Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[script]send fake gateway arp probe response to node #28

Open
san3Xian opened this issue Jul 24, 2020 · 1 comment
Open

[script]send fake gateway arp probe response to node #28

san3Xian opened this issue Jul 24, 2020 · 1 comment
Labels
linux

Comments

@san3Xian
Copy link
Owner

san3Xian commented Jul 24, 2020
edited
Loading

部分网络环境下交换机无法对src address 为0.0.0.0 的arp 报文(即ARP探针)做出应答
在这种情况下于另一个节点上执行脚本发送伪造arp response即可曲线救国

# !/usr/bin/env python3
# -*- coding: UTF-8 -*-

import os
import sys
import signal
from scapy.all import (
    get_if_hwaddr,   # 获取本机网络接口的函数
    getmacbyip,      # 通过IP地址获取其Mac地址的函数
    ARP,             # 构造ARP数据包
    Ether,           # 构造以太网数据包
    sendp            # 在第二层发送数据包
)
 
from optparse import OptionParser     #格式化用户输入的参数
 
def main():
 
    #自定义程序使用方法,当中的 %prog,optparse会以当前程序名的字符串来替代
    usage = 'Usage: %prog [-i interface] [--gateway gateway_ip] target'
 
    #创建一个 OptionParser 对象
    parser = OptionParser(usage)
    #add_option 来定义命令行参数
    parser.add_option('-i', dest='interface', help='Specify the interface to use')
    parser.add_option('--gateway',dest="gatewayip",help="gateway ip address")
 
    #调用optionparser的解析函数
    (options, args) = parser.parse_args()
 
    if len(args) != 1 or options.interface is None or options.gatewayip is None:
        parser.print_help()
        print("debug args:",len(args))
        print("debug ",options.interface)
        print("debug ",options.gatewayip)
        sys.exit(1)

    # For dce
    # get gateway mac address
    gw_mac = getmacbyip(options.gatewayip)
    print("gateway ip address is:{}, mac address is: {}".format(options.gatewayip, gw_mac))
    target_mac = getmacbyip(args[0])
    print("arp probe response to {} {}".format("0.0.0.0", target_mac))
    if target_mac is None:
       print("[-] Error: Could not resolve targets MAC address")
       sys.exit(1)
 
    #响应包
    def build_rep(): 
        pkt = Ether(src=gw_mac, dst=target_mac) / ARP(hwsrc=gw_mac, psrc=options.gatewayip, hwdst=target_mac, pdst="0.0.0.0", op=2)
        return pkt
 
    pkt = build_rep()

    def quit(signum, frame):
        print('\nYou choose to stop me.')
        exit()
    signal.signal(signal.SIGINT, quit)

    while True:
        #在两次发送数据包之间有一定的时间间隔,使用inter选项,表示每隔2秒发送一个数据包
        sendp(pkt, inter=0.5, iface=options.interface)
        print("arp response sent to {} {}".format("0.0.0.0", target_mac))
 
if __name__ == '__main__':
    main()
@san3Xian
Copy link
Owner Author

极速面向搜索引擎改良,自动识别source mac address
没有检查有没有bug
慎用

# !/usr/bin/python
# -*- coding: UTF-8 -*-

import os
import sys
import signal
from scapy.all import (
    get_if_hwaddr,   # 获取本机网络接口的函数
    getmacbyip,      # 通过IP地址获取其Mac地址的函数
    ARP,             # 构造ARP数据包
    Ether,           # 构造以太网数据包
    sendp,           # 在第二层发送数据包
    sniff            # capture network traffic
)

from optparse import OptionParser     #格式化用户输入的参数

# build arp response package
def build_rep(src_ipaddr, src_mac, dst_ipaddr, dst_mac ):
   pkt = Ether(src=src_mac, dst=dst_mac) / ARP(hwsrc=src_mac, psrc=src_ipaddr, hwdst=dst_mac, pdst=dst_ipaddr, op=2)
   return pkt

def sniff_callback(package):
    global gw_mac
    print("get a arp probe package from {}".format(package.src))
    pkt = build_rep(src_ipaddr=package.pdst, src_mac=gw_mac, dst_ipaddr=package.psrc, dst_mac=package.hwsrc)
    sendp(pkt, inter=0, iface=options.interface)

def quit(signum, frame):
        print('\nYou choose to stop me.')
        exit()

def main():
 
    #自定义程序使用方法,当中的 %prog,optparse会以当前程序名的字符串来替代
    usage = 'Usage: %prog [-i interface] [--gateway gateway_ip]'
 
    #创建一个 OptionParser 对象
    parser = OptionParser(usage)
    #add_option 来定义命令行参数
    parser.add_option('-i', dest='interface', default="dce-br", help='Specify the interface to use')
    parser.add_option('--gateway',dest="gatewayip",help="gateway ip address")
 
    global options
    (options, args) = parser.parse_args()

    signal.signal(signal.SIGINT, quit)
 
    if options.interface is None or options.gatewayip is None:
        parser.print_help()
        print("[debug]interface value is  ",options.interface)
        print("[debug]gateway ip value is ",options.gatewayip)
        sys.exit(1)

    # get gateway mac address
    global gw_mac
    gw_mac = getmacbyip(options.gatewayip)
    print("gateway ip address is:{}, mac address is: {}".format(options.gatewayip, gw_mac)) 

    sniff_filter = "arp and src 0.0.0.0 and dst " + options.gatewayip
    sniff(iface=options.interface, filter=sniff_filter, prn=sniff_callback)
     
if __name__ == '__main__':
    main()

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
linux
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@san3Xian