zoukankan      html  css  js  c++  java
  • Python Ethical Hacking

    ARPSPOOF_DETECTOR

    Watch value for gateway mac in the arp table

    Nice and simple, but will not detect an attack if the tool is executed after the attack.

    Analyze "is-at" ARP responses:

    Check if IP is gateway IP.

    Check if source mac is actually the gateway's mac.

    This method will detect attacks even if the attack was launched before the execution of the tool.

    #!/usr/bin/env python
    
    import scapy
    from scapy.layers.l2 import ARP
    from scapy.sendrecv import sniff
    
    
    def sniff(interface):
        scapy.sendrecv.sniff(iface=interface, store=False, prn=process_sniffed_packet)
    
    
    def process_sniffed_packet(packet):
        if packet.haslayer(ARP) and packet[ARP].op == 2:
            print(packet.show())
    
    
    sniff("eth0")

    Update the Python code to detect the real attack!

    #!/usr/bin/env python
    
    import scapy
    from scapy.layers.l2 import ARP, Ether
    from scapy.sendrecv import sniff, srp
    
    
    def get_mac(ip):
        arp_request = ARP(pdst=ip)
        broadcast = Ether(dst="ff:ff:ff:ff:ff:ff")
        arp_request_broadcast = broadcast / arp_request
        answered_list = srp(arp_request_broadcast, timeout=1, verbose=False)[0]
    
        return answered_list[0][1].hwsrc
    
    
    def sniff(interface):
        scapy.sendrecv.sniff(iface=interface, store=False, prn=process_sniffed_packet)
    
    
    def process_sniffed_packet(packet):
        try:
            real_mac = get_mac(packet[ARP].psrc)
            response_mac = packet[ARP].hwsrc
            if real_mac != response_mac:
                print("[+] You are under attack!!")
        except IndexError:
            pass
    
    
    sniff("eth0")
    相信未来 - 该面对的绝不逃避,该执著的永不怨悔,该舍弃的不再留念,该珍惜的好好把握。
  • 相关阅读:
    swift NSComparator
    Java mac 上编写Java代码
    四舍五入、上取整、下取整
    数组排序
    删除xcode 里的多余证书
    启动画面 设置
    CGFloat Float 互转
    navigationController pop的几种方法
    iOS 获取键盘相关信息
    eclipse代码格式化
  • 原文地址:https://www.cnblogs.com/keepmoving1113/p/11601329.html
Copyright © 2011-2022 走看看