NOTE : THIS WON'T WORK ON GOOGLE'S SERVERS. EVER.
ARPSPOOF, SO FAR, SEEMS BROKEN. NOTHING TO DO WITH YAMAS.
USE ETTERCAP (-e) INSTEAD.
There are a lot of those scripts, hence the name : Yet Another Mitm Automation Script.
It was originally made for BT4r2, but has evolved since then and is now compatible with the latest Kali Linux.
I can't post the script here without raising some kind of warning due to the presence of certain words used for parsing sslstrip's logs, but please review the source at http://yamas.comax.fr
You will be able to view the source, download the script and view a demo video.
It works just great for me, so I hope it will for you too.
Current main features are :
- Real-time output of creds without definition files : any credential, from any website should show up, as well as the site it was used on ! That is, for unprotected websites, which means most. It won't work on Google's server, don't bother.
- Log parsing for user-friendly output.
- DNS spoofing once attack is launched
- Network mapping for host discovery.
- Can save dumped passwords to file as well as the whole log file.
- Support for multiple targets on the network, as well as adding targets after attack is launched.
- Sslstrip checking (existence, executable, directory)
- Standalone script, updatable, interactive (new !).
Please don't hesitate to give me your feedback, I'm always looking for new ideas, and ways to improve it !
Check http://comax.fr/yamas.php for more infos, video, other platform versions and an article about how to protect you from it !