Results 1 to 35 of 35

Thread: Yamas : a mitm sniffing script for lan.

  1. #1
    Join Date
    2013-Mar
    Posts
    9

    Yamas : a mitm sniffing script for lan.

    NOTE : THIS WON'T WORK ON GOOGLE'S SERVERS. EVER.
    ARPSPOOF, SO FAR, SEEMS BROKEN. NOTHING TO DO WITH YAMAS.
    USE ETTERCAP (-e) INSTEAD.


    There are a lot of those scripts, hence the name : Yet Another Mitm Automation Script.
    It was originally made for BT4r2, but has evolved since then and is now compatible with the latest Kali Linux.

    I can't post the script here without raising some kind of warning due to the presence of certain words used for parsing sslstrip's logs, but please review the source at http://yamas.comax.fr

    You will be able to view the source, download the script and view a demo video.

    It works just great for me, so I hope it will for you too.

    Current main features are :
    - Real-time output of creds without definition files : any credential, from any website should show up, as well as the site it was used on ! That is, for unprotected websites, which means most. It won't work on Google's server, don't bother.
    - Log parsing for user-friendly output.
    - DNS spoofing once attack is launched
    - Network mapping for host discovery.
    - Can save dumped passwords to file as well as the whole log file.
    - Support for multiple targets on the network, as well as adding targets after attack is launched.
    - Sslstrip checking (existence, executable, directory)
    - Standalone script, updatable, interactive (new !).

    Please don't hesitate to give me your feedback, I'm always looking for new ideas, and ways to improve it !

    Check http://comax.fr/yamas.php for more infos, video, other platform versions and an article about how to protect you from it !
    Last edited by comaX; 2013-06-03 at 12:46.

  2. #2
    Join Date
    2013-Mar
    Location
    Jasper, Alberta, Canada
    Posts
    7
    Thanks for the script... great help its been.
    Jean-Francois

  3. #3
    Thanks, comaX, I've always enjoyed your script.

    Glad to see an updated version.

  4. #4
    Join Date
    2013-Apr
    Posts
    4
    Very nice script, been using since it was launched.

    Thanks for your work comaX

  5. #5
    Join Date
    2013-Mar
    Posts
    4
    This is just a amazing script, and it should be in the repo. I use it with Arpspoof, and I can confirm it does work with kali Well done coming up with this one.

    Use yamas -e to change from arpspoof to ettercap.

  6. #6
    Hi everyone.

    I'm running Yamas on kali linux (last version). I got 2 errors when I try to DNS spoof: if I chose to use ettercap dns_spoof plugin it says :

    BUG at [/root/ettercap/src/ec_ui.c:ui_register:359]
    ops->input == NULL

    If I chose to use DNSspoof it says: /usr/bin/yamas: line 409: [: missing `]'

    In both cases (wheter I use "yamas -e" or juste "yamas") dns spoofing is not working.

    Do you have any solution?

    Regards

  7. #7
    Join Date
    2013-Apr
    Posts
    13
    for me yamas dont sniff the https packet correctly or gmail or facebook change the ssl key or something like that any solution for that?????

  8. #8
    Join Date
    2013-Mar
    Posts
    9
    Quote Originally Posted by xxyxxyxx View Post
    Hi everyone.

    I'm running Yamas on kali linux (last version). I got 2 errors when I try to DNS spoof: if I chose to use ettercap dns_spoof plugin it says :

    BUG at [/root/ettercap/src/ec_ui.c:ui_register:359]
    ops->input == NULL

    If I chose to use DNSspoof it says: /usr/bin/yamas: line 409: [: missing `]'

    In both cases (wheter I use "yamas -e" or juste "yamas") dns spoofing is not working.

    Do you have any solution?

    Regards
    Thanks for posting here too. Would you happen to be French ? (you wrote "juste")

    Quote Originally Posted by wido046 View Post
    for me yamas dont sniff the https packet correctly or gmail or facebook change the ssl key or something like that any solution for that?????
    This doesn't make much sense mate. You can't sniff https packets; or more accurately, you can, but it's pointless. I guess what you are trying to say is that sslstripping is not working for you, is it ?

  9. #9
    Join Date
    2013-Apr
    Posts
    13
    Quote Originally Posted by comaX View Post
    This doesn't make much sense mate. You can't sniff https packets; or more accurately, you can, but it's pointless. I guess what you are trying to say is that sslstripping is not working for you, is it ?
    exactly have u a solution to that ?

