Trickfire Spoofing Script

Trickfire Spoofing Script: Posted Jul 25, 2013; Authored by Vittorio Milazzo; Bash script that permits spoofing of LAN connections and deceive firewalls, proxies, and IDS/NIDS traffic logging.; tags | tool, spoof, bash; systems | linux, unix; SHA-256 | 15c6799ab16cd99792a8c63e30913b42b5ff3d802a554e339bb9f51cb44423a9; Download | Favorite | View

Trickfire Spoofing Script

#!/bin/bash

# Version:  0.1 (24/07/2013)
# Author:  Vittorio Milazzo - vittorio.milazzo at gmail.com
#
# Notes:  Bash script that permit to spoof Lan connections
#     and deceive firewall,proxy,IDS/NIDS traffic logging.
#
# Prerequisite packages: macchanger, netfilter


# ============
# Intended use
# ============
# The script purpose is to test how is possible to deceive firewall/proxy/NIDS logging in a local network.


# ==========
# Disclaimer
# ==========
# The author published this script and the information under the condition that them 
# will not be used for to bring to himself or others a profit or to bring to others damage.
# The author is not responsible for any damage or losses of any kind caused by the use or 
# misuse of the script and from the information contained therein.
# Author is not liable in any case of damage, including direct, indirect, incidental, 
# consequential loss of business profits or special damages.


# =======
# Details
# =======
# Three-way handshake completition:
# This script assign ip alias ($spoof_ip) to network interface card, and change mac-address 
# using macchanger. After wich, iptables SNAT will send outgoing packets with ip alias address
# and mac-address that we have changed. Hosts that will receive SYN spoofed packets, 
# will response with ACK flags to our ip alias (so packets will reach us), and SYN/ACK packets will be send 
# from our ip alias to target hosts.
#
# BE CAREFULL:
# When spoofed ip/mac address is an alive host in our Lan, it may happen that both (we and spoofed host)
# will lose some packets and some established connections will drop.




clear
BANNER="trickfire v.0.1: Spoofing Lan connection - Firewall and IDS/NIDS deception logging"




#########################
# 1.) NETWORK VARIABLES #
#########################

# Set Lan default gateway ip address
router="192.168.0.200"



# Set network interface card used for spoofing
interface="eth0"



# Our real ip address
real_ip=`ifconfig $interface | grep 'inet addr:' | cut -d: -f2 | awk '{ print $1}';`



# Our authentic mac address
real_mac="c8:0a:a9:c0:49:a4"







##########################
# 2.) SPOOFING VARIABLES #
##########################
#
# VARIANTS:
#
# A.) SPOOF LAN CONNECTION AND DECEIVE INTERNET TRAFFIC LOGGING
#
# For deceive firewall/proxy or IDS/NIDS logging, you need to send spoofed packets to their.
#
# But if you are not sure about firewall or Nids ip address, or you don't know if in Lan there are some other NIDS 
# or sniffer with ip address on a different class, will be better to send spoofed packets to all (0/0).
# This setting will permit to spoof connection vs all Lan hosts too.
#
#
# B.) DECEIVE ONLY INTERNET TRAFFIC LOGGING
#
# Otherwise, if in your network is not present a proxy server or IDS/NIDS, or you are not interested 
# to test spoofing Lan connections, you can deceive Firewall Internet traffic logging specifying your 
# Lan class ID with net prefix. (Ex: lan_id="192.168.0.0/24").
# With this option, iptables SNAT doesn't will send spoofed packets on entire Lan network ( ! -d $lan_id ),
# and spoofed packets will arrive (and will log) only from default gateway (firewall or router).
#
# If you will use this setting, remember to comment/uncomment too appropriate iptables command below (in functions section).
lan_id="0/0"



