Morpheus - tcp/udp scripting syntax (warn.sh auxiliary script)

[r00t-3xp10it]

Description of warn.sh morpheus auxiliary script

  This script will sound a BEEP IF the 'sellected event' its found ..
  The objective of this script its to assist morpheus tool to sound warnings (beep sounds)
  everytime the sellected event its trigged. HOW? cd /root/morpheus/bin && ./warn.sh

  In this case the 'event' will be the creation of Filter output: 'beep-warning.beep'
  logfile, that warn.sh script its searching (in logs folder) to emitt one sound warning
  to framework users (BEEP). It also deletes the logfile to allow the loop funtion to
  trigger another warning if the event its trigger again ..

Press this link if you desire to view the warn.sh sourcecode (optional | not needed)

Where is located the 'warn.sh' auxiliary script?

  ../morpheus/bin/warn.sh

In what situation do we use it?

  Everytime we need a morpheus filter rule to trigger one sound warning 

Can you tell me more about it?

  Morpheus uses warn.sh auxiliary script in module [17] DHCP discovery (auto)..

  But morpheus users can trigger the warn.sh auxiliary by simple add a rule
  in 'morpheus scripting console' terminal windows to write beep-warning.beep
  logfile in logs folder thats going to trigger warn.sh sound warnings ..

what 'rule' do we need to add to filter?

• The bellow API searchs inside captured packet for string: facebook
  a) The "if (search()" API its required in filter to be abble to call the 2º API that builds logs
  b) Most filters in morpheus framework, contains the "if (search()" API allready ..

  if (search(DATA.data, "facebook")) {
  

• The below API writes beep-warning.beep file in morpheus/logs
  "IF the string 'facebook' is found inside captured tcp/udp packet"

  log(DATA.data, "./beep-warning.beep");
  

• WARNING: The log(DATA() API requires the: if (search(DATA() API present.

Now that i have added the rules to my filter how can we trigger warn.sh?

• Open a new terminal windows and execute the follow command:

  cd /root/morpheus/bin && ./warn.sh
  

• Close morpheus scripting console terminal windows (save the changes)
  Press [ctrl+x] + Press [y] + Press [enter] to save filter changes
  Morpheus framework will then start mitm + dns_spoof + filter

• And have fun with events triggering a sound warning..

---

STEP-BY-STEP HOW TO

Improving "Block cpu crypto-minning" module filter to use warn.sh alerts ..

• 1º - run ./morpheus.sh and chose option [ 18 ]
• 2º - Add the follow rule into morpheus scripting console terminal windows
  
  WARNING: This only trigger a sound in "coinhive" events found
• 3º - start warn.sh auxiliary script (open new terminal and execute)
  
  warn.sh auxiliary script running ..
  
• 4º - Close morpheus scripting console (save changes to filter)
  Press [ctrl+x] + Press [y] + Press [enter]
  

All working together (morpheus + filter + warn.sh)..

• 5º - Press [ctrl+c] in warn.sh to stop it
• 6º - Press [q] in morpheus to stop arp poison

Final notes:

Remmenber that changing the filters of morpheus using the 'morpheus scripting console' will NOT make the changes permanent in filter.. (the filter will be reverted to is original state when the attack stops)