Re: Script for sniffing traffic.
Hello comaX,
First of all, thanks for sharing your script... I was testing it and noticed the victims can't play youtube while the script is running. I tested with Chrome and Safari with the same results. The videos seems to be loading but doesn't load and so, doesn't play. The script works great, but the stealth factor starts to fail when the victims guess something is weird. Is there a fix for it? Thanks in advanced.
Re: Script for sniffing traffic.
Nice script. It works in my BT5R1 KDE 32 like a charm. I have some problems in ssl, cause I can't get passwords from SSL sites.
Maybe it's my problem I don't know. The settings seems to be ok
@JUUJUU: If you want to see what sites the clients visit try: urlsnarf -i wlan0 (In wlan0 enter your interface, e.g. eth0, wlan0, wlan1 etc)
Re: Script for sniffing traffic.
Are you sure you're not logging on in the test case in https://... If you are then being the MiTM won't help, because all traffic is encrypted anyway. You need to make sure SSlStrip is taking away the HTTPS and making it HTTP only. If it's not, then try using the ettercap option and spoofing the ssl connection. Although that might take some social engineering to work in the wild... If the options that I suggested to ComaX (Allowing user input for the decision of either fake ssl, sslstrip, padlock icon, fake certificate etc...) get put in place, then it'll be easier. But until then good luck.Originally Posted by khaos
World Domination is such an ugly phrase. I prefer the term World Optimization.
Re: Script for sniffing traffic.
Damn, I forgot about those. Sorry.If the options that I suggested to ComaX (Allowing user input for the decision of either fake ssl, sslstrip, padlock icon, fake certificate etc...) get put in place
It's been a while I didn't write anything new.
About the padlock icon, don't you think it's better to leave it the way it is ? Do you think some people might not want it ? If so, I will make that an option.
I'll try to work on the other stuff you mentioned to, if I have the time.
Cheers !
Running both KDE and GNOME BT5 flawlessly. Thank you !
Re: Script for sniffing traffic.
I think that the initiation of the script should look like this
./yamas
(a)rpspoof or (e)ttercap?
if a then keep all the defaults the way they are
if e then
do you want to (s)trip the ssl connection or to s(p)oof it?
if s then keep defaults and do you want to add the (p)adlock icon in the users browser?
if p then
do you want to use a fake certificate or not?Y/n?
the flow of this will allow the user to define all his own options and still provide the functionality of the other options to those who want them. Let me know. Thanks. Still looking forward to the update.
World Domination is such an ugly phrase. I prefer the term World Optimization.
Re: Script for sniffing traffic.
AHH double post sorry!! Screwed up browser on a slow computer....
Last edited by ShadowMaster; 11-24-2011 at 10:46 PM. Reason: Moderators, please delete...
World Domination is such an ugly phrase. I prefer the term World Optimization.
Re: Script for sniffing traffic.
I'll leave the ettercap option as a parameter passed to the script, but I think I'll use this kind of menu, it's a good idea ! By the way, if you have an idea of how to script this, you can submit it to me and you'll get the proper credits(a)rpspoof or (e)ttercap?
if a then keep all the defaults the way they are
if e then
do you want to (s)trip the ssl connection or to s(p)oof it?
if s then keep defaults and do you want to add the (p)adlock icon in the users browser?
if p then
do you want to use a fake certificate or not?Y/n?
the flow of this will allow the user to define all his own options and still provide the functionality of the other options to those who want them. Let me know. Thanks. Still looking forward to the update.
My main problem is that I never much used ettercap for the ssl stuff because I think it's bad SE, but surely I understand why someone would want that, so it makes sense to add it.
Cheers
Btw, is it me or is the site going really slow those last couple of weeks ?
Running both KDE and GNOME BT5 flawlessly. Thank you !
Re: Script for sniffing traffic.
It might be just the two of us, its been sluggish for me as well.I'll leave the ettercap option as a parameter passed to the script, but I think I'll use this kind of menu, it's a good idea ! By the way, if you have an idea of how to script this, you can submit it to me and you'll get the proper credits
My main problem is that I never much used ettercap for the ssl stuff because I think it's bad SE, but surely I understand why someone would want that, so it makes sense to add it.
Cheers
Btw, is it me or is the site going really slow those last couple of weeks ?
So. The "new" flow looks like this.
./yamas - same old, same old.
./yamas -e
Do you want.... (all the previous menu options.)
BTW, I'm not sure what you mean Bad SE?
Any way, I've never really scripted anything in bash, but I've got years of experience with c and .net, so it might be ported. That being said, if I knew what I was doing in bash, I would write it like so:
All vars would be booleans
var=(strip or spoof?)
if strip then var1=(padlock?)
if var1 then
run command w/ padlock, exit function/loop
if not var1 then
run command w/o padlock, exit function/loop
if spoof then var1=(add cert?)
if var1 then
run command w/ cert, exit function/loop
if not var1 then
run command w/o cert, exit function/loop
This psuedocode could be ported to bash fairly easily, I just don't know how... But I leave that to the experts like you.
Let me know. Thanks.
World Domination is such an ugly phrase. I prefer the term World Optimization.
Re: Script for sniffing traffic.
I wouldn't call myself an expert at all, but thanks ! I guess I'll have to do some reading on ettercap's functionnalities.
By "bad SE", I mean that any decent browser these days would say "bad cert, don't go there", I can't imagine someone thinking "You know what browser ? F*ck you, imma going' there !"
I guess I still want to believe in humanity after all
EDIT :
I came across a MAJOR problem while working on this... Unless I understood something the wrong way, you either spoof ssl connection with ettercap's fakessl (which includes fakecert), and you WILL have https etc or you use sslstrip to get rid of the ssl.
But you can't do both at the same time.
So including fakessl would mean disable sslstrip, which will mean that the password parsing won't work, which pretty much defeats the whole goal of the script.
Correct me if I'm wrong !
Meanwhile, I'll keep digging.
EDIT :
@AnimusDominiI believe, it was posted retroactively... So, as I told you, I never experienced such a thing, but it would make sense if the videos were slow to load. I'll ask people to provide feedback in the "message of the day" in the script, hoping people actually read it ^^Hello comaX,
First of all, thanks for sharing your script... I was testing it and noticed the victims can't play youtube while the script is running. I tested with Chrome and Safari with the same results. The videos seems to be loading but doesn't load and so, doesn't play. The script works great, but the stealth factor starts to fail when the victims guess something is weird. Is there a fix for it? Thanks in advanced.
Last edited by comaX; 11-26-2011 at 09:15 AM.
Running both KDE and GNOME BT5 flawlessly. Thank you !
Re: Script for sniffing traffic.
thanks for your reply but I didnt understand what you mean. I have run yamas and when I tried to login in my test pc ("victim") in gmail via: https://gmail.com doens't strip the ssl.
Maybe I have not understand how sslstrip works. I think that sslstrip removes the ssl and the site will be http://gmail.com and not givint a fake ssl certificate to the victim (as cain and abel). So what I have wrong?
Posting Permissions
