ARP

Spoofing

Group 4
 PYTHON-ARP SPOOFING
by:

Muhammad Hashim BSSE-FA18-051

Ali Raza BSSE-FA18-049
Ahmed Hassan BSSE-FA18-042
Bilal Afzal BSSE-FA18-017

In Partial Fulfillment of the Requirements for the Award of Degree of

BACHELOR OF SOFTWARE ENGINEERING

DEPARTMENT OF COMPUTER SCIENCE

Faculty of OF COMPUTER SCIENCE

The University of Faisalabad

2020
SUBJECT:
Data communication and computer network
SUBMITTED TO:
Dr .Sohail Jabba
ABSTRACT
ABSTRACT
For the first few decades of network existence, computer networks were used by
university researchers for sending e-mail and by corporate employees for sharing printers. With
the development of society, network technology is also constantly developing, and network
applications are gradually popularized. More and more computer users can access a lot of
information resources of global network system at home. Internet has become an integral part
of today’s world. However, network security also comes to our sight. There are tons of
protocols were used to establish these networks. But there are some precautions that we did not
consider. In this paper, we do some research and simulation about the Address Resolution
Protocol (ARP) and ARP spoofing to demonstrate some precautions in ARP
TABLE OF CONTENTS

TABLE OF CONTENTS
Python-ARP Spoofing ..................................................................................................... 2
Abstract .......................................................................................................................... 4
Table of Contents ........................................................................................................... 5
Table of figures .............................................................................................................. 6
Inroduction ..................................................................................................................... 7
ARP Spoofing Attacks ............................................................................................... 7
1.2.1 Packet filtering .............................................................................................. 7
1.2.2 Avoid trust relationships ............................................................................... 7
1.2.3 Use ARP spoofing detection software: ......................................................... 7
How is WORK? ............................................................................................................. 8
Arp-a ........................................................................................................................ 10
We write a python script for ARP spoofing in PyCharm editor. ............................. 11
Scapy: ....................................................................................................................... 11
Code ......................................................................................................................... 11
Frist enter the IP address of target ........................................................................... 12
Enter the IP address of router................................................................................... 12
Enter the MAC address of target ............................................................................. 13
Result ....................................................................................................................... 13
CONCLUSION ............................................................................................................ 15
REFERENCES ............................................................................................................ 16
TABLE OF FIGURES
TABLE OF FIGURES
Figure 1.1 typical network ............................................................................................ 8
Figure 2 arp spoofing ..................................................................................................... 9
Figure 3 hacker as router................................................................................................ 9
Figure 4 switch brodcast .............................................................................................. 10
Figure 5 ARP-a ............................................................................................................ 10
Figure 6.Code ............................................................................................................... 11
Figure 7.We scan here all the network with the help of NMAP .................................. 12
Figure 8.Frist enter the IP address of target ................................................................. 12
Figure 9.Enter the IP address of router ........................................................................ 13
Figure 10.Enter the MAC address of target ................................................................. 13
INRODUCTION
INRODUCTION

1.1 What is ARP ?

ARP spoofing is a type of attack in which a malicious actor sends

falsified ARP (Address Resolution Protocol) messages over a local area network. This results
in the linking of an attacker's MAC address with the IP address of a legitimate computer or
server on the network
ARP Spoofing Attacks
1.1.1 Denial-of-service attacks:
DoS attacks often leverage ARP spoofing to link
multiple IP addresses with a single target’s MAC address. As a result, traffic that is intended
for many different IP addresses will be redirected to the target’s MAC address, overloading the
target with traffic.
1.1.2 Session hijacking:
Session hijacking attacks can use ARP spoofing to steal
session IDs, granting attackers access to private systems and data. Man-in-the-middle attacks:
MITM attacks can rely on ARP spoofing to intercept and modify traffic between victims

1.2 ARP Spoofing Detection, Prevention and Protection

The following methods are recommended measures for detecting, preventing and
protecting against ARP spoofing attacks:

1.2.1 Packet filtering:

Packet filters inspect packets as they are transmitted across a
network. Packet filters are useful in ARP spoofing prevention because they are capable of
filtering out and blocking packets with conflicting source address information (packets from
outside the network that show source addresses from inside the network and vice-versa).

1.2.2 Avoid trust relationships:

Organizations should develop protocols that rely on trust
relationships as little as possible. Trust relationships rely only on IP addresses for
authentication, making it significantly easier for attackers to run ARP spoofing attacks when
they are in place.

1.2.3 Use ARP spoofing detection software:

There are many programs available that help
organizations detect ARP spoofing attacks. These programs work by inspecting and certifying
data before it is transmitted and blocking data that appears to be spoofed.
Use cryptographic network protocols: Transport Layer Security (TLS), Secure
Shell (SSH), HTTP Secure (HTTPS) and other secure communications protocols bolster ARP
spoofing attack prevention by encrypting data prior to transmission and authenticating data
when it is received.
HOW IS WORK

HOW IS WORK?
ARP spoofing, ARP cache poisoning, or ARP poison routing, is a technique by which
an attacker sends (spoofed) Address Resolution Protocol (ARP) messages onto a local area
network. Generally, the aim is to associate the attacker's MAC address with the IP address of
another host, such as the default gateway, causing any traffic meant for that IP address to be
sent to the attacker instead.
ARP spoofing may allow an attacker to intercept data frames on a network, modify the
traffic, or stop all traffic. Often the attack is used as an opening for other attacks, such as denial
of service, man in the middle, or session hijacking attacks.

Figure 1.1 typical network

HOW IS WORK

Figure 2 arp spoofing

Figure 3 hacker as router

HOW IS WORK

Figure 4 switch brodcast

Arp-a

Figure 5 ARP-a
HOW IS WORK

We write a python script for ARP spoofing in PyCharm editor.

• Here we use tools

• Python 3.8
• Kali Linux
• PyCharm

Scapy:
Scapy is a packet manipulation tool for computer networks, originally written in Python by
Philippe Biondi. It can forge or decode packets, send them on the wire, capture them, and match requests
and replies. It can also handle tasks like scanning, tracerouting, probing, unit tests, attacks, and network
discovery.

Code

Figure 6.Code
HOW IS WORK
We scan here all the network with the help of NMAP

Figure 7.We scan here all the network with the help of NMAP

Frist enter the IP address of target

Figure 8.Frist enter the IP address of target

Enter the IP address of router

HOW IS WORK

Figure 9.Enter the IP address of router

Enter the MAC address of target

Figure 10.Enter the MAC address of target

Result
HOW IS WORK
CONCLUSION

CONCLUSION
The ARP poisoning attack is an easy-to-perform attack that can cause serious damage
by leading up to a MitM or DoS attack in a LAN. Based on simulation of ARP spoofing, we
can conclude.
• ARP is vulnerable
• Even with state ARP, it is harder to poison the ARP cache
• Most attacks are launched in the same LAN
• Attacker can be man in the middle
REFERENCES

REFERENCES

• https://www.researchgate.net/publication/258744062_A_Proposal_for_a_Sche
ma_for_ARP_Spoofing_Protection
• http://www.sfu.ca/~cda39/Group1_ARP_Spoofing.pdf
• https://github.com/ammarx/ARP-spoofing/blob/master/src/mmattack.py
• https://www.veracode.com/security/arp-spoofing
• https://www.researchgate.net/publication/274340692_Detection_and_Preventi
on_of_ARP_Poisoning_Attack_using_Modified_ICMP_and_Voting