ARP Poisoning
A prototype of an ARP poisoning program
Report Bug
·
Request Feature
Table of Contents
This cybersecurity project aims to emulate a classical Man in the Middle attack by ARP poisoning in a controlled environment. The goal is to be able to intercept the traffic between a client and a FTP server and to be able to read the packets sent by the client to the server and vice versa.
Since it's only a prototype, the poisoner isn't well hidden –actually, the target can see the changes when it occurs– and the poisoner only intercepts FTP packets.
The program is written in C++
Having Docker installed on your system and be able to run the docker compose command on your system
-
Clone the repo
$> git clone https://github.com/Link-Wolf/inquisitor.git -
Launch the containers
$> cd inquisitor $> make
-
From the poisoner
$> docker exec -it poisoner bash #> inquisitor [-v] IP_src MAC_src IP_target MAC_target
The
-v(verbose) option is used to display the packets sent and received by the program TheIP_srcandMAC_srcare the IP and MAC addresses of the FTP server TheIP_targetandMAC_targetare the IP and MAC addresses of the victim -
From the target
$> docker exec -it target bash #> ftp source > ls|get FILE|pwd|...
Source is the hostname of the FTP server FILE is the name of the file to download
In this example, the poisoner container intercepts the FTP packets at the moment the target tries to download a file named my_awesome_file.exe.
If you have a suggestion that would make this better, please fork the repo and create a pull request. You can also simply open an issue with the tag "enhancement". Don't forget to give the project a star! Thanks again!
- Fork the Project
- Create your Feature Branch (
git checkout -b feature/AmazingFeature) - Commit your Changes (
git commit -m 'Add some AmazingFeature') - Push to the Branch (
git push origin feature/AmazingFeature) - Open a Pull Request