Header Banner
Null Byte Logo
Null Byte
WonderHowTo Gadget Hacks Next Reality Null Byte
wonderhowto.mark.png
Cyber Weapons Lab Forum Metasploit Basics Facebook Hacks Password Cracking Top Wi-Fi Adapters Wi-Fi Hacking Linux Basics Mr. Robot Hacks Hack Like a Pro Forensics Recon Social Engineering Networking Basics Antivirus Evasion Spy Tactics MitM Advice from a Hacker
how to

How to Build a Man-in-the-Middle Tool with Scapy and Python

Jul 30, 2015 07:00 PM
Diagram illustrating a Man-in-the-Middle (MITM) attack, showing connections between a victim, an attacker, and a web server.

Man-in-the-Middle attacks can prove to be very useful, they allow us to do many things, such as monitoring, injection, and recon.

What Is a Man-in-the-Middle Attack?

Essentially, a man-in-the-middle attack is when an attacker places them self between two parties. This passes all data through the attacking system which allows the attacker to view the victims activity and perform some useful recon.

Diagram illustrating a man-in-the-middle (MITM) attack involving a victim, an attacker, and a web server.

Before we can do anything with a man-in-the-middle, we have to establish one. That is what we'll build here today, so, let's get started!

Just a Heads Up

We'll be defining functions throughout this script in order to use them later, the order in which we define the functions is NOT the order in which their events take place. I just wanted to clarify that before it caused confusion.

Importing Modules & Getting Input

The first thing we'll do in this script is import all our needed modules...

Code snippet demonstrating Python imports.

Of these modules, the most important is scapy. This lets us craft and send custom packets, which is what enables us to send the ARP responses. After we import these, we'll get some simple input form the user...

Python code snippet for network configuration and error handling.

Here we've asked the user for an interface, the victim IP address, and the router IP address. We've added an exception just in case the user doesn't want to continue. We've also enabled IP forwarding for the user so they don't have to do it.

Getting MAC Addresses

In order to properly create our ARP responses, we'll need the victim and router MAC addresses. We can do this by making ARP requests and returning the result...

Python code snippet for a function that finds the minimum value in a list.

In the above snippet of code we send an ARP request with the destination of the user's choice, we'll use this function later in our script.

Re-ARPing the Targets

Once our attack is over, we need to re-assign the target's addresses so they know where to send their information properly. If we don't do this than it will be very obvious that something has happened.

Code snippet for restoring targets and disabling IP forwarding.

In this function, we call our get-mac() function that we created earlier to find the MAC addresses. Once we have those it'll send replies out telling the systems where the other system is. We'll send each reply seven times for good measure. Once we've done that we'll disable IP forwarding for the user.

Tricking the Targets

The next function is the simplest one, yet the most important.

How to Build a Man-in-the-Middle Tool with Scapy and Python

This function simply sends a single ARP reply to each of the targets telling them that we are the other target, placing ourselves in between them.

Putting It All Together

Finally, we put it all together for the main function of our script...

Python code snippet for a network MAC address poisoning script.

Here, we try to get the victim and router MAC addresses, this is in case of failure. We don't want to send packets to one and not the other, so in the case that we can't find one of them, we disable IP forwarding and shut down the script. If we are able to get the MAC address then we can start sending our replies. We do this by making a while loop and sending another set of replies every 1.5 seconds. Once the user gives a keyboard interrupt (Control + C), we call the reARP() function to re-assign the targets and shut the script down.

Testing It Out

Now that have our script (Pastebin Here) we have to give it a test run to make sure it works.

Command line interface displaying network configuration prompts.

Navigate to your script and fire it up! I'll be entering "wlan0" as my desired interface, 10.0.0.7 as the victim IP, and 10.0.0.1 as my router IP.

Terminal commands related to network configuration and IP addressing.

We can see above that we've begun to send out our replies. Let's open up wireshark and take a look at them!

How to Build a Man-in-the-Middle Tool with Scapy and Python

We can see here that we are successfully sending our replies, we've officially established our man-in-the-middle! Now we just have to shut it down and make sure the shut down function works...

"Command line interface displaying network configuration and error messages."

We can see that the script went off without a hitch! We we're able to place ourselves between the targets and re-assign them once we were done.

Testing the Exceptions

In a script like this, it is very import that it knows when to stop, we need to test the exceptions to make sure they work in order to insure that no packets get sent out by mistake. Let's test the input exception first...

Command line interface displaying Python script execution and error messages.

Now let's test the MAC address resolution exception...

Terminal output showing network configuration errors and messages.

We can give the script a faulty victim IP so it wont be able to find a MAC address. Let's make sure it works for a faulty router IP as well...

Error message from a Python script related to network configuration.

So, there we have it. Our exceptions work like a charm!

Using Our MitM

Now that we have an established man-in-the-middle, we can run other tools on it. Such as urlsnarf to sniff the victims activity...

How to Build a Man-in-the-Middle Tool with Scapy and Python

We can see in the above urlsnarf result that our victim is actually browsing on none other than Null-Byte! That confirms that our script works as intended, we did it!

Feedback!

Let me know what you think in the comments below, if you have any questions ask away! I'm sure they'll answered one way or another. For any of you that missed the Pastebin link earlier, here it is.

Thank you for reading!

-Defalt

The next big software update for iPhone is coming sometime in April and will include a Food section in Apple News+, an easy-to-miss new Ambient Music app, Priority Notifications thanks to Apple Intelligence, and updates to apps like Mail, Photos, Podcasts, and Safari. See what else is coming to your iPhone with the iOS 18.4 update.

Related Articles

Comments

No Comments Exist

Be the first, drop a comment!