This wiki has been archived and made read-only.
For up-to-date information about TkkrLab and it's projects please visit our main website at tkkrlab.nl.

TkkrLab:ARP Detector

From

Jump to: navigation, search

Project status: Done Project members: Retrace, Bigred

ARP Detector is a program that looks for ARP spoofers in the network with ettercap and sends a signal to a Beacon when a spoofer is detected.

Hardware


We used a Beacon thats connect to a serial port.

Software


Python 2.7 Ettercap pyserial

Code

import sys
import subprocess
from serial import Serial
import os
from time import sleep

uid = os.getuid()
err = sys.stderr.write

def main(argv):

        if not 0 == uid:
                sys.exit(err("This script must be run as root for the time beeing!\n"))

        elif len(argv) != 2:
                sys.exit(err("Usage: python %s <Serial Interface>\n" % (argv[0],)))

def arpbuster():

        ettercap = subprocess.Popen("ettercap -i eth0 -TQP arp_cop //" , shell=True, stdout=subprocess.PIPE)

        while 1:
                inPut = ettercap.stdout.readline()
                inPut = inPut.split(' ')
                serial.setDTR(False)

                for msg in inPut:
                        if msg == "(WARNING)":
                                ettercap.stdout.close()
                                return "True"

if __name__ == "__main__":
        main(sys.argv)

        serial = Serial(sys.argv[1], 9600)
        serial.setDTR(False)

        while 1:

                if arpbuster() == "True":
                        serial.setDTR(True)
                        sleep(20)
        sys.exit()