From d08f20886ccfd44fb03248d5088cb59a89d9463b Mon Sep 17 00:00:00 2001 From: v1s1t0r1sh3r3 Date: Sun, 11 Aug 2024 02:32:53 +0200 Subject: [PATCH] Add feature to know during an Evil Twin captive portal attack, if the client accessed the portal --- CHANGELOG.md | 1 + airgeddon.sh | 34 ++++++++++++++++++++++++++++------ language_strings.sh | 14 ++++++++++++++ 3 files changed, 43 insertions(+), 6 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9223115b6..a6a4365c8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,7 @@ - Fixed graphics system detection when launched on a headless system using remote X windows - Fixed minor bug on paths when selecting a directory instead of a file while saving a trophy file - Improvements on OS/distro detection + - Added feature to know during an Evil Twin captive portal attack, if the client accessed the portal ### 11.30 - Added Multi-instance support to launch more than one airgeddon at a time diff --git a/airgeddon.sh b/airgeddon.sh index 5fca8cef3..81990d31b 100755 --- a/airgeddon.sh +++ b/airgeddon.sh @@ -284,6 +284,7 @@ certspass="airgeddon" default_certs_path="/etc/hostapd-wpe/certs/" default_certs_pass="whatever" webserver_file="ag.lighttpd.conf" +webserver_log="ag.lighttpd.log" webdir="www/" indexfile="index.htm" checkfile="check.htm" @@ -6022,6 +6023,7 @@ function clean_tmpfiles() { rm -rf "${tmpdir}${bettercap_hook_file}" > /dev/null 2>&1 rm -rf "${tmpdir}${beef_file}" > /dev/null 2>&1 rm -rf "${tmpdir}${webserver_file}" > /dev/null 2>&1 + rm -rf "${tmpdir}${webserver_log}" > /dev/null 2>&1 rm -rf "${tmpdir}${webdir}" > /dev/null 2>&1 rm -rf "${tmpdir}${certsdir}" > /dev/null 2>&1 rm -rf "${tmpdir}${enterprisedir}" > /dev/null 2>&1 @@ -11318,10 +11320,21 @@ function set_et_control_script() { client_hostname="" [[ ${client} =~ .*(\(.+\)).* ]] && client_hostname="${BASH_REMATCH[1]}" if [[ -z "${client_hostname}" ]]; then - echo -e "\t${client_ip} ${client_mac}" + echo -ne "\t${client_ip} ${client_mac}" else - echo -e "\t${client_ip} ${client_mac} ${client_hostname}" + echo -ne "\t${client_ip} ${client_mac} ${client_hostname}" fi + EOF + + cat >&7 <<-EOF + if grep -qE "^\${client_ip}" "${tmpdir}${webserver_log}" > /dev/null 2>&1 && ! grep -qE "^\${client_ip} GET wpad" "${tmpdir}${webserver_log}" > /dev/null 2>&1; then + echo -ne " ${blue_color}${et_misc_texts[${language},28]}${green_color} ✓${normal_color}\n" + else + echo -ne " ${blue_color}${et_misc_texts[${language},28]}${red_color} ✘${normal_color}\n" + fi + EOF + + cat >&7 <<-'EOF' fi client_ips+=(${client_ip}) done @@ -11429,13 +11442,15 @@ function set_webserver_config() { debug_print rm -rf "${tmpdir}${webserver_file}" > /dev/null 2>&1 + rm -rf "${tmpdir}${webserver_log}" > /dev/null 2>&1 { echo -e "server.document-root = \"${tmpdir}${webdir}\"\n" echo -e "server.modules = (" echo -e "\"mod_auth\"," echo -e "\"mod_cgi\"," - echo -e "\"mod_redirect\"" + echo -e "\"mod_redirect\"," + echo -e "\"mod_accesslog\"" echo -e ")\n" echo -e "\$HTTP[\"host\"] =~ \"(.*)\" {" echo -e "url.redirect = ( \"^/index.htm$\" => \"/\")" @@ -11457,15 +11472,22 @@ function set_webserver_config() { echo -e "url.redirect = ( \"^/(.