Initial commit — SetecMITM generic IoT MITM framework

Templated from cam-mitm. The camera-specific code (UBox cloud client,
CVE verifiers, OAM HMAC signing, fuzzer wordlists) is removed; what's
left is the generic core: ARP spoof, DNS spoof, HTTP/HTTPS interception
with peek-before-wrap, raw sniffer with conntrack-based original-dst
lookup, protocol fingerprinting, intruder detection, packet injection,
log rotation, PyQt6 GUI on top of a service Controller.

All 'camera' references renamed to 'target' throughout. Configuration
moved into ~/.config/setec-mitm/config.json with the Settings tab as
the primary editor. Plugin system at targets/<name>/plugin.py for
vendor-specific code.

See README.md for full setup, plugin authoring, and troubleshooting.

Co-authored by Setec Labs.

config.py

@@ -0,0 +1,97 @@
+"""SetecMITM configuration management"""
+
+import json
+import os
+
+DEFAULT_CONFIG = {
+    # ── Network targets ─────────────────────────────────────────
+    "target_ip":   "",                  # IP of the device under test
+    "target_mac":  "",                  # MAC of the device under test
+    "our_ip":      "",                  # IP of THIS box (the MITM host)
+    "router_ip":   "",                  # gateway IP
+    "iface":       "",                  # network interface name (e.g. eth0)
+
+    # ── Logging / output ────────────────────────────────────────
+    "log_dir":     os.path.expanduser("~/setec_mitm_logs"),
+    "log_max_bytes": 1024 * 1024 * 1024,    # 1 GiB rotation
+
+    # ── Services to auto-start (each can be toggled in the GUI) ─
+    "auto_arp":      True,
+    "auto_dns":      True,
+    "auto_http":     True,
+    "auto_https":    True,
+    "auto_sniffer":  True,
+    "auto_intruder": True,
+    "auto_udp_ports": [],               # list of UDP ports to listen on
+
+    # ── DNS spoofing ────────────────────────────────────────────
+    # If empty, DNS spoof catches every query and points it at us.
+    # Otherwise only entries here are spoofed (others passed through).
+    "dns_spoof_only": [],
+
+    # ── Intruder watch ──────────────────────────────────────────
+    # CIDRs the target is *expected* to talk to. Anything outside
+    # these gets flagged in the Intruders tab.
+    "intruder_known_nets": [],
+
+    # ── REST API ────────────────────────────────────────────────
+    "rest_port": 9090,
+
+    # ── Plugin loader ───────────────────────────────────────────
+    # Name of a target plugin under targets/<name>/. The plugin can
+    # provide a custom client, fuzzer endpoint list, CVE checks, and
+    # protocol fingerprints. See targets/example/ for the layout.
+    "target_plugin": "",
+}
+
+CONFIG_FILE = os.path.expanduser("~/.config/setec-mitm/config.json")
+
+
+class Config:
+    def __init__(self):
+        self._data = dict(DEFAULT_CONFIG)
+        self.load()
+
+    def __getitem__(self, key):
+        return self._data[key]
+
+    def __setitem__(self, key, value):
+        self._data[key] = value
+
+    def get(self, key, default=None):
+        return self._data.get(key, default)
+
+    def keys(self):
+        return self._data.keys()
+
+    def items(self):
+        return self._data.items()
+
+    def update(self, d):
+        self._data.update(d)
+
+    def load(self):
+        if os.path.exists(CONFIG_FILE):
+            try:
+                with open(CONFIG_FILE) as f:
+                    self._data.update(json.load(f))
+            except Exception:
+                pass
+
+    def save(self):
+        os.makedirs(os.path.dirname(CONFIG_FILE), exist_ok=True)
+        with open(CONFIG_FILE, "w") as f:
+            json.dump(self._data, f, indent=2)
+
+    def to_dict(self):
+        return dict(self._data)
+
+    def safe_dict(self):
+        """Config dict with sensitive values masked."""
+        d = dict(self._data)
+        for k in list(d.keys()):
+            if "password" in k.lower() or "secret" in k.lower() or "token" in k.lower():
+                v = d[k]
+                if isinstance(v, str) and v:
+                    d[k] = v[:6] + "…"
+        return d