  10. #10
    Join Date
    2013-May
    Posts
    2
    Probably because you have installed the new version of ettercap, and this script doesnt work.
    Please fix this script to work with the new Ettercap 0.76

  11. #11
    Great script comaX !

  12. #12
    Join Date
    2013-May
    Posts
    3
    I try to use it in a vmware and it's running fine no errors, but it doesn't show anything. Using a bridged network adapter.

    Any Ideas ? Should I connect a usb network card ?

  13. #13
    Join Date
    2013-Mar
    Posts
    9
    I don't remember what's the exact terminology but you have to configure the VM so that it is a independent equipment on the network. Using an external USB wifi device is also a good way to go !

  14. #14
    Join Date
    2013-May
    Posts
    3
    Now I'm using a USB wifi device, but still whatever I do nothing appears in the log...

  15. #15
    Join Date
    2013-Mar
    Posts
    9
    Are you using arpspoof or ettercap for poisoning ?

  16. #16
    Join Date
    2013-May
    Posts
    3
    arpspoof..

  17. #17
    Join Date
    2013-Mar
    Location
    where you can hear the silence
    Posts
    6
    hi comaX, thank you for yamas, very yamy tool :-) very nice to see it working on kali, thank you again,

    issak

  18. #18
    Join Date
    2013-May
    Posts
    11
    I'm having issue with yamas script. Ive update ettercap version as well downloaded new yamas script. I tried with arpspoof and ettercap both but it does not work out on https. when I open gmail it browse straight to https and yamas unable to sniff that traffic. I'm using default setting. Do I need to make changes to ettercap or in yamas??? plz help

    Regards
    Scorpoin

  19. #19
    Join Date
    2013-Mar
    Posts
    9
    Allright, cf. OP.

  20. #20
    arpspoof works just fine.
    facebook works fine
    yahoo mail working fine
    and no gmail will not work as comaX said.
    many others working fine.

  21. #21
    Join Date
    2013-Mar
    Posts
    9
    Quote Originally Posted by reaperz73 View Post
    arpspoof works just fine.
    facebook works fine
    yahoo mail working fine
    and no gmail will not work as comaX said.
    many others working fine.
    Good sum up.
    As for arpspoof, I was refering to http://forums.kali.org/showthread.ph...light=arpspoof and the numerous mails I have received. I myself haven't had any problem with it though.

  22. #22
    Join Date
    2013-Jun
    Posts
    1
    Hey!

    Just found out about Yamas, dying to get it working!
    I'm using kali linux and as soon as I found out that I got my passwords with normal http sites with wireshark I knew that sniffing worked.
    I started yamas (with arpspoof) and got no results (arpspoof screen was blank), so after some googling I found out that this is because of kali blabla, so since then I used the -e parameter

    Now I try to work with ettercap and sslstrip but both do not seem to be working .
    The sites which I could sniff my own login with wireshark didn't popup in the password screen, so that meant ettercap isn't working right? I uncommented the lines in the etter.conf files on the iptables, but still no result.
    Also, the sites I load stay an https link, so I guess the sslstrip isn't working either.

    I boot up yamas normally with "yamas -e" and it tells me everything is fine after using the default values, does anyone have any clue what is happening? Thanks in advance!

    EDIT: I did some research on what happens behind the curtains when I use ettercap. Ettercap seems to succeed into arp-spoofing, I see all the packets going out where ettercap identifies my MAC adress with the victims ip's. Now, the problem is that no packets are being forwarded. When I type in a url I see DNS querys flying through the air but there never is a response, also when I type in ip's into my url-bar the sites don't load as well. That sounds to me as if the packets are not being forwarded, does anyone have anything to say about this? :O

    Ciao!
    Last edited by Killya; 2013-06-21 at 15:38.

  23. #23
    Join Date
    2013-Jun
    Posts
    3
    I tried this today for the first time, on kali linux, arpspoof doesnt work, after some googling i came by this thread and tried yamas -e.

    Im running kali in a virtual machine, i can grab credentials from the host PC, however if i try a different PC on the network, nothing happens? (if i scan the network the IP is listed)

    Any ideas whats going wrong?

