This commit refactors ARP and DHCP poisoning:

DHCP poisoning now works on Windows, additionaly it's been optimized for performance improvements ARP poisoning has been optimized with and internal cache and some algo improvements cve-details-parser.py has been added to the utils/ directory to help adding exploits to the BrowserSniper config file I'm currently working on adding to the filepwn plugin all of the missing options that bdfproxy stand-alone has
2025-07-07 13:32:18 -07:00 · 2015-07-25 02:49:41 +02:00 · 2015-07-25 02:49:41 +02:00 · ba14ed8687
commit ba14ed8687
parent 5e2f30fb89
35 changed files with 1082 additions and 676 deletions
--- a/plugins/spoof.py
+++ b/plugins/spoof.py
@ -0,0 +1,115 @@
+# Copyright (c) 2014-2016 Marcello Salvati
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation; either version 3 of the
+# License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
+# USA
+#
+
+from plugins.plugin import Plugin
+
+class Spoof(Plugin):
+    name        = "Spoof"
+    optname     = "spoof"
+    desc        = "Redirect/Modify traffic using ICMP, ARP, DHCP or DNS"
+    version     = "0.6"
+    has_opts    = True
+
+    def initialize(self, options):
+        '''Called if plugin is enabled, passed the options namespace'''
+        self.options            = options
+        self.manualiptables     = options.manualiptables
+        self.protocol_instances = []
+
+        from core.utils import iptables, shutdown, set_ip_forwarding
+        #Makes scapy more verbose
+        debug = False
+
+        if options.arp:
+            if not options.gateway:
+                shutdown("[Spoof] --arp argument requires --gateway")
+
+            from core.poisoners.arp.ARPpoisoner import ARPpoisoner
+            arp = ARPpoisoner(options)
+            arp.debug = debug
+            self.tree_info.append('ARP spoofing enabled')
+            self.protocol_instances.append(arp)
+
+        elif options.dhcp:
+            from core.poisoners.dhcp.DHCPpoisoner import DHCPpoisoner
+
+            if options.targets:
+                shutdown("[Spoof] --targets argument invalid when DCHP spoofing")
+
+            dhcp = DHCPpoisoner(options, self.config['Spoof']['DHCP'])
+            dhcp.debug = debug
+            self.tree_info.append('DHCP spoofing enabled')
+            self.protocol_instances.append(dhcp)
+
+        elif options.icmp:
+            from core.poisoners.icmp.ICMPpoisoner import ICMPpoisoner
+
+            if not options.gateway:
+                shutdown("[Spoof] --icmp argument requires --gateway")
+
+            if not options.targets:
+                shutdown("[Spoof] --icmp argument requires --targets")
+
+            icmp = ICMPpoisoner(options)
+            icmp.debug = debug
+            self.tree_info.append('ICMP spoofing enabled')
+            self.protocol_instances.append(icmp)
+
+        if options.dns:
+            from core.servers.dns.DNSchef import DNSChef
+
+            self.tree_info.append('DNS spoofing enabled')
+            if not options.manualiptables:
+                if iptables().dns is False:
+                    iptables().DNS(self.config['MITMf']['DNS']['port'])
+
+        if not options.arp and not options.icmp and not options.dhcp and not options.dns:
+            shutdown("[Spoof] Spoof plugin requires --arp, --icmp, --dhcp or --dns")
+
+        set_ip_forwarding(1)
+
+        if not options.manualiptables:
+            if iptables().http is False:
+                iptables().HTTP(options.listen_port)
+
+        for protocol in self.protocol_instances:
+            protocol.start()
+
+    def options(self, options):
+        group = options.add_mutually_exclusive_group(required=False)
+        group.add_argument('--arp', dest='arp', action='store_true', help='Redirect traffic using ARP spoofing')
+        group.add_argument('--icmp', dest='icmp', action='store_true', help='Redirect traffic using ICMP redirects')
+        group.add_argument('--dhcp', dest='dhcp', action='store_true', help='Redirect traffic using DHCP offers')
+        options.add_argument('--dns', dest='dns', action='store_true', help='Proxy/Modify DNS queries')
+        options.add_argument('--shellshock', type=str, metavar='PAYLOAD', dest='shellshock', help='Trigger the Shellshock vuln when spoofing DHCP, and execute specified command')
+        options.add_argument('--gateway', dest='gateway', help='Specify the gateway IP')
+        options.add_argument('--targets', dest='targets', help='Specify host/s to poison [if ommited will default to subnet]')
+        options.add_argument('--ignore', dest='ignore', help='Specify host/s not to poison')
+        options.add_argument('--arpmode',type=str, dest='arpmode', default='rep', choices=["rep", "req"], help=' ARP Spoofing mode: replies (rep) or requests (req) [default: rep]')
+
+    def on_shutdown(self):
+        from core.utils import iptables, set_ip_forwarding
+
+        for protocol in self.protocol_instances:
+            if hasattr(protocol, 'stop'):
+                protocol.stop()
+
+        if not self.manualiptables:
+            iptables().Flush()
+
+        set_ip_forwarding(0)