First of all, welcome back to my third blog and today I am going to introduce about ARP-Cache-Poisoning.Let’s talk about what ARP-Cache-Poisoning does in the real life scenario.As you probably familiar with OSI model you should have understood why actually ARP is necessary for all network engineers as well as for hackers because of that the TCP/IP protocol suit requires that logical internet protocol addresses (IP) be assigned to each device on a specific network for instance your home network or it can be your university or other places so with that being said an Ethernet LAN uses the physical address (MAC).
MAC addresses are permanently associated into a (NIC) which stands for network interface card for instance, a device uses TCP/IP on an Ethernet network and can easily find the MAC address of another endpoint based on the IP address with the (ARP) which stands for Address Resolution Protocol.
We can talk a lot of things about ARP and MAC address however, lets turn back to our topic :) lets make it fun with a Python script.
In a not so perfect world the attacker might be able to send ARP reply to your IP address it can be every seconds ARP packets to your computer or device this works because most operating systems (OS) do accept response packet from other devices which they actually never asked.And now as an example i will show you a script which makes it understandable for all ethical hackers:) lets dive in to it.
In order to run the script which will be represented you should have installed Scapy before however, if not you can simply type “pip install scapy” to being able to add this module into your script like so.
Once this module has been installed it and when it gives not error that means it runs and works perfectly:) so lets move forward.
ARP-CACHE-POISONING WITH PYTHON
I will show a script which is obviously written for the attack and keep in mind this blog is written for educational purposes only, I am not responsible for any malicious purposes or illegal activity.
Keep in your mind it is written in Python not in Python3 as you can see above so lets talk about what here goes.
Of course with help of Scapy module we just import scapy i wanted all the scapy library and modules from Scapy that’s being said we also construct packets consisting of an Ethernet() and an ARP() header. You would like to hijack all connections from your target with a (fake_ip) parameter, it is also important to note that you have to call sendp() instead of using send() because it must be sent packets on layer 2 and send not on layer 3 that is the reason why i set function sendp() oh yea the most importantly we did add “is-at” at fake_ip,op=”is-at” because that declares the packet as an ARP response.One last thing which you need to do is checking IP forwarding because your host should block the connection of the victim which we are not willing. Lastly, sys.argv() is the list of command-line arguments passed to the Python program, argv represents all the items that come along via the command line input.
This one must be 1 in order to enable it because as i mentioned previously we are not willing that the host blocks the victim’s connection.Don’t forget to check the settings such as IPtables, pf,ipfw or just disable it.
what you see above is the treat actor attacking the IP in order to know the MAC address.
And what you are going to see is One-way-man-in-the-middle
A computer that wants to get knowledge about an IP address asks with an ARP request. in the the next blog I am going to illustrate how it works and what you need to know before attacking the IP address and which shall wait for ARP request and sends a spoofed ARP response for every received request
For now thank you so much for reading this brief introduction and article.Please share your thought and opinion about this blog because for me is that important:)
please determine to follow and subscribe me on my YouTube channel for more content, CTF challenges and much more thus stay sharp:).
YouTube : https://youtube.com/TurkishHoodie
LinkedIn : https://www.linkedin.com/in/ahmetgöker