TkkrLab:ARP Detector
From
Project status: Done Project members: Retrace, Bigred
ARP Detector is a program that looks for ARP spoofers in the network with ettercap and sends a signal to a Beacon when a spoofer is detected.
Hardware
We used a Beacon thats connect to a serial port.
Software
Python 2.7 Ettercap pyserial
Code
import sys import subprocess from serial import Serial import os from time import sleep uid = os.getuid() err = sys.stderr.write def main(argv): if not 0 == uid: sys.exit(err("This script must be run as root for the time beeing!\n")) elif len(argv) != 2: sys.exit(err("Usage: python %s <Serial Interface>\n" % (argv[0],))) def arpbuster(): ettercap = subprocess.Popen("ettercap -i eth0 -TQP arp_cop //" , shell=True, stdout=subprocess.PIPE) while 1: inPut = ettercap.stdout.readline() inPut = inPut.split(' ') serial.setDTR(False) for msg in inPut: if msg == "(WARNING)": ettercap.stdout.close() return "True" if __name__ == "__main__": main(sys.argv) serial = Serial(sys.argv[1], 9600) serial.setDTR(False) while 1: if arpbuster() == "True": serial.setDTR(True) sleep(20) sys.exit()