Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

arpspoof: introduce mesh poisoning

This change introduces mesh poisoning (-m); it eradicates the
distinction between targets and hosts being imitated and tries to
intercept all connections between specified hosts.
  • Loading branch information...
commit 95250d0e576d6fd4cc84ac624239a30caeda6cf1 1 parent 747f1d2
@wertarbyte authored
Showing with 21 additions and 4 deletions.
  1. +5 −2 arpspoof.8
  2. +16 −2 arpspoof.c
View
7 arpspoof.8
@@ -9,7 +9,7 @@ intercept packets on a switched LAN
.na
.nf
.fi
-\fBarpspoof\fR [-v] [\fB-i \fIinterface\fR] [\fB-c \fIown|host|both\fR] [\fB-s \fInetwork/prefixlength\fR] [\fB-t \fItarget\fR] [\fB-r\fR] \fIhost\fR
+\fBarpspoof\fR [-v] [\fB-i \fIinterface\fR] [\fB-c \fIown|host|both\fR] [\fB-s \fInetwork/prefixlength\fR] [\fB-t \fItarget\fR] [\fB-m\fR] [\fB-r\fR] [\fIhosts...\fR]
.SH DESCRIPTION
.ad
.fi
@@ -41,8 +41,11 @@ locate active hosts in the network.
.IP "\fB-r\fR"
Poison both hosts (host and target) to capture traffic in both directions.
(only valid in conjuntion with -t)
+.IP "\fB-m\fR"
+Consider each host a potential target as well as a model to imitate; Poison the entire
+mesh, i.e. every possible connection between all hosts.
.IP \fIhost\fR
-Specify the host you wish to intercept packets for (usually the local
+Specify the host(s) you wish to intercept packets for (usually the local
gateway).
.SH "SEE ALSO"
dsniff(8), fragrouter(8)
View
18 arpspoof.c
@@ -50,6 +50,7 @@ static int n_hosts = 0;
static struct host *hosts;
static char *intf;
static int poison_reverse;
+static int poison_mesh;
static uint8_t *my_ha = NULL;
static uint8_t *brd_ha = "\xff\xff\xff\xff\xff\xff";
@@ -62,7 +63,7 @@ static void
usage(void)
{
fprintf(stderr, "Version: " VERSION "\n"
- "Usage: arpspoof [-v] [-i interface] [-c own|host|both] [-t target] [-s network/prefixlength] [-r] host\n");
+ "Usage: arpspoof [-v] [-i interface] [-c own|host|both] [-t target] [-s network/prefixlength] [-m] [-r] [hosts...]\n");
exit(1);
}
@@ -203,6 +204,7 @@ cleanup(int sig)
struct host *model = hosts;
for(;model->ip;model++) {
+ if (!(model->flags & HOST_ACTIVE)) continue;
int fw = arp_find(target->ip, &target->mac);
int bw = poison_reverse;
@@ -252,12 +254,13 @@ main(int argc, char *argv[])
intf = NULL;
poison_reverse = 0;
+ poison_mesh = 0;
n_hosts = 0;
/* allocate enough memory for target list */
hosts = calloc( argc+1, sizeof(struct host) );
- while ((c = getopt(argc, argv, "vri:s:t:c:h?V")) != -1) {
+ while ((c = getopt(argc, argv, "vrmi:s:t:c:h?V")) != -1) {
switch (c) {
case 'v':
verbose = 1;
@@ -276,6 +279,9 @@ main(int argc, char *argv[])
case 'r':
poison_reverse = 1;
break;
+ case 'm':
+ poison_mesh = 1;
+ break;
case 's':
scan_prefix = strchr(optarg, '/');
if (scan_prefix) {
@@ -334,6 +340,13 @@ main(int argc, char *argv[])
argv++;
}
+ if (poison_mesh) {
+ struct host *host = hosts;
+ for(;host->ip; host++) {
+ host->flags |= (HOST_TARGET|HOST_MODEL);
+ }
+ }
+
if (poison_reverse && active_targets() <= 0) {
errx(1, "Spoofing the reverse path (-r) is only available when specifying at least one target (-t/-s).");
usage();
@@ -394,6 +407,7 @@ main(int argc, char *argv[])
if (!(target->flags & HOST_ACTIVE)) continue;
struct host *model = hosts;
for (;model->ip; model++) {
+ if (!(model->flags & HOST_ACTIVE)) continue;
if (!(model->flags & HOST_MODEL)) continue;
if (target->ip != model->ip) {
arp_send(l, ARPOP_REPLY, my_ha, model->ip,
Please sign in to comment.
Something went wrong with that request. Please try again.