/surfjack

Automatically exported from code.google.com/p/surfjack

Primary LanguagePython

This is a demonstration tool for the Surf Jack attack.
It is able to hijack the cookie for various sites
(some of which make use of HTTPS) and allows the tester to login as the victim.

By: Sandro Gauci <sandro@enablesecurity.com>

Requirements:
Scapy - http://www.secdev.org/projects/scapy/
Scapy's requirements
Python 2.4+

Features:
	* Does Wireless injection when the nic is in monitor mode
	* Supports Ethernet
	* Support for WEP (when the nic is in monitor mode)

Known issues:
	* Sometimes the victim is not redirected correctly (particularly seen when targeting Gmail)
	* Cannot stop the tool via a simple Control^C. This is a problem with the proxy

Installation:
	1. Get scapy from http://hg.secdev.org/scapy/raw-file/tip/scapy.py
		For more on installation of scapy:
		http://www.secdev.org/projects/scapy/portability.html
	2. Extract Surf Jack files into the same directory as scapy.py

Running:
$ ./surfjack.py --help
Usage: just run surfjack.py. use --help to print out the help

Options:
  --version         show program's version number and exit
  -h, --help        show this help message and exit
  -i INTERFACE      specify an interface
  -v                increase verbosity
  -q                quiet mode
  -j INJIFACE       interface to use to inject packets with
  -W WEPKEY         WEP key
  -c CONFIG         Specify a custom configuration file
  --dontignoreself  Disable ignoring of own traffic
  
$ ./surfjack.py -i wlan0 -v