# Ip address that you want to spoof
spoof_ip="192.168.0.216"



# Mac address that you want to spoof
spoof_mac="ec:9a:74:64:f6:33" 








#################
# 3.) FUNCTIONS #
#################


enable_spoof ()
      {
        ifconfig $interface down

        macchanger -m   $spoof_mac   $interface >/dev/null

        ifconfig $interface:1  $spoof_ip

        ifconfig $interface up

        # A.) SPOOF LAN CONNECTION AND DECEIVE INTERNET TRAFFIC LOGGING
        # Use this if you have set variable lan_id="0/0"
        #
        iptables -t nat -I POSTROUTING -d $lan_id -j SNAT --to  $spoof_ip


        # B.) DECEIVE ONLY INTERNET TRAFFIC LOGGING
        # Use this if you have set variable lan_id="x.x.x.x/net_prefix"
        # (and comment iptables command above).
        #
        #iptables -t nat -I POSTROUTING ! -d $lan_id -j SNAT --to  $spoof_ip

        # Block incoming connection (to avoid to be detected by possible listening services)
        iptables -I INPUT -i $interface -d $spoof_ip -p tcp --syn -m state --state NEW -j DROP
        iptables -I INPUT -i $interface -d $spoof_ip -p udp -m state --state NEW -j DROP

        route add default gw $router
       }






disable_spoof ()
      {
         ifconfig $interface down >/dev/null

         macchanger -m $real_mac  $interface >/dev/null

         ifconfig $interface:1 down 2>/dev/null

         iptables -t nat -F

         ifconfig $interface  up
         
         echo -e "\033[0;32mDefault gateway: $router\033[m"
         route add default gw $router
      }



case "$1" in




start)
  
  echo; echo -e  "\033[31m$BANNER\033[m"; echo
  echo; echo -e "\033[31m- Spoofing started"; echo
  echo -e "\033[0;32mInterface:  $interface\033[m"
        echo -e "\033[0;32mSpoofed ip: $spoof_ip\033[m"
        echo -e "\033[0;32mSpoofed mac address: $spoof_mac\033[m"
        echo
  enable_spoof
  echo
        exit 0
            ;;




stop)
  echo; echo -e  "\033[31m$BANNER\033[m"; echo
  echo; echo -e "\033[31m- Spoofing stopped\033[m";echo
  echo -e "\033[31mBack to normal configuration:\033[m"; echo
        echo -e "\033[0;32mInterface:  $interface\033[m"
  echo -e "\033[0;32mIp address: $real_ip\033[m"
  echo -e "\033[0;32mMac adress: $real_mac\033[m"
  disable_spoof
  echo
  exit 0
  ;;



*) 
  echo
  echo -e " \033[31m#####################################################################\033[m"
  echo -e " \033[31m# trickfire v.0.1                                                   #\033[m"
        echo -e " \033[31m#                                                                   #\033[m"
  echo -e " \033[31m# Spoofing Lan connection - Firewall and IDS/NIDS deception logging #\033[m"
        echo -e " \033[31m#                                                                   #\033[m"
  echo -e " \033[31m# Vittorio Milazzo - vittorio.milazzo at gmail.com                  #\033[m"
  echo -e " \033[31m#####################################################################\033[m" 
  echo;echo -e "\033[36m1.) Change variables inside the script\033[m"
  echo;echo -e "\033[36m2.) Usage: ./trickfire.sh {start|stop}\033[m"
  echo
   exit 1
  ;;

esac

exit 0

Top Authors In Last 30 Days

Red Hat 247 files
Ubuntu 62 files
Debian 22 files
Apple 14 files
LiquidWorm 12 files
Gentoo 8 files
Google Security Research 4 files
Jann Horn 3 files
Alter Prime 3 files
Andrey Stoykov 3 files

File Archives

Systems

AIX (430)
Apple (2,132)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,169)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,607)
HPUX (881)
iOS (395)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (52,011)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,372)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (10,008)
UNIX (9,481)
UnixWare (188)
Windows (6,785)
Other

Trickfire Spoofing Script

Trickfire Spoofing Script

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Trickfire Spoofing Script

Share This

Trickfire Spoofing Script

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems