, in __init__
    self.v4addr = netifaces.ifaddresses(self.default_if)[netifaces.AF_INET][0]['addr']
KeyError: 2
FAIL: 1

If I assign an IPV4 address, it works fine and the virtual machine on vboxnet0 get spoofed:

# ip address add 192.168.56.1/24 dev vboxnet0
# mitm6 -i vboxnet0 -v --debug
Starting mitm6 using the following configuration:
Primary adapter: vboxnet0 [0a:00:27:00:00:00]
IPv4 address: 192.168.56.1
IPv6 address: fe80::800:27ff:fe00:0
Warning: Not filtering on any domain, mitm6 will reply to all DNS queries.
Unless this is what you want, specify at least one domain with -d
WARNING: The conf.iface interface (tun0) does not support IPv6! Using vboxnet0 instead for routing!
WARNING: The conf.iface interface (tun0) does not support IPv6! Using vboxnet0 instead for routing!
WARNING: more The conf.iface interface (tun0) does not support IPv6! Using vboxnet0 instead for routing!
IPv6 address fe80::192:168:56:3 is now assigned to mac=08:00:27:c6:9b:11 host= ipv4=192.168.56.3
IPv6 address fe80::192:168:56:3 is now assigned to mac=08:00:27:c6:9b:11 host= ipv4=192.168.56.3
Sent spoofed reply for time.windows.com. to fe80::97d:a5c7:a91b:f5f7

DidierA avatar Oct 20 '22 14:10 DidierA

mitm6 replies to both A and AAAA queries. for that it will need an IPv4 address to put in the response, that you can either specify on the commandline or it will get autodetected. If there is no IPv4 address on the interface the autodetection will throw an error, which is expected. the error may be a bit prettier, but the behavior is expected. what is the exact issue here?

dirkjanm avatar Oct 20 '22 15:10 dirkjanm

Well, yes the fact that the error is not obvious: I did a google search and could not find anything relevant, so I opened this issue so at least this could be found if someone has the same problem. Is there absolutely no scenario in which using mitm6 in an IPv6-only environment would be effective? in this case it would just answer to AAAA queries when there is no IPv4 and still be able to catch machines that make DHCPv6 requests, I guess? I understand the use case is limited, and probably not worth spending the time to implement it, since even in this scenario, adding an IPv4 to the attacker's machine would be enough to have mitm6 run.

DidierA avatar Oct 20 '22 17:10 DidierA