zoukankan      html  css  js  c++  java
  • Python Ethical Hacking

    ARPSPOOF_DETECTOR

    Watch value for gateway mac in the arp table

    Nice and simple, but will not detect an attack if the tool is executed after the attack.

    Analyze "is-at" ARP responses:

    Check if IP is gateway IP.

    Check if source mac is actually the gateway's mac.

    This method will detect attacks even if the attack was launched before the execution of the tool.

    #!/usr/bin/env python
    
    import scapy
    from scapy.layers.l2 import ARP
    from scapy.sendrecv import sniff
    
    
    def sniff(interface):
        scapy.sendrecv.sniff(iface=interface, store=False, prn=process_sniffed_packet)
    
    
    def process_sniffed_packet(packet):
        if packet.haslayer(ARP) and packet[ARP].op == 2:
            print(packet.show())
    
    
    sniff("eth0")

    Update the Python code to detect the real attack!

    #!/usr/bin/env python
    
    import scapy
    from scapy.layers.l2 import ARP, Ether
    from scapy.sendrecv import sniff, srp
    
    
    def get_mac(ip):
        arp_request = ARP(pdst=ip)
        broadcast = Ether(dst="ff:ff:ff:ff:ff:ff")
        arp_request_broadcast = broadcast / arp_request
        answered_list = srp(arp_request_broadcast, timeout=1, verbose=False)[0]
    
        return answered_list[0][1].hwsrc
    
    
    def sniff(interface):
        scapy.sendrecv.sniff(iface=interface, store=False, prn=process_sniffed_packet)
    
    
    def process_sniffed_packet(packet):
        try:
            real_mac = get_mac(packet[ARP].psrc)
            response_mac = packet[ARP].hwsrc
            if real_mac != response_mac:
                print("[+] You are under attack!!")
        except IndexError:
            pass
    
    
    sniff("eth0")
    相信未来 - 该面对的绝不逃避,该执著的永不怨悔,该舍弃的不再留念,该珍惜的好好把握。
  • 相关阅读:
    【核心算法1】双指针问题
    关于博客园主题
    正交工具allpairs使用
    postman设置变量
    WebDriver驱动下载地址
    MySQL语法基础
    异或
    测试——pytest库上手
    and 和 or 的语句运算
    爬虫——Scrapy中选择器的基本使用(转)
  • 原文地址:https://www.cnblogs.com/keepmoving1113/p/11601329.html
Copyright © 2011-2022 走看看