XMPPloit is a command-line tool to attack XMPP connections, allowing the attacker to place a gateway between the client and the server and perform different attacks on the client stream.
The tool exploit implements vulnerabilities at the client & server side utilizing the XMPP protocol. XMPP is a protocol for communication and so is HTTP. Both XMPP and HTTP will internally use socket connections.
The main goal is that all the process is transparently for the user and never replace any certificate (like HTTPS attacks).
- Downgrade the authentication mechanism (can obtain the user credentials)
- Force the client not to use an encrypted communication
- Set filters for traffic manipulation