def _packet_handler(self, pkt):
"""This method is called for each packet received through scapy's sniff function.
Incoming ARP requests are used to spoof involved devices.
Args:
pkt (str): Received packet via scapy's sniff (through socket.recv).
"""
try:
# when ARP request
if pkt[ARP].op == 1:
# packets intended for this machine (upribox)
if pkt[Ether].dst == self.ip.mac:
# incoming packets(that are sniffed): Windows correctly fills in the hwdst, linux (router) only 00:00:00:00:00:00
# this answers packets asking if we are the gateway (directly not via broadcast)
# Windows does this 3 times before sending a broadcast request
sendp(Ether(dst=pkt[Ether].src) / ARP(op=2, psrc=pkt[ARP].pdst, pdst=pkt[ARP].psrc, hwdst=pkt[ARP].hwsrc, hwsrc=self.ip.mac))
# broadcast request to gateway
elif pkt[Ether].dst.lower() == util.hex2str_mac(ETHER_BROADCAST) and (pkt[ARP].pdst == self.ip.gateway):
# pkt[ARP].psrc == self.gateway or
# spoof transmitter
packets = [Ether(dst=pkt[Ether].src) / ARP(op=2, psrc=pkt[ARP].pdst, pdst=pkt[ARP].psrc, hwsrc=self.ip.mac, hwdst=pkt[ARP].hwsrc)]
# some os didn't accept an answer immediately (after sending the first ARP request after boot
# so, send packets after some delay
threading.Timer(self._DELAY, sendp, [packets]).start()
# TODO gratuitous neighbor advertisements
except Exception as e:
self.logger.error("Failed to handle packet")
self.logger.exception(e)
def _packet_handler(self, pkt):
"""This method is called for each packet received through scapy's sniff function.
Incoming ARP requests are used to spoof involved devices.
Args:
pkt (str): Received packet via scapy's sniff (through socket.recv).
"""
# when ARP request
if pkt[ARP].op == 1:
# packets intended for this machine (upribox)
if pkt[Ether].dst == self.mac:
# incoming packets(that are sniffed): Windows correctly fills in the hwdst, linux (router) only 00:00:00:00:00:00
# this answers packets asking if we are the gateway (directly not via broadcast)
# Windows does this 3 times before sending a broadcast request
sendp(Ether(dst=pkt[Ether].src) / ARP(op=2, psrc=pkt[ARP].pdst, pdst=pkt[ARP].psrc, hwdst=pkt[ARP].hwsrc, hwsrc=self.mac))
# broadcast request to or from gateway
elif pkt[Ether].dst.lower() == util.hex2str_mac(ETHER_BROADCAST) and (pkt[ARP].psrc == self.gateway or pkt[ARP].pdst == self.gateway):
# spoof transmitter
packets = [Ether(dst=pkt[Ether].src) / ARP(op=2, psrc=pkt[ARP].pdst, pdst=pkt[ARP].psrc, hwsrc=self.mac, hwdst=pkt[ARP].hwsrc)]
# get mac address of original target
dest = self.gate_mac
if pkt[ARP].pdst != self.gateway:
# send arp request if destination was not the gateway
dest = util.get_mac(pkt[ARP].pdst, self.interface)
if dest:
# spoof receiver
packets.append(Ether(dst=dest) / ARP(op=2, psrc=pkt[ARP].psrc, hwsrc=self.mac, pdst=pkt[ARP].pdst, hwdst=dest))
# some os didn't accept an answer immediately (after sending the first ARP request after boot
# so, send packets after some delay
threading.Timer(self._DELAY, sendp, [packets]).start()
def _arp_handler(self, pkt):
""""This method is called for each incoming ARP packet received through scapy's sniff function.
Incoming ARP requests are used to spoof involved devices and add new devices
to the redis db. New devices are also added if ARP replies are received.
Args:
pkt (str): Received packet via scapy's sniff (through socket.recv).
"""
# when ARP request
if pkt[ARP].op == 1:
# packets intended for this machine (upribox)
if pkt[Ether].dst == self.ip.mac:
# incoming packets(that are sniffed): Windows correctly fills in the hwdst, linux (router) only 00:00:00:00:00:00
# this answers packets asking if we are the gateway (directly not via broadcast)
# Windows does this 3 times before sending a broadcast request
if not self.ip.redis.check_device_disabled(pkt[ARP].hwsrc):
sendp(
Ether(dst=pkt[Ether].src) / ARP(op=2,
psrc=pkt[ARP].pdst,
pdst=pkt[ARP].psrc,
hwdst=pkt[ARP].hwsrc,
hwsrc=self.ip.mac))
# add transmitting device to redis db
self.ip.redis.add_device(pkt[ARP].psrc, pkt[ARP].hwsrc)
# broadcast request to gateway
elif pkt[Ether].dst.lower() == util.hex2str_mac(
ETHER_BROADCAST) and (pkt[ARP].pdst == self.ip.gateway):
# pkt[ARP].psrc == self.gateway or
# spoof transmitter
packets = [
Ether(dst=pkt[Ether].src) / ARP(op=2,
psrc=pkt[ARP].pdst,
pdst=pkt[ARP].psrc,
hwsrc=self.ip.mac,
hwdst=pkt[ARP].hwsrc)
]
# add transmitting device to redis db
self.ip.redis.add_device(pkt[ARP].psrc, pkt[ARP].hwsrc)
# some os didn't accept an answer immediately (after sending the first ARP request after boot
# so, send packets after some delay
if not self.ip.redis.check_device_disabled(pkt[ARP].hwsrc):
threading.Timer(self._DELAY, sendp, [packets]).start()
else:
# ARP reply
# add transmitting device to redis db
if not self.ip.redis.check_device_disabled(pkt[ARP].hwsrc):
self.ip.redis.add_device(pkt[ARP].psrc, pkt[ARP].hwsrc)