MCPcopy Index your code
hub / github.com/secdev/scapy / arp_mitm

Function arp_mitm

scapy/layers/l2.py:897–1017  ·  view source on GitHub ↗

r"""ARP MitM: poison 2 target's ARP cache :param ip1: IPv4 of the first machine :param ip2: IPv4 of the second machine :param mac1: MAC of the first machine (optional: will ARP otherwise) :param mac2: MAC of the second machine (optional: will ARP otherwise) :param broadcast: if

(
    ip1,  # type: str
    ip2,  # type: str
    mac1=None,  # type: Optional[Union[str, List[str]]]
    mac2=None,  # type: Optional[Union[str, List[str]]]
    broadcast=False,  # type: bool
    target_mac=None,  # type: Optional[str]
    iface=None,  # type: Optional[_GlobInterfaceType]
    inter=3,  # type: int
)

Source from the content-addressed store, hash-verified

895
896@conf.commands.register
897def arp_mitm(
898 ip1, # type: str
899 ip2, # type: str
900 mac1=None, # type: Optional[Union[str, List[str]]]
901 mac2=None, # type: Optional[Union[str, List[str]]]
902 broadcast=False, # type: bool
903 target_mac=None, # type: Optional[str]
904 iface=None, # type: Optional[_GlobInterfaceType]
905 inter=3, # type: int
906):
907 # type: (...) -> None
908 r"""ARP MitM: poison 2 target's ARP cache
909
910 :param ip1: IPv4 of the first machine
911 :param ip2: IPv4 of the second machine
912 :param mac1: MAC of the first machine (optional: will ARP otherwise)
913 :param mac2: MAC of the second machine (optional: will ARP otherwise)
914 :param broadcast: if True, will use broadcast mac for MitM by default
915 :param target_mac: MAC of the attacker (optional: default to the interface's one)
916 :param iface: the network interface. (optional: default, route for ip1)
917
918 Example usage::
919
920 $ sysctl net.ipv4.conf.virbr0.send_redirects=0 # virbr0 = interface
921 $ sysctl net.ipv4.ip_forward=1
922 $ sudo iptables -t mangle -A PREROUTING -j TTL --ttl-inc 1
923 $ sudo scapy
924 >>> arp_mitm("192.168.122.156", "192.168.122.17")
925
926 Alternative usages:
927 >>> arp_mitm("10.0.0.1", "10.1.1.0/21", iface="eth1")
928 >>> arp_mitm("10.0.0.1", "10.1.1.2",
929 ... target_mac="aa:aa:aa:aa:aa:aa",
930 ... mac2="00:1e:eb:bf:c1:ab")
931
932 .. warning::
933 If using a subnet, this will first perform an arping, unless broadcast is on!
934
935 Remember to change the sysctl settings back..
936 """
937 if not iface:
938 iface = conf.route.route(ip1)[0]
939 if not target_mac:
940 target_mac = get_if_hwaddr(iface)
941
942 def _tups(ip, mac):
943 # type: (str, Optional[Union[str, List[str]]]) -> Iterable[Tuple[str, str]]
944 if mac is None:
945 if broadcast:
946 # ip can be a Net/list/etc and will be iterated upon while sending
947 return [(ip, "ff:ff:ff:ff:ff:ff")]
948 return [(x.query.pdst, x.answer.hwsrc)
949 for x in arping(ip, verbose=0, iface=iface)[0]]
950 elif isinstance(mac, list):
951 return [(ip, x) for x in mac]
952 else:
953 return [(ip, mac)]
954

Callers

nothing calls this directly

Calls 7

get_if_hwaddrFunction · 0.90
srploopFunction · 0.90
sendpFunction · 0.90
_tupsFunction · 0.85
EtherClass · 0.85
ARPClass · 0.85
routeMethod · 0.45

Tested by

no test coverage detected