Packet Parsing/Injecting ARP Poisoner


http://www.ehacking.net/2013/12/packet-parsinginjecting-arp-poisoner.html
Individually poisons the ARP tables of the target box, the router and the DNS server if necessary. Does not poison anyone else on the network. Displays all most the interesting bits of their traffic and can inject custom html into pages they visit. Cleans up after itself.



LAN.py is a python script that has been developed to poison the ARP tables of the target computer. The tool has previously been tested on Kali Linux, the example has also mentioned below.

Requirement:


  • Linux (Kali recommended)
  • Scapy
  • Python nfqueue-bindings 0.4.3
  • Aircrack-ng
  • Python twisted
  • BeEF (optional)


If you are on Kali linux then you need not to worry about most of the prereqs except python-nfqueue.

To install this open your terminal and type:



apt-get install -y python-nfqueue



Copy the script from official website and then open any text editor, paste the script and save it to whatever.py Now open the terminal and locate the directory where u have saved the script before.



LANs.py ARP Poisoning Tutorial


Simplest usage (including active user targeting):

 

python LANs.py

Because there's no -ip option this will ARP scan the network, compare it to a live running promiscuous capture, and list all the clients on the network including their Windows netbios names along with how many data packets they're sending. so you can immediately target the active ones. The ability to capture data packets they send is very dependent on physical proximity and the power of your network card. then you can Ctrl-C and pick your target which it will then ARP spoof. Simple target identification and ARP spoofing.

Passive harvesting:

python LANs.py -u -d -p -ip 192.168.0.10

 

-u: prints URLs visited; truncates at 150 characters and filters image/css/js/woff/svg urls since they spam the output and are uninteresting
-d: open an xterm with driftnet to see all images they view
-p: print username/passwords for FTP/IMAP/POP/IRC/HTTP, HTTP POSTs made, all searches made, incoming/outgoing emails, and IRC messages sent/received; will also decode base64 if the email authentication is encrypted with it
-ip: target this IP address
Easy to remember and will probably be the most common usage of the script: options u, d, p, like udp/tcp.




Further more, share your thought regarding the tool and the usage.



Note: If you want to learn more about Linux and Windows based Penetration testing, you might want to subscribe our RSS feed and Email Subscription  or become our Facebook fan! You will get all the latest updates at both the places.