Yamas : a mitm sniffing script for lan.

Printable View

2013-04-20
comaX

Yamas : a mitm sniffing script for lan.

NOTE : THIS WON'T WORK ON GOOGLE'S SERVERS. EVER.
ARPSPOOF, SO FAR, SEEMS BROKEN. NOTHING TO DO WITH YAMAS.
USE ETTERCAP (-e) INSTEAD.

There are a lot of those scripts, hence the name : Yet Another Mitm Automation Script.
It was originally made for BT4r2, but has evolved since then and is now compatible with the latest Kali Linux.

I can't post the script here without raising some kind of warning due to the presence of certain words used for parsing sslstrip's logs, but please review the source at http://yamas.comax.fr

You will be able to view the source, download the script and view a demo video.

It works just great for me, so I hope it will for you too.

Current main features are :
- Real-time output of creds without definition files : any credential, from any website should show up, as well as the site it was used on ! That is, for unprotected websites, which means most. It won't work on Google's server, don't bother.
- Log parsing for user-friendly output.
- DNS spoofing once attack is launched
- Network mapping for host discovery.
- Can save dumped passwords to file as well as the whole log file.
- Support for multiple targets on the network, as well as adding targets after attack is launched.
- Sslstrip checking (existence, executable, directory)
- Standalone script, updatable, interactive (new !).

Please don't hesitate to give me your feedback, I'm always looking for new ideas, and ways to improve it !

Check http://comax.fr/yamas.php for more infos, video, other platform versions and an article about how to protect you from it !
2013-04-21
Spyslab

Thanks for the script... great help its been.
2013-04-28
testingresults

Thanks, comaX, I've always enjoyed your script.

Glad to see an updated version.
2013-04-30
grik

Very nice script, been using since it was launched.

Thanks for your work comaX
2013-05-01
The Prophet

This is just a amazing script, and it should be in the repo. I use it with Arpspoof, and I can confirm it does work with kali Well done coming up with this one.

Use yamas -e to change from arpspoof to ettercap.
2013-05-01
xxyxxyxx

Hi everyone.

I'm running Yamas on kali linux (last version). I got 2 errors when I try to DNS spoof: if I chose to use ettercap dns_spoof plugin it says :

BUG at [/root/ettercap/src/ec_ui.c:ui_register:359]
ops->input == NULL

If I chose to use DNSspoof it says: /usr/bin/yamas: line 409: [: missing `]'

In both cases (wheter I use "yamas -e" or juste "yamas") dns spoofing is not working.

Do you have any solution?

Regards
2013-05-01
wido046

for me yamas dont sniff the https packet correctly or gmail or facebook change the ssl key or something like that any solution for that?????
2013-05-02
comaX

Quote:

Originally Posted by xxyxxyxx

Hi everyone.

I'm running Yamas on kali linux (last version). I got 2 errors when I try to DNS spoof: if I chose to use ettercap dns_spoof plugin it says :

BUG at [/root/ettercap/src/ec_ui.c:ui_register:359]
ops->input == NULL

If I chose to use DNSspoof it says: /usr/bin/yamas: line 409: [: missing `]'

In both cases (wheter I use "yamas -e" or juste "yamas") dns spoofing is not working.

Do you have any solution?

Regards

Thanks for posting here too. Would you happen to be French ? (you wrote "juste")

Quote:

Originally Posted by wido046

for me yamas dont sniff the https packet correctly or gmail or facebook change the ssl key or something like that any solution for that?????

This doesn't make much sense mate. You can't sniff https packets; or more accurately, you can, but it's pointless. I guess what you are trying to say is that sslstripping is not working for you, is it ?
2013-05-02
wido046

Quote:

Originally Posted by comaX

This doesn't make much sense mate. You can't sniff https packets; or more accurately, you can, but it's pointless. I guess what you are trying to say is that sslstripping is not working for you, is it ?

exactly have u a solution to that ?
2013-05-03
Dmtguy

Probably because you have installed the new version of ettercap, and this script doesnt work.
Please fix this script to work with the new Ettercap 0.76
2013-05-14
reaperz73

Great script comaX !
2013-05-29
Osile

I try to use it in a vmware and it's running fine no errors, but it doesn't show anything. Using a bridged network adapter.

Any Ideas ? Should I connect a usb network card ?
2013-05-29
comaX

I don't remember what's the exact terminology but you have to configure the VM so that it is a independent equipment on the network. Using an external USB wifi device is also a good way to go !
2013-05-29
Osile

Now I'm using a USB wifi device, but still whatever I do nothing appears in the log...
2013-05-30
comaX

Are you using arpspoof or ettercap for poisoning ?
2013-05-30
Osile

arpspoof..
2013-05-30
wewe73

hi comaX, thank you for yamas, very yamy tool :-) very nice to see it working on kali, thank you again,

issak
2013-06-03
scorpoin

I'm having issue with yamas script. Ive update ettercap version as well downloaded new yamas script. I tried with arpspoof and ettercap both but it does not work out on https. when I open gmail it browse straight to https and yamas unable to sniff that traffic. I'm using default setting. Do I need to make changes to ettercap or in yamas??? plz help

Regards
Scorpoin
2013-06-03
comaX

Allright, cf. OP.
2013-06-04
reaperz73

arpspoof works just fine.
facebook works fine
yahoo mail working fine
and no gmail will not work as comaX said.
many others working fine.
2013-06-04
comaX

Quote:

Originally Posted by reaperz73

arpspoof works just fine.
facebook works fine
yahoo mail working fine
and no gmail will not work as comaX said.
many others working fine.

