SetecLabs/setec-mitm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity
Files
main
setec-mitm/config.py

98 lines
3.7 KiB
Python
Raw Permalink Normal View History

Initial commit — SetecMITM generic IoT MITM framework Templated from cam-mitm. The camera-specific code (UBox cloud client, CVE verifiers, OAM HMAC signing, fuzzer wordlists) is removed; what's left is the generic core: ARP spoof, DNS spoof, HTTP/HTTPS interception with peek-before-wrap, raw sniffer with conntrack-based original-dst lookup, protocol fingerprinting, intruder detection, packet injection, log rotation, PyQt6 GUI on top of a service Controller. All 'camera' references renamed to 'target' throughout. Configuration moved into ~/.config/setec-mitm/config.json with the Settings tab as the primary editor. Plugin system at targets/<name>/plugin.py for vendor-specific code. See README.md for full setup, plugin authoring, and troubleshooting. Co-authored by Setec Labs.
2026-04-09 08:38:59 -07:00
"""SetecMITM configuration management"""
import json
import os
DEFAULT_CONFIG = {
# ── Network targets ─────────────────────────────────────────
"target_ip": "", # IP of the device under test
"target_mac": "", # MAC of the device under test
"our_ip": "", # IP of THIS box (the MITM host)
"router_ip": "", # gateway IP
"iface": "", # network interface name (e.g. eth0)
# ── Logging / output ────────────────────────────────────────
"log_dir": os.path.expanduser("~/setec_mitm_logs"),
"log_max_bytes": 1024 * 1024 * 1024, # 1 GiB rotation
# ── Services to auto-start (each can be toggled in the GUI) ─
"auto_arp": True,
"auto_dns": True,
"auto_http": True,
"auto_https": True,
"auto_sniffer": True,
"auto_intruder": True,
"auto_udp_ports": [], # list of UDP ports to listen on
# ── DNS spoofing ────────────────────────────────────────────
# If empty, DNS spoof catches every query and points it at us.
# Otherwise only entries here are spoofed (others passed through).
"dns_spoof_only": [],
# ── Intruder watch ──────────────────────────────────────────
# CIDRs the target is *expected* to talk to. Anything outside
# these gets flagged in the Intruders tab.
"intruder_known_nets": [],
# ── REST API ────────────────────────────────────────────────
"rest_port": 9090,
# ── Plugin loader ───────────────────────────────────────────
# Name of a target plugin under targets/<name>/. The plugin can
# provide a custom client, fuzzer endpoint list, CVE checks, and
# protocol fingerprints. See targets/example/ for the layout.
"target_plugin": "",
}
CONFIG_FILE = os.path.expanduser("~/.config/setec-mitm/config.json")
class Config:
def __init__(self):
self._data = dict(DEFAULT_CONFIG)
self.load()
def __getitem__(self, key):
return self._data[key]
def __setitem__(self, key, value):
self._data[key] = value
def get(self, key, default=None):
return self._data.get(key, default)
def keys(self):
return self._data.keys()
def items(self):
return self._data.items()
def update(self, d):
self._data.update(d)
def load(self):
if os.path.exists(CONFIG_FILE):
try:
with open(CONFIG_FILE) as f:
self._data.update(json.load(f))
except Exception:
pass
def save(self):
os.makedirs(os.path.dirname(CONFIG_FILE), exist_ok=True)
with open(CONFIG_FILE, "w") as f:
json.dump(self._data, f, indent=2)
def to_dict(self):
return dict(self._data)
def safe_dict(self):
"""Config dict with sensitive values masked."""
d = dict(self._data)
for k in list(d.keys()):
if "password" in k.lower() or "secret" in k.lower() or "token" in k.lower():
v = d[k]
if isinstance(v, str) and v:
d[k] = v[:6] + ""
return d
Reference in New Issue Copy Permalink