stackoom
  简体   繁体   中英

Failure in arp poisoning python (linux)

 原文  2014-09-23 21:13:20       python/ linux/ network-programming/ arp/ python-sockets

Question

Okay, so I'm running Ubunutu 14.04 LTS, and I'm trying to poison my own ARP Cache, by doing this,

my private IP address is 10.0.0.1 .

My phone's private IP address is 10.0.0.8 .

for this example only let's say my MAC address is axaxaxaxaxax .

I've wrote the following python code: 

from binascii import *  
from struct import *
import socket;


class ethernetframe:

    def __init__(self, destmac, srcmac, ethrtype):  

        self.destmac = unhexlify(destmac)
        self.srcmac = unhexlify(srcmac)
        self.ethrtype = unhexlify(ethrtype)


    def uniteframe(self, payload):
        frame = ''
        frame = frame + self.destmac
        frame = frame + self.srcmac
        frame = frame + self.ethrtype
        frame = frame + payload
        frame = frame + unhexlify("00000000")
        return frame



class arppacket:

    def __init__(self,opcode,srcmac,srcip,dstmac,dstip):

        if opcode == 1:
            dstmac = "000000000000"
            opcode = "0001"
        else:
            opcode = "0002"
        self.opcode = unhexlify(opcode)
        self.srcmac = unhexlify(srcmac)
        self.srcip = pack('!4B',srcip[0],srcip[1],srcip[2],srcip[3])
        self.dstmac = unhexlify(dstmac)
        self.dstip =  pack('!4B',dstip[0],dstip[1],dstip[2],dstip[3])

    def unitepacket(self):
        packet = ''
        packet = packet + "\x00\x01\x08\x00\x06\x04"
        packet = packet + self.opcode
        packet = packet + self.srcmac 
        packet = packet + self.srcip
        packet = packet + self.dstmac
        packet = packet + self.dstip
        return packet


e1 = ethernetframe("axaxaxaxaxax","axaxaxaxaxax","0800")
arp1 = arppacket(2,"axaxaxaxaxax",(10,0,0,8),"axaxaxaxaxax",(10,0,0,1))
arpacket = arp1.unitepacket()
fullethframe = e1.uniteframe(arpacket)

s = socket.socket(socket.AF_PACKET,socket.SOCK_RAW,socket.htons(0x0806))
s.bind(("eth0",0))
s.send(fullethframe)

now, I'm monitoring this whole process with Wireshark, the ARP packet is being send and it is formed correctly, In wire shark I see the following line:

10.0.0.8 is at axaxaxaxaxax

This means that I have successfully sent an ARP reply! to my own computer, stating that the MAC address that is resolved for 10.0.0.8 is axaxaxaxaxax since ARP cache automatically update if a reply is received REGARDLESS if a request was sent, this means that in my NIC driver's arp cache there should've been a line added stating that 10.0.0.8 is resolved with axaxaxaxaxax

however, when I run inside my ubunutu's terminal 

arp - a

or 

arp - an

it doesn't show up....., which means I've failed to poison my own ARP cache, any ideas how to fix this?

1 answers

solution1
 1  2014-09-23 21:19:53

Just a thought here - did you try 

arp -an

Without the -n, arp will try to do a reverse name lookup on the hostname(s).

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question ARP Poisoning with scapy: Failure to get target MAC packet forwarding while ARP poisoning Scapy arp poisoning not working for me Detect ARP poisoning using scapy Arp Spoofing/Poisoning not working/stopped working Make ARP request on python Python ARP scanner Detect ARP scan using python Python Scapy --arp request and response Python arp sniffing raw socket no reply packets
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM