This tool is designed to work in step 3 of the Kill Chain. Once access to an internal network is established, the ARP spoofer will perform a man-in-the-middle attack by altering the flow of packets to/from the default gatway device/target machine.
This works by sending an unsolicited response ARP packet to both the default gateway machine and the target machine. This forces both of their tables to update with the attacker's information swapped for both machines.
Example of attack:
❗ I DO NOT AUTHORIZE THE USE OF THESE FILES TO PERFORM ILLEGAL OR UNAUTHORIZED ACTIVITIES. ALL TESTS MUST BE PERFORMED ON DEVICES THAT ARE OWNED BY THE TESTER OR WITH THE EXPRESS WRITTEN CONSENT OF THE SYSTEM OWNER(S).
- Will allow an attacker to become a MITM and from there multiple attacks can occur
- Will restore the default settings on the target after stopping the spoof
- To use the default functionality of this tool, an additional module will be required:
- This tool needs a Python interpreter, v3.6 or higher due to string interpolation
- The attacker machine can be a Windows, OSX, or Linux OS
- The target machine is designed to be a Windows machine, however this can be altered if needed
- CTRL + C is recognized by this tool as an 'exit' request and will stop the spoof/reset the target(s)
- I wrote this with Python 2.7 capabilities as well, I commented out that code to avoid errors running in Python3
rootdir:.
│ .gitignore
│ arp_spoofer.py
│ LICENSE
│ README.md
│ requirements.txt
Run the binary from the attacking machine to spoof both targets.
CTRL+C will stop the spoofing and reset the gateway/target ARP tables.