ARPSPOOF_DETECTOR

Watch value for gateway mac in the arp table

Nice and simple, but will not detect an attack if the tool is executed after the attack.

Analyze "is-at" ARP responses:

Check if IP is gateway IP.

Check if source mac is actually the gateway's mac.

This method will detect attacks even if the attack was launched before the execution of the tool.

#!/usr/bin/env python

import scapy

from scapy.layers.l2 import ARP

from scapy.sendrecv import sniff

def sniff(interface):

    scapy.sendrecv.sniff(iface=interface, store=False, prn=process_sniffed_packet)

def process_sniffed_packet(packet):

    if packet.haslayer(ARP) and packet[ARP].op == 2:

        print(packet.show())

sniff("eth0")

Update the Python code to detect the real attack!

#!/usr/bin/env python

import scapy

from scapy.layers.l2 import ARP, Ether

from scapy.sendrecv import sniff, srp

def get_mac(ip):

    arp_request = ARP(pdst=ip)

    broadcast = Ether(dst="ff:ff:ff:ff:ff:ff")

    arp_request_broadcast = broadcast / arp_request

    answered_list = srp(arp_request_broadcast, timeout=1, verbose=False)[0]

    return answered_list[0][1].hwsrc

def sniff(interface):

    scapy.sendrecv.sniff(iface=interface, store=False, prn=process_sniffed_packet)

def process_sniffed_packet(packet):

    try:

        real_mac = get_mac(packet[ARP].psrc)

        response_mac = packet[ARP].hwsrc

        if real_mac != response_mac:

            print("[+] You are under attack!!")

    except IndexError:

        pass

sniff("eth0")

Python Ethical Hacking - ARPSpoof_Detector的更多相关文章

  1. Python Ethical Hacking - BACKDOORS(8)

    Cross-platform hacking All programs we wrote are pure python programs They do not rely on OS-specifi ...

  2. Python Ethical Hacking - ARP Spoofing

    Typical Network ARP Spoofing Why ARP Spoofing is possible: 1. Clients accept responses even if they ...

  3. Python Ethical Hacking - NETWORK_SCANNER(2)

    DICTIONARIES Similar to lists but use key instead of an index. LISTS List of values/elements, all ca ...

  4. Python Ethical Hacking - NETWORK_SCANNER(1)

    NETWORK_SCANNER Discover all devices on the network. Display their IP address. Display their MAC add ...

  5. Python Ethical Hacking - MAC Address & How to Change(3)

    SIMPLE ALGORITHM Goal  -> Check if MAC address was changed. Steps: 1. Execute and read ifconfig. ...

  6. Python Ethical Hacking - MAC Address & How to Change(2)

    FUNCTIONS Set of instructions to carry out a task. Can take input, and return a result. Make the cod ...

  7. Python Ethical Hacking - MAC Address & How to Change(1)

    MAC ADDRESS Media Access Control Permanent Physical Unique Assigned by manufacturer WHY CHANGE THE M ...

  8. Python Ethical Hacking - The Lab and Needed Software

    The Lab and Needed Software Attacker Machine - Kali Linux https://www.kali.org/ 1. Install the softw ...

  9. Python Ethical Hacking - Basic Concetion

    What is Hacking? Gaining unauthorized access. Hackers? 1.Black-hat Hackers 2.White-hat Hackers 3.Gre ...

随机推荐

  1. Java 源码刨析 - 线程的状态有哪些?它是如何工作的?

    线程(Thread)是并发编程的基础,也是程序执行的最小单元,它依托进程而存在. 一个进程中可以包含多个线程,多线程可以共享一块内存空间和一组系统资源,因此线程之间的切换更加节省资源.更加轻量化,也因 ...

  2. 0xC0000005: Access Violation -vc++6.0

    0xC0000005: Access Violation -vc++6.0 aps001,002,003创建的C:\SMW200DATA\DATA,内容是不一样的,不通用的.读取相关文件就会报错咯. ...

  3. Linux下搭建mysql

    [准备环境] Linux   centos7 [mysql安装步骤] 1.首先确定centos版本 cat /etc/redhat-release 2.yum安装 yum -y install mar ...

  4. 韩顺刚-tcp报文头协议详细分析第一包数据:序号是0,发送数据的长度是0,因为没有收到对端的数据,所以确认号是0, Syn的标志位设置成1,这里没有发送的数据,只发送TCP的20个字节的头部

    TCP报文段首部格式 大部分TCP报文头部都是20个字节,有的数据包要加上选项. 上面一行代表4个字节,源端口和目的端口都是2个字节. TCP协议是面向字节流的协议 TCP是一段一段分块的发送数据的 ...

  5. django drf 10大请求序列化方法

    ## 整体单改 路由层.模型层.序列化层不需要做修改,只需要处理视图层:views.py ```python"""1) 单整体改,说明前台要提供修改的数据,那么数据就需要 ...

  6. SpringMVC和Spring

    SpringMVC和Spring汇总 转载:https://www.cnblogs.com/doudouxiaoye/p/5693399.html 1. 为什么使用Spring ? 1). 方便解耦, ...

  7. vue全家桶(2.1)

    3.路由切换 3.1.vue-router路由切换 3.1.1.什么是前端路由 路由这个概念最先是后端出现的,发送不同的请求,后端根据请求的不同返回不同的资源,这个时候的url是和后端交互的,需要在后 ...

  8. 主线程用afxBeginThread()创建多个线程安全退出的办法

    HANDLE hand[]; CCriticalSection m_crisecoin; CEvent m_event; struct Student { int nNO; int nYear; CW ...

  9. html5中二进制对象Blob的使用——Blob与ArrayBuffer、TypeArray和String的相互转换

    在网页开发中遇到这样一个问题,在使用select的时候,想让里面的文字水平居中.首先想到的是text-align:center;但是发现在Chrome浏览器下不兼容,需要使用到text-align-l ...

  10. AT2272 [ARC066B] Xor Sum 题解

    题目连接:传送门 分析 这道题只看题目中给的样例是找不出规律的 所以我们可以打一下表 1, 2, 4, 5, 8, 10, 13, 14, 18 如果你还是没有看出什么规律的话,我们可以从OEIS上搜 ...