mirror of
https://github.com/Ponce/slackbuilds
synced 2024-11-16 19:50:19 +01:00
f706b0bc33
Thanks to USUARIONUEVO for the report Signed-off-by: Matteo Bernardini <ponce@slackbuilds.org>
230 lines
6.6 KiB
Diff
230 lines
6.6 KiB
Diff
>From 21773ccf18a5fc49d35e510a8797b0a1e83858c4 Mon Sep 17 00:00:00 2001
|
|
From: Stefan Tomanek <stefan@pico.ruhr.de>
|
|
Date: Sun, 20 Nov 2011 21:32:53 +0100
|
|
Subject: [PATCH 3/3] arpspoof: allow selection of source hw address
|
|
|
|
In certain networks, sending with the wrong hardware source address can
|
|
jeopardize the network connection of the host running arpspoof. This
|
|
patch makes it possible to specify whether arpspoof should use the own
|
|
hardware address or the one of the real host when resetting the arp
|
|
table of the target systems; it is also possible to use both.
|
|
|
|
Signed-off-by: Stefan Tomanek <stefan@pico.ruhr.de>
|
|
---
|
|
arpspoof.8 | 9 +++++-
|
|
arpspoof.c | 90 ++++++++++++++++++++++++++++++++++++++++++-----------------
|
|
2 files changed, 72 insertions(+), 27 deletions(-)
|
|
---
|
|
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
|
|
|
|
--- a/arpspoof.8
|
|
+++ b/arpspoof.8
|
|
@@ -9,7 +9,7 @@
|
|
.na
|
|
.nf
|
|
.fi
|
|
-\fBarpspoof\fR [\fB\-i \fIinterface\fR] [\fB\-t \fItarget\fR] [\fB\-r\fR] \fIhost\fR
|
|
+\fBarpspoof\fR [\fB\-i \fIinterface\fR] [\fB\-c \fIown|host|both\fR] [\fB\-t \fItarget\fR] [\fB\-r\fR] \fIhost\fR
|
|
.SH DESCRIPTION
|
|
.ad
|
|
.fi
|
|
@@ -23,6 +23,13 @@
|
|
.SH OPTIONS
|
|
.IP "\fB-i \fIinterface\fR"
|
|
Specify the interface to use.
|
|
+.IP "\fB-c \fIown|host|both\fR"
|
|
+Specify which hardware address t use when restoring the arp configuration;
|
|
+while cleaning up, packets can be send with the own address as well as with
|
|
+the address of the host. Sending packets with a fake hw address can disrupt
|
|
+connectivity with certain switch/ap/bridge configurations, however it works
|
|
+more reliably than using the own address, which is the default way arpspoof
|
|
+cleans up afterwards.
|
|
.IP "\fB-t \fItarget\fR"
|
|
Specify a particular host to ARP poison (if not specified, all hosts
|
|
on the LAN). Repeat to specify multiple hosts.
|
|
--- a/arpspoof.c
|
|
+++ b/arpspoof.c
|
|
@@ -40,37 +40,36 @@
|
|
static char *intf;
|
|
static int poison_reverse;
|
|
|
|
+static uint8_t *my_ha = NULL;
|
|
+static uint8_t *brd_ha = "\xff\xff\xff\xff\xff\xff";
|
|
+
|
|
+static int cleanup_src_own = 1;
|
|
+static int cleanup_src_host = 0;
|
|
+
|
|
static void
|
|
usage(void)
|
|
{
|
|
fprintf(stderr, "Version: " VERSION "\n"
|
|
- "Usage: arpspoof [-i interface] [-t target] [-r] host\n");
|
|
+ "Usage: arpspoof [-i interface] [-c own|host|both] [-t target] [-r] host\n");
|
|
exit(1);
|
|
}
|
|
|
|
static int
|
|
-arp_send(libnet_t *l, int op, u_int8_t *sha,
|
|
- in_addr_t spa, u_int8_t *tha, in_addr_t tpa)
|
|
+arp_send(libnet_t *l, int op,
|
|
+ u_int8_t *sha, in_addr_t spa,
|
|
+ u_int8_t *tha, in_addr_t tpa,
|
|
+ u_int8_t *me)
|
|
{
|
|
int retval;
|
|
|
|
- if (sha == NULL &&
|
|
- (sha = (u_int8_t *)libnet_get_hwaddr(l)) == NULL) {
|
|
- return (-1);
|
|
- }
|
|
- if (spa == 0) {
|
|
- if ((spa = libnet_get_ipaddr4(l)) == -1)
|
|
- return (-1);
|
|
- }
|
|
- if (tha == NULL)
|
|
- tha = "\xff\xff\xff\xff\xff\xff";
|
|
-
|
|
+ if (!me) me = sha;
|
|
+
|
|
libnet_autobuild_arp(op, sha, (u_int8_t *)&spa,
|
|
tha, (u_int8_t *)&tpa, l);
|
|
- libnet_build_ethernet(tha, sha, ETHERTYPE_ARP, NULL, 0, l, 0);
|
|
+ libnet_build_ethernet(tha, me, ETHERTYPE_ARP, NULL, 0, l, 0);
|
|
|
|
fprintf(stderr, "%s ",
|
|
- ether_ntoa((struct ether_addr *)sha));
|
|
+ ether_ntoa((struct ether_addr *)me));
|
|
|
|
if (op == ARPOP_REQUEST) {
|
|
fprintf(stderr, "%s 0806 42: arp who-has %s tell %s\n",
|
|
