Seeking advice on my moddboxx port forwarding script
The object of this script is to automate running an evil access point (ie MODDBOXX). You connect your ethernet port to the WAN port on your ap and then moddboxx......
1. Sets up dhcp for WAN port of the ap (works)
2. Changes your wlan0 mac address (works)
3. starts sslstrip / ettercap for mitm (sslstrip works great / ettercap not implemented yet)
4. starts radius server w/ an "evil" anon "Free Wifi" login prompt that connects back to metasploit (not finished yet)
5. opens various konsoles so that files / connections can be monitored in real time (works)
6. automates airdrop-ng to drop clients from other ap's (works okay on 1 card.. would be better with 2)
I had to move the script to the reply. It's almost too long for one post. Doh!
1. Setting mac on iface to allow a static entry in airdrop's droprules.conf works now
2. Fixed airdrop. If we set airodump on 1 channel and then run airdrop -s 30 (for every 30 seconds) it's enough to *encourage* clients to connect without overloading the card so we can still have internet access. Would be MUCH better with two cards I think but it functions on just one. The script would have to be edited to allow for two cards.
3. Added aireplay-ng to deauth clients as well. Currently it only runs once but I'm going to try to find a way to loop it where you can select target mac, send a few deauth packets, then select another mac, so on and so forth.
4. Tailing sslstrip so you can see info coming in. Still have NOT fixed grepping out the domain/username/password. Right now we grep out any secure posts, which sslstrip does on its own, but I wanted to set it up where as much info was captured as possible and important info was then grep/awk/sed into a separate txt file. It is actually pretty easy to read through the secure posts though. Still would like to refine it anyway.
5. Script checks to see if mon0 is already up. If yes then it does nothing, if no it enables monitor mode. This was a big deal because if you ran the script 2,3, or 4 times you'd end up with mon1,mon2, ect. and that was annoying.
Things I'm working on / need help with........
1. Trying to setup an http redirect or something where the first time a user logs on they have to go to a "accept terms and conditions page" and after they accept then they can access the WAN. Not really sure how to do that yet. Freeradius seems like it may be a solution however I'm not sure that it's really necessary.
2. The grep >> pass.txt needs to be refined. I have it set up where it logs logins and passwords but they are not assosiated so you kind of have to pick and match.... that needs some fixin.
3. Would like to set up a trap (I think it's a trap?) to rm any tmp files when the script exits. ex: droprulesmod.conf / tmp.txt
4. When airodump starts it appends a "0-1" to the end of the capture file... which is fine. What I'd like to do is have the script use the latest one for airdrop. It is currently static and just uses "capture-01.csv" but if this is the second time ( or 3rd 4th ect) that airodump has run in that dir moddboxx still uses "0-1" for airdrop.
5. Lots of other stuff I'd like to add that I'll get to eventually.
Last edited by lithiumr1; 03-22-2010 at 07:30 AM.
Tags for this Thread