arp poisoning

Question

arp poisoning

topazbor opened this issue 9 years ago · 7 comments

Is there a way to use this module for arp poisoning?
I was looking for this method working with powershell

Answer 1 · 2016-02-10T02:03:07.000Z

It doesn't have anything ARP related at the moment. I haven't looked into adding ARP at all yet. Microsoft has some .net restrictions on what you can do with raw sockets. I'm not sure if another method would be needed. ARP poisoning would definitely be useful.

Answer 2 · 2016-02-10T15:35:33.000Z

can you give me a lead where to start for building such module? which apis I need to use? which packet I need to send over? how do I send them over Powershell
thanks

Answer 3 · 2016-02-11T03:02:18.000Z

I'd probably check out what can be done .NET's raw socket and protocol type:

https://msdn.microsoft.com/en-us/library/system.net.sockets.sockettype%28v=vs.110%29.aspx

https://msdn.microsoft.com/en-us/library/system.net.sockets.protocoltype%28v=vs.110%29.aspx

If you grab some packet captures from another ARP spoofing tool, it will give you a good idea of what you need to have your module send out.

There are some built-in anti-malware restrictions though with .NET's raw sockets. For example, you can't spoof an IP address on any of the workstation OSs. I'm not sure if they have anything that would impact ARP.

iphlpapi.dll has some ARP functions. I'm not sure if it's suitable for spoofing.

Outside of those, check to see what's been done on the C# side. There is this one:

http://www.codeproject.com/Articles/6579/Spoofing-the-ARP-Table-of-Remote-Computers-on-a-LA

It uses WinPCAP though.

Answer 4 · 2016-02-14T15:55:15.000Z

I tired to do that but no luck..
maybe you have something in mind"?

On Thu, Feb 11, 2016 at 5:02 AM, Kevin Robertson notifications@github.com
wrote:

I'd probably check out what can be done .NET's raw socket and protocol
type:

https://msdn.microsoft.com/en-us/library/system.net.sockets.sockettype%28v=vs.110%29.aspx

https://msdn.microsoft.com/en-us/library/system.net.sockets.protocoltype%28v=vs.110%29.aspx

If you grab some packet captures from another ARP spoofing tool, it will
give you a good idea of what you need to have your module send out.

There are some built-in anti-malware restrictions though with .NET's raw
sockets. For example, you can't spoof an IP address on any of the
workstation OSs. I'm not sure if they have anything that would impact ARP.

iphlpapi.dll has some ARP functions. I'm not sure if it's suitable for
spoofing.

Outside of those, check to see what's been done on the C# side. There is
this one:

http://www.codeproject.com/Articles/6579/Spoofing-the-ARP-Table-of-Remote-Computers-on-a-LA

It uses WinPCAP though.

—
Reply to this email directly or view it on GitHub
#4 (comment)
.

Answer 5 · 2016-02-15T23:59:10.000Z

I'd have to go through and try a few things. It's a great idea. If I come up with anything I'll update here.

Answer 6 · 2016-02-16T12:21:22.000Z

thanks for the help man!

On Tue, Feb 16, 2016 at 1:59 AM, Kevin Robertson notifications@github.com
wrote:

I'd have to go through and try a few things. It's a great idea. If I come
up with anything I'll update here.

—
Reply to this email directly or view it on GitHub
#4 (comment)
.

Answer 7 · 2016-02-25T07:45:46.000Z

any update on this issue?