Code for How to Detect ARP Spoof Attack using Scapy in Python Tutorial

detect_arpspoof.py

from scapy.all import Ether, ARP, srp, sniff, conf

def get_mac(ip):
    """
    Returns the MAC address of `ip`, if it is unable to find it
    for some reason, throws `IndexError`
    """
    p = Ether(dst='ff:ff:ff:ff:ff:ff')/ARP(pdst=ip)
    result = srp(p, timeout=3, verbose=False)[0]
    return result[0][1].hwsrc

def process(packet):
    # if the packet is an ARP packet
    if packet.haslayer(ARP):
        # if it is an ARP response (ARP reply)
        if packet[ARP].op == 2:
            try:
                # get the real MAC address of the sender
                real_mac = get_mac(packet[ARP].psrc)
                # get the MAC address from the packet sent to us
                response_mac = packet[ARP].hwsrc
                # if they're different, definitely there is an attack
                if real_mac != response_mac:
                    print(f"[!] You are under attack, REAL-MAC: {real_mac.upper()}, FAKE-MAC: {response_mac.upper()}")
            except IndexError:
                # unable to find the real mac
                # may be a fake IP or firewall is blocking packets
                pass

if __name__ == "__main__":
    import sys
    try:
        iface = sys.argv[1]
    except IndexError:
        iface = conf.iface
    sniff(store=False, prn=process, iface=iface)

Ethical Hacking with Python EBook - Tutorials - Top

New Tutorials

Crafting Dummy Packets with Scapy Using Python

How to Build a TCP Proxy with Python

How to Build a Custom Netcat with Python

3 Best Online AI Code Generators

How to Validate Credit Card Numbers in Python

Code for How to Detect ARP Spoof Attack using Scapy in Python Tutorial

Tags

New Tutorials

Popular Tutorials