Skip to content
Snippets Groups Projects
Commit 64b7affd authored by Sibidharan's avatar Sibidharan :speech_balloon:
Browse files

Initial commit

parents
No related branches found
No related tags found
No related merge requests found
__ ___ __ ____________
/ / / | / / / /_ __/ __ \
/ / / /| | / /_/ / / / / /_/ /
/ /___/ ___ |/ __ / / / / ____/
/_____/_/ |_/_/ /_/_/_/ /_/
/ | / __ \/ __ \
/ /| | / /_/ / /_/ /
/ ___ |/ _, _/ ____/
/_/__|_/_/ |_/_/_________________________
/ ___// | / / _/ ____/ ____/ ____/ __ \
\__ \/ |/ // // /_ / /_ / __/ / /_/ /
___/ / /| // // __/ / __/ / /___/ _, _/
/____/_/_|_/___/_/ __/_/ /_____/_/ |_|
LAHTP ARP Spoof Detector v0.1
This tool will sniff for ARP packets in the interface and can possibly detect if there is an ongoing ARP spoofing attack. This tool is still in a beta stage.
Available arguments:
----------------------------------------------------------
-h or --help: Print this help text.
-l or --lookup: Print the available interfaces.
-i or --interface: Provide the interface to sniff on.
-v or --version: Print the version information.
----------------------------------------------------------
Usage: ./arpsniffer -i <interface> [You can look for the available interfaces using -l/--lookup]
File added
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <pcap.h> // To invoke the libpcap library and use its functions.
#include <errno.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <time.h>
#include <netinet/if_ether.h>
#include <unistd.h>
//#include <libnotify/notify.h>
#define ARP_REQUEST 1 //ARP Request
#define ARP_RESPONSE 2 //ARP Response
typedef struct _arp_hdr arp_hdr;
struct _arp_hdr {
uint16_t htype; //Hardware type
uint16_t ptype; //Protocol type
uint8_t hlen; //Hardware address lenght (MAC)
uint8_t plen; //Protocol address length
uint16_t opcode; //Operation code (request or response)
uint8_t sender_mac[6]; //Sender hardware address
uint8_t sender_ip[4]; //Sender IP address
uint8_t target_mac[6]; //Target MAC address
uint8_t target_ip[4]; //Target IP address
};
void alert_spoof(char *ip, char *mac){
printf("\nAlert: Possible ARP Spoofing Detected. IP: %s and MAC: %s\n", ip, mac);
}
int print_available_interfaces(){
char error[PCAP_ERRBUF_SIZE];
pcap_if_t *interfaces, *temp;
int i = 0;
if(pcap_findalldevs(&interfaces, error) == -1){
printf("Cannot acquire the devices\n");
return -1;
}
printf("The available interfaces are: \n");
for(temp = interfaces; temp; temp=temp->next){
printf("#%d: %s\n", ++i, temp->name);
}
return 0;
}
void print_version(){
printf(" __ ___ __ ____________ \n");
printf(" / / / | / / / /_ __/ __ \\ \n");
printf(" / / / /| | / /_/ / / / / /_/ / \n");
printf(" / /___/ ___ |/ __ / / / / ____/ \n");
printf("/_____/_/ |_/_/ /_/_/_/ /_/ \n");
printf(" / | / __ \\/ __ \\ \n");
printf(" / /| | / /_/ / /_/ / \n");
printf(" / ___ |/ _, _/ ____/ \n");
printf("/_/__|_/_/ |_/_/_________________________ \n");
printf(" / ___// | / / _/ ____/ ____/ ____/ __ \\ \n");
printf(" \\__ \\/ |/ // // /_ / /_ / __/ / /_/ /\n");
printf(" ___/ / /| // // __/ / __/ / /___/ _, _/ \n");
printf("/____/_/_|_/___/_/ __/_/ /_____/_/ |_| \n");
printf("\nLAHTP ARP Spoof Detector v0.1\n");
printf("\nThis tool will sniff for ARP packets in the interface and can possibly detect if there is an ongoing ARP spoofing attack. This tool is still in a beta stage. \n");
}
void print_help(char *bin){
printf("\nAvailable arguments: \n");
printf("----------------------------------------------------------\n");
printf("-h or --help:\t\t\tPrint this help text.\n");
