You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
186 lines
5.2 KiB
186 lines
5.2 KiB
Patch by Stefan Tomanek <stefan@pico.ruhr.de> for dsniff >= 2.4b1 to allow the use |
|
of of multiple targets. For some more information, please have a look to Debian bug |
|
ID #650751. |
|
|
|
--- dsniff-2.4/arpspoof.8 2013-12-20 20:40:36.000000000 +0100 |
|
+++ dsniff-2.4/arpspoof.8.arpspoof_multiple 2013-12-20 20:41:45.000000000 +0100 |
|
@@ -25,7 +25,7 @@ |
|
Specify the interface to use. |
|
.IP "\fB-t \fItarget\fR" |
|
Specify a particular host to ARP poison (if not specified, all hosts |
|
-on the LAN). |
|
+on the LAN). Repeat to specify multiple hosts. |
|
.IP "\fB\-r\fR" |
|
Poison both hosts (host and target) to capture traffic in both directions. |
|
(only valid in conjuntion with \-t) |
|
--- dsniff-2.4/arpspoof.c 2013-12-20 20:40:36.000000000 +0100 |
|
+++ dsniff-2.4/arpspoof.c.arpspoof_multiple 2013-12-20 20:50:34.000000000 +0100 |
|
@@ -27,11 +27,16 @@ |
|
#include "arp.h" |
|
#include "version.h" |
|
|
|
+struct host { |
|
+ in_addr_t ip; |
|
+ struct ether_addr mac; |
|
+}; |
|
+ |
|
extern char *ether_ntoa(struct ether_addr *); |
|
|
|
static libnet_t *l; |
|
-static struct ether_addr spoof_mac, target_mac; |
|
-static in_addr_t spoof_ip, target_ip; |
|
+static struct host spoof = {0}; |
|
+static struct host *targets; |
|
static char *intf; |
|
static int poison_reverse; |
|
|
|
@@ -133,30 +138,46 @@ |
|
return (0); |
|
} |
|
|
|
+static int arp_find_all() { |
|
+ struct host *target = targets; |
|
+ while(target->ip) { |
|
+ if (arp_find(target->ip, &target->mac)) { |
|
+ return 1; |
|
+ } |
|
+ target++; |
|
+ } |
|
+ |
|
+ return 0; |
|
+} |
|
+ |
|
static void |
|
cleanup(int sig) |
|
{ |
|
- int fw = arp_find(spoof_ip, &spoof_mac); |
|
- int bw = poison_reverse && target_ip && arp_find(target_ip, &target_mac); |
|
+ int fw = arp_find(spoof.ip, &spoof.mac); |
|
+ int bw = poison_reverse && targets[0].ip && arp_find_all(); |
|
int i; |
|
|
|
fprintf(stderr, "Cleaning up and re-arping targets...\n"); |
|
for (i = 0; i < 5; i++) { |
|
- /* XXX - on BSD, requires ETHERSPOOF kernel. */ |
|
- if (fw) { |
|
- arp_send(l, ARPOP_REPLY, |
|
- (u_int8_t *)&spoof_mac, spoof_ip, |
|
- (target_ip ? (u_int8_t *)&target_mac : NULL), |
|
- target_ip); |
|
- /* we have to wait a moment before sending the next packet */ |
|
- sleep(1); |
|
- } |
|
- if (bw) { |
|
- arp_send(l, ARPOP_REPLY, |
|
- (u_int8_t *)&target_mac, target_ip, |
|
- (u_int8_t *)&spoof_mac, |
|
- spoof_ip); |
|
- sleep(1); |
|
+ struct host *target = targets; |
|
+ while(target->ip) { |
|
+ /* XXX - on BSD, requires ETHERSPOOF kernel. */ |
|
+ if (fw) { |
|
+ arp_send(l, ARPOP_REPLY, |
|
+ (u_int8_t *)&spoof.mac, spoof.ip, |
|
+ (target->ip ? (u_int8_t *)&target->mac : NULL), |
|
+ target->ip); |
|
+ /* we have to wait a moment before sending the next packet */ |
|
+ sleep(1); |
|
+ } |
