-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathDefender_Code.py
62 lines (55 loc) · 3 KB
/
Defender_Code.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
import scapy.all as scapy
import netifaces
#This function is the same as the get_mac function in the attackers code, but we used it here in order to check if the mac address for a given ip is altered or not
def get_mac(ip):
arp_request = scapy.ARP(pdst=ip)
broadcast = scapy.Ether(dst="ff:ff:ff:ff:ff:ff")
arp_request_broadcast = broadcast/arp_request
answered_list = scapy.srp(arp_request_broadcast, timeout=5, verbose=False)[0]
if answered_list:
return answered_list[0][1].hwsrc
else:
return None
#Here, the sniff function is responsible for capturing the network packets for a specific interface (wlan0 in oir case), and it processes the captured
#packet according to the function we will introduce later which is process_sniffed_packet
def sniff(interface):
#Here, we specified that store=flase in order for scapy not to store the packets in the memory.
scapy.sniff(iface=interface, store=False, prn=process_sniffed_packet)
#This function inspects the network packets captured by the sniff function, so it checks for ARP reply packets, so it compares the real mac address
# of a device using get_mac, adn compares it to the claimed mac address of the arp reply.
def process_sniffed_packet(packet):
#if packet.haslayer(scapy.ARP) checks if the packet is an ARP packet
#if packet[scapy.ARP].op == 2 checks if it is a ARP reply packet
if packet.haslayer(scapy.ARP) and packet[scapy.ARP].op == 2:
real_mac = get_mac(packet[scapy.ARP].psrc)
response_mac = packet[scapy.ARP].hwsrc
#if there is no mac address returned, this may indicate a potential arp spoofing attack
if real_mac is None:
print(f"[!] ARP Spoofing detected!\n[!] Unable to retrieve real MAC address for {packet[scapy.ARP].psrc}")
#if the real mac is not the same as the response mac, then there is an arp spoofing attack taking place
elif real_mac != response_mac:
print(f"[!] ARP Spoofing detected!\n[!] Real MAC: {real_mac.upper()}, Fake MAC: {response_mac.upper()}")
#This function gets our ipv4 address (the defenders ip address)
def get_ip_address(interface):
addrs = netifaces.ifaddresses(interface)
if netifaces.AF_INET in addrs:
return addrs[netifaces.AF_INET][0]['addr']
else:
return None
#This function gets the mac address of our own local device we are monitoring
def get_mac_address(interface):
addrs = netifaces.ifaddresses(interface)
if netifaces.AF_LINK in addrs:
return addrs[netifaces.AF_LINK][0]['addr']
else:
return None
interface = "wlan0" # In our case, we use wlan0 because we are performing the attack in a wireless setup
ip_address = get_ip_address(interface)
mac_address = get_mac_address(interface)
if ip_address and mac_address:
print(f"[*] Defender IP Address: {ip_address}")
print(f"[*] Defender MAC Address: {mac_address.upper()}")
print("[*] Monitoring for ARP spoofing attacks...")
sniff(interface)
else:
print("Failed to retrieve IP address or MAC address.")