From Wikipedia, the free encyclopedia
Jump to: navigation, search
Original author(s) r00t0v3rr1d3 (Chris Shields), 0sm0s1z (Matthew Toussain)
Initial release July 23, 2012
Stable release 5.0.8 / March 22, 2013; 12 months ago (2013-03-22)
Development status Active
Written in Python
Operating system Linux
Available in English
Type Computer security
License GNU General Public License

Subterfuge is a free and open source network security framework to demonstrate man-in-the-middle attacks and make it as simple as point and shoot.[1] Subterfuge demonstrates vulnerabilities in the Address Resolution Protocol by harvesting credentials that go across the LAN, and even exploiting machines through client-side browser injection. It is capable of running on all distributions of Linux, but developer support is limited to Kali Linux. It is capable of leveraging multiple man-in-the-middle attacks against target networks.


Subterfuge Features include:

  • ARP Cache Poisoning
  • Credential Harvester
  • Http Code Injection
  • Wireless AP Generation
  • WPAD Hijacking
  • Rogue DHCP

Graphical Interface[edit]

Subterfuge is known for its extremely modern web-based interface. The interface includes alternate perspectives for man-in-the-middle attacks through its unique network view. Subterfuge and its GUI’s purpose are primarily to demonstrate the dangers of man-in-the-middle attacks through their ease of employment with the framework itself.


  1. ^ "Subterfuge (Man-in-the-Middle Attack Framework)". Raj Chandler. 12 December 2012. Retrieved 18 November 2013. 

External links[edit]