printf("-l or --lookup:\t\t\tPrint the available interfaces.\n");
printf("-i or --interface:\t\tProvide the interface to sniff on.\n");
printf("-v or --version:\t\tPrint the version information.\n");
printf("----------------------------------------------------------\n");
printf("\nUsage: %s -i <interface> [You can look for the available interfaces using -l/--lookup]\n", bin);
exit(1);
}
char* get_hardware_address(uint8_t mac[6]){
char *m = (char*)malloc(20*sizeof(char));
sprintf(m, "%02X:%02X:%02X:%02X:%02X:%02X", mac[0], mac[1], mac[2], mac[3], mac[4], mac[5]);
return m;
}
char* get_ip_address(uint8_t ip[4]){
char *m = (char*)malloc(20*sizeof(char));
sprintf(m, "%d.%d.%d.%d", ip[0], ip[1], ip[2], ip[3]);
return m;
}
int sniff_arp(char *device_name){
char error[PCAP_ERRBUF_SIZE];
pcap_t* pack_desc;
const u_char *packet;
struct pcap_pkthdr header;
struct ether_header *eptr; //net/ethernet.h
arp_hdr *arpheader = NULL;
int i;
u_char *hard_ptr;
char *t_mac, *t_ip, *s_mac, *s_ip;
int counter = 0;
time_t ct, lt;
long int diff = 0;
pack_desc = pcap_open_live(device_name, BUFSIZ, 0, 1, error);
if(pack_desc == NULL){
printf("%s\n", error);
print_available_interfaces();
return -1;
} else {
printf("Listening on %s...\n", device_name);
}
while(1){
packet = pcap_next(pack_desc, &header);
if(packet == NULL){
printf("Error: Cannot capture packet\n");
return -1;
} else {
eptr = (struct ether_header*) packet;
if (ntohs(eptr->ether_type) == ETHERTYPE_ARP){
ct = time(NULL);
diff = ct - lt;
printf("ct: %ld; Diff: %ld; Counter: %d\n",ct, diff, counter);
if(diff > 20){
counter = 0;
}
arpheader = (arp_hdr*)(packet+14);
printf("\nReceived an ARP packet with length %d\n", header.len);
printf("Received at %s", ctime((const time_t*) &header.ts.tv_sec));
printf("Ethernet Header Length: %d\n", ETHER_HDR_LEN);
printf("Operation Type: %s\n", (ntohs(arpheader->opcode) == ARP_REQUEST) ? "ARP Request" : "ARP Response");
s_mac = get_hardware_address(arpheader->sender_mac);
s_ip = get_ip_address(arpheader->sender_ip);
t_mac = get_hardware_address(arpheader->target_mac);
t_ip = get_ip_address(arpheader->target_ip);
printf("Sender MAC: %s\n", s_mac);
printf("Sender IP: %s\n", s_ip);
printf("Target MAC: %s\n", t_mac);
printf("Target IP: %s\n", t_ip);
printf("--------------------------------------------------------------");
counter++;
lt = time(NULL);
if(counter > 10){
alert_spoof(s_ip, s_mac);
}
}
}
}
return 0;
}
int main(int argc, char *argv[]){
if(access("/usr/bin/notify-send", F_OK) == -1){
printf("Missing dependencies: libnotify-bin\n");
printf("Please run: sudo apt-get install libnotify-bin");
printf("\n");
print_version();
exit(-1);
}
if(argc < 2 || strcmp("-h", argv[1]) == 0 || strcmp("--help", argv[1]) == 0){
print_version();
print_help(argv[0]);
} else if(strcmp("-v", argv[1]) == 0 || strcmp("--version", argv[1]) == 0){
print_version();
exit(1);
} else if(strcmp("-l", argv[1]) == 0 || strcmp("--lookup", argv[1]) == 0){
print_available_interfaces();
} else if(strcmp("-i", argv[1]) == 0 || strcmp("--interface", argv[1]) == 0){
if(argc < 3){
printf("Error: Please provide an interface to sniff on. Select from the following.\n");
printf("--------------------------------------------------------------------------\n");
print_available_interfaces();
printf("\nUsage: %s -i <interface> [You can look for the available interfaces using -l/--lookup]\n", argv[0]);
} else {
sniff_arp(argv[2]);
}
} else {
printf("Invalid argument.\n");
print_help(argv[0]);
}
return 0;
}
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment