-
Notifications
You must be signed in to change notification settings - Fork 0
Final Project
Justin Boyd edited this page Feb 7, 2024
·
1 revision
In the past few days, the HackRS company has been experiencing network connection issues, such as low bandwidth and disconnections. The IT team couldn’t find the cause of the issue, and the company decided to ask for your assistance.
You suspect the network is under an On-Path attack. As a Python script expert, you need to create a script that automatically identifies ARP Spoofing behavior on workstations.
In the first stage, the script should read a station’s ARP table and extract the address from it. The script should search for MAC duplications in table entries and log every ARP Spoofing event in the next stage.
- Plan a function that will extract the ARP table data from the machine. How can Python access this type of data? How should the data be saved for later use?
- Import the required modules for the program.
- Define a function that will handle the ARP table data extraction.
- Create three variables: one to store the ARP table data, another to store a list of the separated lines, and the third to store the final filtered data.
- Iterate over the lines and save the IP addresses and corresponding MAC addresses after data filtration. Only IP and MAC addresses should be saved in the third variable. Filter the rest of the data, such as the interface’s IP address or broadcast data.
- Plan a function that will identify MAC address duplication.
- Define a function to identify duplication in MAC addresses. The function should accept a parameter.
- Create a variable to store iterated MAC addresses for later comparison.
- Iterate over the recorded MAC addresses and compare them to the saved ones to identify duplications. Print a message that notifies when duplication is identified.
- The ARP extracting function passes the filtered data to the current function.
- Plan a function that will log every ARP Spoofing event and save it to a file.
- Define a function to handle ARP Spoofing event logging. The function should accept data regarding the event.
- Create a variable to store the date and time of the event.
- Save the logged data to a file.
- The ARP Spoof identification function passes a message to the log creator function.
- Add execution control to ensure the program is executed only if its file is directly executed.
- Open VirtualBox, select the Machine tab, click New…, and name the VM Kali Linux.
- Set the memory to 2048 MB for proper functionality. For enhanced functionality, you can use a higher setting (per the computer’s available resources).
- Select Create a virtual hard disk now in the next window and click Create.
- Select VHD for the hard disk file type and click Next.
- Select Dynamically allocated and click Next.
- Select the file location and set the storage size to 50 GB. If your computer does not have enough storage, you can set it to 20 GB.
- Right-click the Kali VM, select Settings…, and insert the Kali Linux ISO file into the drive.
- Run the virtual machine and select the live version.
- Open the terminal by clicking on it in the options on the left.
- Run the arpspoof -i eth0 -t command.
- Execute the script and note that a log was created.