Stefano Lorenzi

Stefano Lorenzi

IT Security Specialist

arpscanspoof a new tool for man in the middle attack

Lately, I wrote a hack tool in python to discover the machines in your network, and attack one of these machines with a “man in the middle” attack (MITM). This attack is possible in 99% of the network for an intrisic problem with ARP protocol (you can read this link http://en.wikipedia.org/wiki/ARP_spoofing).
Anyway, in the real world, when a pc surfs in the Internet, the route traffic is as follows

Internet

but with MITM attacks actual route is like this

MITM

but attacks are invisible to the target.

This tool is developed and tested only with linux operative system, and it needs a scapy installed in machine (but scapy it’s default installed in certtoolkit, Kali and BackBox distributions). I developed this tool only for demostration goal, and I do not take any responsibility for misuse of this tool.
In any case, it’s very easy to use this tool and it’s automated. For example, if your subnet is 192.168.1.0/24, you can get this command:

sudo python arpscanspoof -s 192.168.1.0/24 -r -m

the -r parameter is to resolve the name of the computer (you have to have a DNS service in your network), and -m parameter is for man in the middle attack.
In my case I have discover this machine

arpscanspoof

The tool discovered four machine in the network and the machine 192.168.1.254 is my home router and there isn’t DNS service.

Than, the tool asks which pc is my target that I want attack. for example, if I selected the first pc, the tool will poison the arp table of my gateway and the 192.168.1.8 pc. When the target machine goes to internet, it will give me the packet, and my pc will go forward to the packets on the router. When the router receives the data from internet, it will give me the data and my pc will go forward to the target. In this way i still the packet.

but, if you are in a rush, and you know the IP address that you want attack, you can get this command:

sudo python arpscanspoof -t IP_Target

you can download this tool from this link

https://github.com/BerghemHackLab/arpscanspoof

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>