|
+ if (bw) { |
|
+ arp_send(l, ARPOP_REPLY, |
|
+ (u_int8_t *)&target->mac, target->ip, |
|
+ (u_int8_t *)&spoof.mac, |
|
+ spoof.ip); |
|
+ sleep(1); |
|
+ } |
|
+ target++; |
|
} |
|
} |
|
|
|
@@ -171,10 +192,15 @@ |
|
char pcap_ebuf[PCAP_ERRBUF_SIZE]; |
|
char libnet_ebuf[LIBNET_ERRBUF_SIZE]; |
|
int c; |
|
+ int n_targets; |
|
|
|
+ spoof.ip = 0; |
|
intf = NULL; |
|
- spoof_ip = target_ip = 0; |
|
poison_reverse = 0; |
|
+ n_targets = 0; |
|
+ |
|
+ /* allocate enough memory for target list */ |
|
+ targets = calloc( argc+1, sizeof(struct host) ); |
|
|
|
while ((c = getopt(argc, argv, "ri:t:h?V")) != -1) { |
|
switch (c) { |
|
@@ -182,7 +208,7 @@ |
|
intf = optarg; |
|
break; |
|
case 't': |
|
- if ((target_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1) |
|
+ if ((targets[n_targets++].ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1) |
|
usage(); |
|
break; |
|
case 'r': |
|
@@ -198,12 +224,12 @@ |
|
if (argc != 1) |
|
usage(); |
|
|
|
- if (poison_reverse && !target_ip) { |
|
+ if (poison_reverse && !n_targets) { |
|
errx(1, "Spoofing the reverse path (-r) is only available when specifying a target (-t)."); |
|
usage(); |
|
} |
|
|
|
- if ((spoof_ip = libnet_name2addr4(l, argv[0], LIBNET_RESOLVE)) == -1) |
|
+ if ((spoof.ip = libnet_name2addr4(l, argv[0], LIBNET_RESOLVE)) == -1) |
|
usage(); |
|
|
|
if (intf == NULL && (intf = pcap_lookupdev(pcap_ebuf)) == NULL) |
|
@@ -212,14 +238,18 @@ |
|
if ((l = libnet_init(LIBNET_LINK, intf, libnet_ebuf)) == NULL) |
|
errx(1, "%s", libnet_ebuf); |
|
|
|
- if (target_ip != 0 && !arp_find(target_ip, &target_mac)) |
|
- errx(1, "couldn't arp for host %s", |
|
- libnet_addr2name4(target_ip, LIBNET_DONT_RESOLVE)); |
|
+ struct host *target = targets; |
|
+ while(target->ip) { |
|
+ if (target->ip != 0 && !arp_find(target->ip, &target->mac)) |
|
+ errx(1, "couldn't arp for host %s", |
|
+ libnet_addr2name4(target->ip, LIBNET_DONT_RESOLVE)); |
|
+ target++; |
|
+ } |
|
|
|
if (poison_reverse) { |
|
- if (!arp_find(spoof_ip, &spoof_mac)) { |
|
+ if (!arp_find(spoof.ip, &spoof.mac)) { |
|
errx(1, "couldn't arp for spoof host %s", |
|
- libnet_addr2name4(spoof_ip, LIBNET_DONT_RESOLVE)); |
|
+ libnet_addr2name4(spoof.ip, LIBNET_DONT_RESOLVE)); |
|
} |
|
} |
|
|
|
@@ -228,11 +258,15 @@ |
|
signal(SIGTERM, cleanup); |
|
|
|
for (;;) { |
|
- arp_send(l, ARPOP_REPLY, NULL, spoof_ip, |
|
- (target_ip ? (u_int8_t *)&target_mac : NULL), |
|
- target_ip); |
|
- if (poison_reverse) { |
|
- arp_send(l, ARPOP_REPLY, NULL, target_ip, (uint8_t *)&spoof_mac, spoof_ip); |
|
+ struct host *target = targets; |
|
+ while(target->ip) { |
|
+ arp_send(l, ARPOP_REPLY, NULL, spoof.ip, |
|
+ (target->ip ? (u_int8_t *)&target->mac : NULL), |
|
+ target->ip); |
|
+ if (poison_reverse) { |
|
+ arp_send(l, ARPOP_REPLY, NULL, target->ip, (uint8_t *)&spoof.mac, spoof.ip); |
|
+ } |
|
+ target++; |
|
} |
|
sleep(2); |
|
}
|
|
|