@@ -129,7 +128,7 @@
|
|
/* XXX - force the kernel to arp. feh. */
|
|
arp_force(ip);
|
|
#else
|
|
- arp_send(l, ARPOP_REQUEST, NULL, 0, NULL, ip);
|
|
+ arp_send(l, ARPOP_REQUEST, NULL, 0, NULL, ip, NULL);
|
|
#endif
|
|
sleep(1);
|
|
}
|
|
@@ -156,17 +155,23 @@
|
|
int fw = arp_find(spoof.ip, &spoof.mac);
|
|
int bw = poison_reverse && targets[0].ip && arp_find_all();
|
|
int i;
|
|
+ int rounds = (cleanup_src_own*5 + cleanup_src_host*5);
|
|
|
|
fprintf(stderr, "Cleaning up and re-arping targets...\n");
|
|
- for (i = 0; i < 5; i++) {
|
|
+ for (i = 0; i < rounds; i++) {
|
|
struct host *target = targets;
|
|
while(target->ip) {
|
|
+ uint8_t *src_ha = NULL;
|
|
+ if (cleanup_src_own && (i%2 || !cleanup_src_host)) {
|
|
+ src_ha = my_ha;
|
|
+ }
|
|
/* XXX - on BSD, requires ETHERSPOOF kernel. */
|
|
if (fw) {
|
|
arp_send(l, ARPOP_REPLY,
|
|
(u_int8_t *)&spoof.mac, spoof.ip,
|
|
- (target->ip ? (u_int8_t *)&target->mac : NULL),
|
|
- target->ip);
|
|
+ (target->ip ? (u_int8_t *)&target->mac : brd_ha),
|
|
+ target->ip,
|
|
+ src_ha);
|
|
/* we have to wait a moment before sending the next packet */
|
|
sleep(1);
|
|
}
|
|
@@ -174,7 +179,8 @@
|
|
arp_send(l, ARPOP_REPLY,
|
|
(u_int8_t *)&target->mac, target->ip,
|
|
(u_int8_t *)&spoof.mac,
|
|
- spoof.ip);
|
|
+ spoof.ip,
|
|
+ src_ha);
|
|
sleep(1);
|
|
}
|
|
target++;
|
|
@@ -193,6 +199,7 @@
|
|
char libnet_ebuf[LIBNET_ERRBUF_SIZE];
|
|
int c;
|
|
int n_targets;
|
|
+ char *cleanup_src = NULL;
|
|
|
|
spoof.ip = 0;
|
|
intf = NULL;
|
|
@@ -202,7 +209,7 @@
|
|
/* allocate enough memory for target list */
|
|
targets = calloc( argc+1, sizeof(struct host) );
|
|
|
|
- while ((c = getopt(argc, argv, "ri:t:h?V")) != -1) {
|
|
+ while ((c = getopt(argc, argv, "ri:t:c:h?V")) != -1) {
|
|
switch (c) {
|
|
case 'i':
|
|
intf = optarg;
|
|
@@ -214,6 +221,9 @@
|
|
case 'r':
|
|
poison_reverse = 1;
|
|
break;
|
|
+ case 'c':
|
|
+ cleanup_src = optarg;
|
|
+ break;
|
|
default:
|
|
usage();
|
|
}
|
|
@@ -229,6 +239,29 @@
|
|
usage();
|
|
}
|
|
|
|
+ if (!cleanup_src || strcmp(cleanup_src, "own")==0) { /* default! */
|
|
+ /* only use our own hw address when cleaning up,
|
|
+ * not jeopardizing any bridges on the way to our
|
|
+ * target
|
|
+ */
|
|
+ cleanup_src_own = 1;
|
|
+ cleanup_src_host = 0;
|
|
+ } else if (strcmp(cleanup_src, "host")==0) {
|
|
+ /* only use the target hw address when cleaning up;
|
|
+ * this can screw up some bridges and scramble access
|
|
+ * for our own host, however it resets the arp table
|
|
+ * more reliably
|
|
+ */
|
|
+ cleanup_src_own = 0;
|
|
+ cleanup_src_host = 1;
|
|
+ } else if (strcmp(cleanup_src, "both")==0) {
|
|
+ cleanup_src_own = 1;
|
|
+ cleanup_src_host = 1;
|
|
+ } else {
|
|
+ errx(1, "Invalid parameter to -c: use 'own' (default), 'host' or 'both'.");
|
|
+ usage();
|
|
+ }
|
|
+
|
|
if ((spoof.ip = libnet_name2addr4(l, argv[0], LIBNET_RESOLVE)) == -1)
|
|
usage();
|
|
|
|
@@ -253,6 +286,10 @@
|
|
}
|
|
}
|
|
|
|
+ if ((my_ha = (u_int8_t *)libnet_get_hwaddr(l)) == NULL) {
|
|
+ errx(1, "Unable to determine own mac address");
|
|
+ }
|
|
+
|
|
signal(SIGHUP, cleanup);
|
|
signal(SIGINT, cleanup);
|
|
signal(SIGTERM, cleanup);
|
|
@@ -263,11 +300,12 @@
|
|
} else {
|
|
struct host *target = targets;
|
|
while(target->ip) {
|
|
- arp_send(l, ARPOP_REPLY, NULL, spoof.ip,
|
|
- (target->ip ? (u_int8_t *)&target->mac : NULL),
|
|
- target->ip);
|
|
+ arp_send(l, ARPOP_REPLY, my_ha, spoof.ip,
|
|
+ (target->ip ? (u_int8_t *)&target->mac : brd_ha),
|
|
+ target->ip,
|
|
+ my_ha);
|
|
if (poison_reverse) {
|
|
- arp_send(l, ARPOP_REPLY, NULL, target->ip, (uint8_t *)&spoof.mac, spoof.ip);
|
|
+ arp_send(l, ARPOP_REPLY, my_ha, target->ip, (uint8_t *)&spoof.mac, spoof.ip, my_ha);
|
|
}
|
|
target++;
|
|
}
|