  24. #24
    Join Date
    2013-Mar
    Posts
    9
    There must be something wrong from the way you configured your VM. To bypass that kind of issue, you can plug a physical usb wifi dongle to the PC and attach it to the VM. That way you will be physically connected to your network.

  25. #25
    Join Date
    2013-Mar
    Posts
    12
    Hi comaX

    your script "yamas" is verey verey cool, I'm using it for more than year, but with Kali I have those problems all talking about, I'm waiting for a fix, just keep working, and again thanks for your efforts and sharing.

  26. #26
    Join Date
    2013-Jul
    Posts
    8
    hey while i tried to install yamas on kali ut says permission denied so no what i have to do ???

  27. #27
    Join Date
    2013-Mar
    Location
    Totally lost
    Posts
    45
    Hey comaX,

    Seeing as though Arpspoof breaks your script, I've modified it to run Spoofa instead. (http://forums.kali.org/showthread.ph...of-replacement)

    Have a look at: https://github.com/SilverFoxx/Yamas

    Feel free to use the code if you approve. This commit shows the changes from your original.

  28. #28
    A minor issue --

    Despite starting YAMAS in ettercap mode with the "-e" switch, when you try to manually add targets while it's running, it adds them in regular arpspoof-mode, and not with ettercap.

  29. #29
    Thanks for updating the script comaX! I'm going to test it out and I'll report back if I run into any problems.

  30. #30
    Join Date
    2013-Oct
    Posts
    6
    hello , i try to use the yamas in kali , but not work , nothing grap ...
    sslstrip 0.9, arpspoof 2.4 , ettercap 8.0 ... any idea ?

  31. #31
    Join Date
    2013-Mar
    Location
    milano
    Posts
    301
    Quote Originally Posted by johnnick69 View Post
    hello , i try to use the yamas in kali , but not work , nothing grap ...
    sslstrip 0.9, arpspoof 2.4 , ettercap 8.0 ... any idea ?
    hi
    i'm not expert!!
    in my kali-vm-TESTING (ONLY used on MY-RISK)
    I replicated the dsniff package (default) with the "old" version dsniff_2.4b1 + debian-18_i386.deb or ... _amd64.deb && redirected traffic on port 10000 for sslstrip ... &&& my mythical yamas seem to work-sufficiently

    PS:very little screenshots @zoom
    http://imageshack.us/f/822/4emt.png/

  32. #32
    Join Date
    2014-Jan
    Posts
    1
    After updating my system (I expect the problem is ettercap) Yamas breaks and I can no longer use it. Nothing is getting SSL stripped.

  33. #33
    Join Date
    2014-Jan
    Posts
    1
    Quote Originally Posted by Jeteroll View Post
    After updating my system (I expect the problem is ettercap) Yamas breaks and I can no longer use it. Nothing is getting SSL stripped.
    You right. The same with me.

  34. #34
    Join Date
    2013-Mar
    Posts
    9
    Hi guys, it's been a while!

    I just updated both my computers. Yamas still works, but here are a few things to note.
    - Arpspoof won't work when targeting the whole network. Use Ettercap instead (-e).
    - Arpspoof will work if you want to target specifically.
    - Ettercap DOES work (I'm on 0.8.0)
    - The parser won't work for websites using this kind of posting :
    2014-01-17 11:42:04,068 POST Data (www.website.com):
    {"UserName":"FOO","Password":"BAR"}
    - The parser will break for some unknown reason (HELP!!) when some string or characters are present. The parser will just stop parsing and I can't figure why for the life of me.
    I can't paste it here, but you can grab the litigious stuff here : http://comax.fr/yamas/break.txt

    I was wondering, given the fact that the parser can be broken that easily if it wouldn't be better to use the default sslstrip logging (only POST data) so that it's more readable in case you notice something isn't showing up as it should. Also, I think most people don't really use the whole log file anyway.
    What do you guys think ?

  35. #35
    Join Date
    2013-Mar
    Location
    localhost
    Posts
    41
    nice brother thank's
    r00tv.org
    moosy.org
    telegram @bondbenz

Similar Threads

  1. Questions about Yamas.SH and Kali Install?
    By HackBox in forum General Archive
    Replies: 0
    Last Post: 2015-08-11, 03:28
  2. working Mitm automated script
    By scorpoin in forum General Archive
    Replies: 2
    Last Post: 2014-06-26, 00:51
  3. Replies: 19
    Last Post: 2013-08-15, 23:42

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •