Unprivileged spoofing with different IP address

Question

Unprivileged spoofing with different IP address

kograssmann opened this issue 3 years ago · 2 comments

Hi,

I tried to spoof LLMNR traffic using the C# Version of Inveigh and redirect the traffic to a Kali machine as an unprivileged user. As the sniffer is described as requiring privileges, I disabled it. When I do this Inveigh seems to always use the IP of the local Windows machine for spoofing.

I think the issue is in the following code from Support/Arguments.cs (line 249-262).

            if (!string.Equals(Program.argListenerIP, "0.0.0.0") && string.IsNullOrEmpty(Program.argSpooferIP))
                {
                    Program.argSpooferIP = Program.argListenerIP;
                }
                else
                {
                    Program.argSpooferIP = GetLocalIPAddress("IPv4");

                    if (string.IsNullOrEmpty(Program.argSpooferIP))
                    {
                        Program.enabledIPv4 = false;
                    }

                }

This code is entered, when the sniffer is disabled and seems to always set the SpooferIP to the LocalIPAddress. I was able to get my use case to work by commenting out Program.argSpooferIP = GetLocalIPAddress("IPv4");. Could you have a look at the code and possibly insert an additional statement here, that handles the case where the user supplies a custom SpooferIP as an argument?

Best regards

Answer 1 · 2021-07-09T13:35:06.000Z

Thanks! I'll get that fixed.

Answer 2 · 2021-07-11T23:19:45.000Z

This should be fixed now, thanks again for reporting it.