*)$\" => \"http://connectivitycheck.microsoft.com/\")" echo -e "url.redirect-code = 302" echo -e "}" - echo -e "server.bind = \"${et_ip_router}\"\n" + echo -e "server.bind = \"${et_ip_router}\"" echo -e "server.port = ${www_port}\n" - echo -e "index-file.names = ( \"${indexfile}\" )\n" + echo -e "index-file.names = (\"${indexfile}\")" echo -e "server.error-handler-404 = \"/\"\n" echo -e "mimetype.assign = (" echo -e "\".css\" => \"text/css\"," echo -e "\".js\" => \"text/javascript\"" echo -e ")\n" - echo -e "cgi.assign = ( \".htm\" => \"/bin/bash\" )" + echo -e "cgi.assign = (\".htm\" => \"/bin/bash\")\n" + echo -e "accesslog.filename = \"${tmpdir}${webserver_log}\"" + echo -e "accesslog.escaping = \"default\"" + echo -e "accesslog.format = \"%h %m %v%U %t '%{User-Agent}i'\"" + echo -e "\$HTTP[\"url\"] == \"/${jsfile}\" { accesslog.filename = \"\" }" + echo -e "\$HTTP[\"url\"] == \"/${cssfile}\" { accesslog.filename = \"\" }" + echo -e "\$HTTP[\"url\"] == \"/${checkfile}\" { accesslog.filename = \"\" }" + echo -e "\$HTTP[\"remote-ip\"] == \"${loopback_ip}\" { accesslog.filename = \"\" }" } >> "${tmpdir}${webserver_file}" sleep 2 diff --git a/language_strings.sh b/language_strings.sh index 48eadfc83..27c1930d8 100644 --- a/language_strings.sh +++ b/language_strings.sh @@ -547,6 +547,20 @@ function initialize_language_strings() { et_misc_texts["ARABIC",27]="هذا الهجوم من جزئين. تحقق أثناء الهجوم في وحدة تحكم المتشمم إذا تم التقاط كلمة سر. يمكنك أيضًا فتحوحاول التحكم في متصفح الزبون (${white_color}${beef_pass}${pink_color}:كلمة السر ${white_color}beef${pink_color}:المستخدم) ${white_color}${beef_control_panel_url}${pink_color} في BeEF هذا الهجوم من جزئين. تحقق أثناء الهجوم في وحدة تحكم المتشمم إذا تم التقاط كلمة سر. يمكنك أيضًا فتح" et_misc_texts["CHINESE",27]="这次攻击有两个部分。观察嗅探器的屏幕以查看是否出现密码。您还可以在 ${white_color}${beef_control_panel_url}${pink_color} 打开 BeEF 控制面板,登录 (用户: ${white_color}beef${pink_color} / 密码: ${white_color}${beef_pass}${pink_color}) 并尝试控制客户端浏览器" + et_misc_texts["ENGLISH",28]="Portal access" + et_misc_texts["SPANISH",28]="Acceso al portal" + et_misc_texts["FRENCH",28]="\${pending_of_translation} Accès au portail" + et_misc_texts["CATALAN",28]="\${pending_of_translation} Accés al portal" + et_misc_texts["PORTUGUESE",28]="\${pending_of_translation} Acesso ao portal" + et_misc_texts["RUSSIAN",28]="\${pending_of_translation} Доступ к порталу" + et_misc_texts["GREEK",28]="\${pending_of_translation} Πρόσβαση στην πύλη" + et_misc_texts["ITALIAN",28]="\${pending_of_translation} Accesso al portale" + et_misc_texts["POLISH",28]="\${pending_of_translation} Dostęp do portalu" + et_misc_texts["GERMAN",28]="\${pending_of_translation} Portalzugang" + et_misc_texts["TURKISH",28]="\${pending_of_translation} Portal erişimi" + et_misc_texts["ARABIC",28]="\${pending_of_translation} الوصول إلى البوابة" + et_misc_texts["CHINESE",28]="\${pending_of_translation} 门户访问" + declare -gA wps_texts wps_texts["ENGLISH",0]="The password was saved on file" wps_texts["SPANISH",0]="La contraseña se ha guardado en el fichero"