Good sum up.
As for arpspoof, I was refering to http://forums.kali.org/showthread.ph...light=arpspoof and the numerous mails I have received. I myself haven't had any problem with it though.
2013-06-15
Killya

Hey!

Just found out about Yamas, dying to get it working! :D
I'm using kali linux and as soon as I found out that I got my passwords with normal http sites with wireshark I knew that sniffing worked.
I started yamas (with arpspoof) and got no results (arpspoof screen was blank), so after some googling I found out that this is because of kali blabla, so since then I used the -e parameter

Now I try to work with ettercap and sslstrip but both do not seem to be working :(.
The sites which I could sniff my own login with wireshark didn't popup in the password screen, so that meant ettercap isn't working right? I uncommented the lines in the etter.conf files on the iptables, but still no result.
Also, the sites I load stay an https link, so I guess the sslstrip isn't working either.

I boot up yamas normally with "yamas -e" and it tells me everything is fine after using the default values, does anyone have any clue what is happening? Thanks in advance!

EDIT: I did some research on what happens behind the curtains when I use ettercap. Ettercap seems to succeed into arp-spoofing, I see all the packets going out where ettercap identifies my MAC adress with the victims ip's. Now, the problem is that no packets are being forwarded. When I type in a url I see DNS querys flying through the air but there never is a response, also when I type in ip's into my url-bar the sites don't load as well. That sounds to me as if the packets are not being forwarded, does anyone have anything to say about this? :O

Ciao!
2013-07-08
GreyHat

I tried this today for the first time, on kali linux, arpspoof doesnt work, after some googling i came by this thread and tried yamas -e.

Im running kali in a virtual machine, i can grab credentials from the host PC, however if i try a different PC on the network, nothing happens? (if i scan the network the IP is listed)

Any ideas whats going wrong?
2013-07-09
comaX

There must be something wrong from the way you configured your VM. To bypass that kind of issue, you can plug a physical usb wifi dongle to the PC and attach it to the VM. That way you will be physically connected to your network.
2013-07-09
anashlali

Hi comaX

your script "yamas" is verey verey cool, I'm using it for more than year, but with Kali I have those problems all talking about, I'm waiting for a fix, just keep working, and again thanks for your efforts and sharing.
2013-07-29
venom

hey while i tried to install yamas on kali ut says permission denied so no what i have to do ???
2013-08-24
Vulpi

Hey comaX,

Seeing as though Arpspoof breaks your script, I've modified it to run Spoofa instead. (http://forums.kali.org/showthread.ph...of-replacement)

Have a look at: https://github.com/SilverFoxx/Yamas

Feel free to use the code if you approve. This commit shows the changes from your original.
2013-09-10
Coldblackice

A minor issue --

Despite starting YAMAS in ettercap mode with the "-e" switch, when you try to manually add targets while it's running, it adds them in regular arpspoof-mode, and not with ettercap.
2013-09-23
Rarity

Thanks for updating the script comaX! I'm going to test it out and I'll report back if I run into any problems.
2013-10-17
johnnick69

hello , i try to use the yamas in kali , but not work , nothing grap ...
sslstrip 0.9, arpspoof 2.4 , ettercap 8.0 ... any idea ?
2013-10-18
zimmaro

Quote:

Originally Posted by johnnick69

hello , i try to use the yamas in kali , but not work , nothing grap ...
sslstrip 0.9, arpspoof 2.4 , ettercap 8.0 ... any idea ?

hi :)
i'm not expert!!
in my kali-vm-TESTING (ONLY used on MY-RISK):o
I replicated the dsniff package (default) with the "old" version dsniff_2.4b1 + debian-18_i386.deb or ... _amd64.deb && redirected traffic on port 10000 for sslstrip ... &&& my mythical yamas seem to work-sufficiently

PS:very little screenshots @zoom
http://imageshack.us/f/822/4emt.png/
2014-01-02
Jeteroll

After updating my system (I expect the problem is ettercap) Yamas breaks and I can no longer use it. Nothing is getting SSL stripped.
2014-01-15
minhjirachi

Quote:

Originally Posted by Jeteroll

After updating my system (I expect the problem is ettercap) Yamas breaks and I can no longer use it. Nothing is getting SSL stripped.

You right. The same with me.
2014-01-17
comaX

Hi guys, it's been a while!

I just updated both my computers. Yamas still works, but here are a few things to note.
- Arpspoof won't work when targeting the whole network. Use Ettercap instead (-e).
- Arpspoof will work if you want to target specifically.
- Ettercap DOES work (I'm on 0.8.0)
- The parser won't work for websites using this kind of posting :
2014-01-17 11:42:04,068 POST Data (www.website.com):
{"UserName":"FOO","Password":"BAR"}
- The parser will break for some unknown reason (HELP!!) when some string or characters are present. The parser will just stop parsing and I can't figure why for the life of me.
I can't paste it here, but you can grab the litigious stuff here : http://comax.fr/yamas/break.txt

I was wondering, given the fact that the parser can be broken that easily if it wouldn't be better to use the default sslstrip logging (only POST data) so that it's more readable in case you notice something isn't showing up as it should. Also, I think most people don't really use the whole log file anyway.
What do you guys think ?
2014-01-17
bond benz

nice brother thank's :)