ARP Poisoning Using Python (Python for Hackers Part - 12)

If you are a hacker, one of the things that you will want to ensure is your anonymity. You will want to make sure that your location is untraceable, and that is because of a good number or reasons. For the sake of practicing white hat hacking, you will want to learn how programmers are able to mask their location especially when they perform reconnaissance attacks or DoS attacks, which makes use of the Internet Protocol and see to it that you check your traffic from time to time to see if your activities are being listened to by an unknown IP address. At the same time, you may also want to protect yourself from being targeted by black hat hackers by hiding your location.

To black hat hackers, IP spoofing essentially lets them conceal their identity and location whenever they perform their attack. Doing so will also allow them to impersonate another computer system and defeat existing security measures which may require authentication based on their IP addresses. 

One of the attacks that makes use of using falsified IP is called ARP spoofing, which involves sending a false Address Resolution Protocol (ARP) message over a targeted local area network. When done successfully, an attacker’s MAC address gains the IP address of an authorized computer over the targeted network. This will allow an attacker to modify or stop all traffic, or intercept data sent over the network. Using the following code, you can catch all packets that are routed towards a targeted machine, which entails being able to see all the information that a targeted user sends out, which allows you to view private communication that is not protected by any form of encryption.

Find Information About the Targete Machine

To find out how you can hack your target, you will need to check the ARP cache on the machine that you want to attack. To inspect for the ARP cache on a Windows machine, take a look at this example:

You will notice that the target’s default gateway IP address is at 172.16.1.254 and has an ARP cache entry with the MAC address 3c-ea-4f-2b-41-f9. Take note of this to check the ARP cache while you have an ongoing attack and verify that you have changed the MAC address that corresponds to the gateway.

Code the Attack

Now that you know the target’s IP address and the gateway, you can now create your code. Your code should look like this:

Code the Poisoning

The code above sets up your attack by inputting the target IP address and the MAC address that goes with it using the get_mac function. You have also setup a packet sniffer that will capture traffic for your targeted machine. All that is left for you to do is to write these packets out to a PCAP file that you can pull up later using the Wireshark tool, or use an image carving script. Once that is done, you can call the function restore_target, which will allow you to put the network back to its original form before the attack happened.

Now that you are able to setup the hack, you are now ready to code the ARP poisoning. Put the following code above the code block that you read earlier: