zoukankan      html  css  js  c++  java
  • Python Ethical Hacking

    ARPSPOOF_DETECTOR

    Watch value for gateway mac in the arp table

    Nice and simple, but will not detect an attack if the tool is executed after the attack.

    Analyze "is-at" ARP responses:

    Check if IP is gateway IP.

    Check if source mac is actually the gateway's mac.

    This method will detect attacks even if the attack was launched before the execution of the tool.

    #!/usr/bin/env python
    
    import scapy
    from scapy.layers.l2 import ARP
    from scapy.sendrecv import sniff
    
    
    def sniff(interface):
        scapy.sendrecv.sniff(iface=interface, store=False, prn=process_sniffed_packet)
    
    
    def process_sniffed_packet(packet):
        if packet.haslayer(ARP) and packet[ARP].op == 2:
            print(packet.show())
    
    
    sniff("eth0")

    Update the Python code to detect the real attack!

    #!/usr/bin/env python
    
    import scapy
    from scapy.layers.l2 import ARP, Ether
    from scapy.sendrecv import sniff, srp
    
    
    def get_mac(ip):
        arp_request = ARP(pdst=ip)
        broadcast = Ether(dst="ff:ff:ff:ff:ff:ff")
        arp_request_broadcast = broadcast / arp_request
        answered_list = srp(arp_request_broadcast, timeout=1, verbose=False)[0]
    
        return answered_list[0][1].hwsrc
    
    
    def sniff(interface):
        scapy.sendrecv.sniff(iface=interface, store=False, prn=process_sniffed_packet)
    
    
    def process_sniffed_packet(packet):
        try:
            real_mac = get_mac(packet[ARP].psrc)
            response_mac = packet[ARP].hwsrc
            if real_mac != response_mac:
                print("[+] You are under attack!!")
        except IndexError:
            pass
    
    
    sniff("eth0")
    相信未来 - 该面对的绝不逃避,该执著的永不怨悔,该舍弃的不再留念,该珍惜的好好把握。
  • 相关阅读:
    线程安全
    转 接口和抽象类 虚方法 有什么区别
    转 面向对象的三个基本特征
    转载 泛型
    遍历list,字典
    转 拉姆达表达式,委托、匿名方法、Lambda表达式的演进
    int byte转换
    委托,匿名方法
    带参数线程,不带参数线程
    const readonly
  • 原文地址:https://www.cnblogs.com/keepmoving1113/p/11601329.html
Copyright © 2011-2022 走看看