ARP spoofing is a malicious attack in which the hacker sends falsified ARP in a network. Every node in a connected network has an ARP table through which we identify the IP address and the MAC address of the connected devices.
What aim to send an ARP broadcast to find our desired IP which needs to be spoofed, and then spoof the gateway, as well as the target by updating their ARP Tables. This would enable the network packets sent by the target, to pass from our machine to the network gateway making the ARP spoof successful
To design a python script to create an ARP spoofer, we require the Scapy module. Scapy is a very powerful packet manipulation tool and library which is completely written in python
To install this module, open your terminal and type:
pip3 install scapy
The code demonstrated below requires python 3 to work. It is recommended to update your python to the latest version.
Steps to create ARP Spoofer:
- Get the IP address that we want to spoof
- Get the MAC address of the IP that we want to spoof
- Then create a spoofing packet using the ARP() function to set the target IP, Spoof IP and it’s MAC address that we found above.
- Start the spoofing
- Display the information of the numbers of packets sent
- Finally, re-set the ARP tables of the spoofed address to defaults after spoofing
Now we devise a function that returns us the MAC address of our desired IP address:
In this function get_mac(), whatever IP address is entered is used to create an arp_request using ARP() function and we set the broadcast mac address to “ff:ff:ff:ff:ff:ff” using the Ether function
We now need to join these into a single packet, therefore we use the / to do so.
The srp() function returns two lists of the IP address that responded to the packet and that didn’t respond. The MAC address that has the matching IP address that was requested would be stored in the hwsrc field. We return this MAC address to where the function was called. To get to know what are the fields offered by scapy you can also run the following command:
You would be greeted with the following available fields:
Now that we have made a function that gives us the desired MAC address, we would now proceed to create the function spoof() as follows:
This function takes two parameters i.e. the Target IP and The Spoofing IP. We use the ARP() function again to devise a packet that modifies the ARP table of the gateway and Target and use the send() function to start spoofing. You can set the verbose to False because the send function displays some default information that we do not require. You can tweak this option to get a better understanding.
Now we call the spoof function to start ARP Spoofing:
Now, unfortunately, the above code is only updating the ARP tables once. If we do not keep updating them continuously, then by default the Target’s ARP Table would correct itself to default.
Hence we modify this code:
But again this code does not display the numbers of packets sent, therefore we modify it again:
The above code would now properly function as expected, but there are still some things that are left incomplete. That includes the infinite loop this code would keep running if we don’t give it an interrupt to stop.
Hence the above code can be re-written:
The above code would run perfectly and would stop whenever it gets a Keyboard interrupt. This code is almost perfect, but we still have not re-updated the ARP tables back to their default values. Hence we can create a function to do that as follows:
Now that we have finally covered everything, the code for ARP Spoofing should look like this:
Now that you have designed the code successfully, its time to run and check whether it’s working:
Following is the screenshot of the Hacker Machine:
Following is the screenshot of the Victim Machine:
Here we can clearly see that the MAC address of Victim’s Gateway at 10.0.2.1 has clearly changed the second time. Therefore, we know that our code of ARP spoofing is successfully working.
Attention geek! Strengthen your foundations with the Python Programming Foundation Course and learn the basics.
To begin with, your interview preparations Enhance your Data Structures concepts with the Python DS Course. And to begin with your Machine Learning Journey, join the Machine Learning – Basic Level Course