Module: PacketGen::Utils
- Defined in:
- lib/packetgen/utils.rb,
lib/packetgen/utils/arp_spoofer.rb
Overview
Collection of some network utilities.
This module is not enabled by default. You need to:
require 'packetgen/utils'
Defined Under Namespace
Classes: ARPSpoofer
Constant Summary collapse
- ARP_FILTER =
'arp src %<ipaddr>s and ether dst %<hwaddr>s'
- MITM_FILTER =
'((ip src %<target1>s and not ip dst %<local_ip>s) or ' \ '(ip src %<target2>s and not ip dst %<local_ip>s) or ' \ '(ip dst %<target1>s and not ip src %<local_ip>s) or ' \ '(ip dst %<target2>s and not ip src %<local_ip>s)) ' \ 'and ether dst %<local_mac>s'
- ARP_PATH =
'/usr/sbin/arp'
- IP_PATH =
'/usr/bin/ip'
- ARP_LINE_RE =
/\((\d+\.\d+\.\d+\.\d+)\) at (([a-fA-F0-9]{2}:){5}[a-fA-F0-9]{2})(?: \[ether\])? on (\w+)/.freeze
- IP_LINE_RE =
/^(\d+\.\d+\.\d+\.\d+) dev (\w+) lladdr (([a-fA-F0-9]{2}:){5}[a-fA-F0-9]{2})/.freeze
Class Method Summary collapse
-
.arp(ipaddr, options = {}) ⇒ String?
Get MAC address from an IP address, or nil if this IP address is unknown on local network.
-
.arp_cache ⇒ Hash
Get local ARP cache.
-
.arp_spoof(target_ip, spoofed_ip, options = {}) ⇒ void
Do ARP spoofing on given IP address.
- .cache_from_arp_command(raw_cache = nil) ⇒ Object
- .cache_from_ip_command(raw_cache = nil) ⇒ Object
-
.mitm(target1, target2, options = {}) {|pkt| ... } ⇒ void
Man in the middle attack.
- .mitm_core(capture, target1, target2, my_mac) ⇒ Object
Class Method Details
.arp(ipaddr, options = {}) ⇒ String?
Get MAC address from an IP address, or nil if this IP address is unknown on local network.
87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 |
# File 'lib/packetgen/utils.rb', line 87 def self.arp(ipaddr, ={}) unless [:no_cache] local_cache = self.arp_cache return local_cache[ipaddr].first if local_cache.key?(ipaddr) end iface = [:iface] || PacketGen.default_iface timeout = [:timeout] || 1 my_hwaddr = Config.instance.hwaddr(iface) arp_pkt = Packet.gen('Eth', dst: 'ff:ff:ff:ff:ff:ff', src: my_hwaddr) .add('ARP', sha: Config.instance.hwaddr(iface), spa: Config.instance.ipaddr(iface), tpa: ipaddr) capture = Capture.new(iface: iface, timeout: timeout, max: 1, filter: ARP_FILTER % { ipaddr: ipaddr, hwaddr: my_hwaddr }) cap_thread = Thread.new { capture.start } sleep 0.1 arp_pkt.to_w(iface) cap_thread.join return if capture.packets.empty? capture.packets.each do |pkt| break pkt.arp.sha.to_s if pkt.arp.spa.to_s == ipaddr end end |
.arp_cache ⇒ Hash
Get local ARP cache
40 41 42 43 44 45 |
# File 'lib/packetgen/utils.rb', line 40 def self.arp_cache return self.cache_from_arp_command if File.exist?(ARP_PATH) return self.cache_from_ip_command if File.exist?(IP_PATH) {} end |
.arp_spoof(target_ip, spoofed_ip, options = {}) ⇒ void
Note:
This method is provided for test purpose.
This method returns an undefined value.
Do ARP spoofing on given IP address. Call to this method blocks. For more control, see ARPSpoofer class.
132 133 134 135 136 137 138 |
# File 'lib/packetgen/utils.rb', line 132 def self.arp_spoof(target_ip, spoofed_ip, ={}) interval = [:interval] || 1.0 as = ARPSpoofer.new(timeout: [:for_seconds], interval: interval, iface: [:iface]) as.start(target_ip, spoofed_ip, mac: [:mac]) as.wait end |
.cache_from_arp_command(raw_cache = nil) ⇒ Object
48 49 50 51 52 53 54 55 56 57 58 |
# File 'lib/packetgen/utils.rb', line 48 def self.cache_from_arp_command(raw_cache=nil) raw_cache ||= `#{ARP_PATH} -an` cache = {} raw_cache.split("\n").each do |line| match = line.match(ARP_LINE_RE) cache[match[1]] = [match[2], match[4]] if match end cache end |
.cache_from_ip_command(raw_cache = nil) ⇒ Object
61 62 63 64 65 66 67 68 69 70 71 |
# File 'lib/packetgen/utils.rb', line 61 def self.cache_from_ip_command(raw_cache=nil) raw_cache ||= `#{IP_PATH} neigh` cache = {} raw_cache.split("\n").each do |line| match = line.match(IP_LINE_RE) cache[match[1]] = [match[3], match[2]] if match end cache end |
.mitm(target1, target2, options = {}) {|pkt| ... } ⇒ void
Note:
This method is provided for test purpose.
This method returns an undefined value.
Man in the middle attack. Capture all packets between two peers on same local network.
167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 |
# File 'lib/packetgen/utils.rb', line 167 def self.mitm(target1, target2, ={}, &block) = { iface: PacketGen.default_iface }.merge() spoofer = Utils::ARPSpoofer.new() spoofer.add target1, target2, spoofer.add target2, target1, cfg = Config.instance my_mac = cfg.hwaddr([:iface]) capture = Capture.new(iface: [:iface], filter: MITM_FILTER % { target1: target1, target2: target2, local_ip: cfg.ipaddr([:iface]), local_mac: my_mac }) spoofer.start_all mitm_core(capture, target1, target2, my_mac, &block) spoofer.stop_all end |
.mitm_core(capture, target1, target2, my_mac) ⇒ Object
185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 |
# File 'lib/packetgen/utils.rb', line 185 def self.mitm_core(capture, target1, target2, my_mac) mac1 = arp(target1) mac2 = arp(target2) capture.start do |pkt| modified_pkt = yield pkt iph = modified_pkt.ip l2 = modified_pkt.is?('Dot11') ? modified_pkt.dot11 : modified_pkt.eth l2.src = my_mac l2.dst = if (iph.src == target1) || (iph.dst == target2) mac2 else # (iph.src == target2) || (iph.dst == target1) mac1 end modified_pkt.to_w(capture.iface) end end |