search

san3Xian / randomMark

用github repo做一些随记好了,内容在issues里。github page中仅为试验田🧪
https://qc47.net
4 stars 0 forks source link

[script]send fake gateway arp probe response to node #28

Open san3Xian opened 4 years ago

san3Xian commented 4 years ago

部分网络环境下交换机无法对src address 为0.0.0.0 的arp 报文(即ARP探针)做出应答 在这种情况下于另一个节点上执行脚本发送伪造arp response即可曲线救国

# !/usr/bin/env python3
# -*- coding: UTF-8 -*-

import os
import sys
import signal
from scapy.all import (
    get_if_hwaddr,   # 获取本机网络接口的函数
    getmacbyip,      # 通过IP地址获取其Mac地址的函数
    ARP,             # 构造ARP数据包
    Ether,           # 构造以太网数据包
    sendp            # 在第二层发送数据包
)

from optparse import OptionParser     #格式化用户输入的参数

def main():

    #自定义程序使用方法,当中的 %prog,optparse会以当前程序名的字符串来替代
    usage = 'Usage: %prog [-i interface] [--gateway gateway_ip] target'

    #创建一个 OptionParser 对象
    parser = OptionParser(usage)
    #add_option 来定义命令行参数
    parser.add_option('-i', dest='interface', help='Specify the interface to use')
    parser.add_option('--gateway',dest="gatewayip",help="gateway ip address")

    #调用optionparser的解析函数
    (options, args) = parser.parse_args()

    if len(args) != 1 or options.interface is None or options.gatewayip is None:
        parser.print_help()
        print("debug args:",len(args))
        print("debug ",options.interface)
        print("debug ",options.gatewayip)
        sys.exit(1)

    # For dce
    # get gateway mac address
    gw_mac = getmacbyip(options.gatewayip)
    print("gateway ip address is:{}, mac address is: {}".format(options.gatewayip, gw_mac))
    target_mac = getmacbyip(args[0])
    print("arp probe response to {} {}".format("0.0.0.0", target_mac))
    if target_mac is None:
       print("[-] Error: Could not resolve targets MAC address")
       sys.exit(1)

    #响应包
    def build_rep(): 
        pkt = Ether(src=gw_mac, dst=target_mac) / ARP(hwsrc=gw_mac, psrc=options.gatewayip, hwdst=target_mac, pdst="0.0.0.0", op=2)
        return pkt

    pkt = build_rep()

    def quit(signum, frame):
        print('\nYou choose to stop me.')
        exit()
    signal.signal(signal.SIGINT, quit)

    while True:
        #在两次发送数据包之间有一定的时间间隔,使用inter选项,表示每隔2秒发送一个数据包
        sendp(pkt, inter=0.5, iface=options.interface)
        print("arp response sent to {} {}".format("0.0.0.0", target_mac))

if __name__ == '__main__':
    main()
san3Xian commented 4 years ago

极速面向搜索引擎改良,自动识别source mac address 没有检查有没有bug 慎用

# !/usr/bin/python
# -*- coding: UTF-8 -*-

import os
import sys
import signal
from scapy.all import (
    get_if_hwaddr,   # 获取本机网络接口的函数
    getmacbyip,      # 通过IP地址获取其Mac地址的函数
    ARP,             # 构造ARP数据包
    Ether,           # 构造以太网数据包
    sendp,           # 在第二层发送数据包
    sniff            # capture network traffic
)

from optparse import OptionParser     #格式化用户输入的参数

# build arp response package
def build_rep(src_ipaddr, src_mac, dst_ipaddr, dst_mac ):
   pkt = Ether(src=src_mac, dst=dst_mac) / ARP(hwsrc=src_mac, psrc=src_ipaddr, hwdst=dst_mac, pdst=dst_ipaddr, op=2)
   return pkt

def sniff_callback(package):
    global gw_mac
    print("get a arp probe package from {}".format(package.src))
    pkt = build_rep(src_ipaddr=package.pdst, src_mac=gw_mac, dst_ipaddr=package.psrc, dst_mac=package.hwsrc)
    sendp(pkt, inter=0, iface=options.interface)

def quit(signum, frame):
        print('\nYou choose to stop me.')
        exit()

def main():

    #自定义程序使用方法,当中的 %prog,optparse会以当前程序名的字符串来替代
    usage = 'Usage: %prog [-i interface] [--gateway gateway_ip]'

    #创建一个 OptionParser 对象
    parser = OptionParser(usage)
    #add_option 来定义命令行参数
    parser.add_option('-i', dest='interface', default="dce-br", help='Specify the interface to use')
    parser.add_option('--gateway',dest="gatewayip",help="gateway ip address")

    global options
    (options, args) = parser.parse_args()

    signal.signal(signal.SIGINT, quit)

    if options.interface is None or options.gatewayip is None:
        parser.print_help()
        print("[debug]interface value is  ",options.interface)
        print("[debug]gateway ip value is ",options.gatewayip)
        sys.exit(1)

    # get gateway mac address
    global gw_mac
    gw_mac = getmacbyip(options.gatewayip)
    print("gateway ip address is:{}, mac address is: {}".format(options.gatewayip, gw_mac)) 

    sniff_filter = "arp and src 0.0.0.0 and dst " + options.gatewayip
    sniff(iface=options.interface, filter=sniff_filter, prn=sniff_callback)

if __name__ == '__main__':
    main()