Class: BetterCap::Spoofers::Arp

Inherits:

Base

• Object
• Base
• BetterCap::Spoofers::Arp

Defined in:

lib/bettercap/spoofers/arp.rb

Overview

This class is responsible of performing ARP spoofing on the network.

Instance Method Summary

• #initialize ⇒ Arp constructor

  Initialize the BetterCap::Spoofers::Arp object.

• #send_spoofed_packet(saddr, smac, daddr, dmac) ⇒ Object

  Send a spoofed ARP reply to the target identified by the daddr IP address and dmac MAC address, spoofing the saddr IP address and smac MAC address as the source device.

• #start ⇒ Object

  Start the ARP spoofing.

• #stop ⇒ Object

  Stop the ARP spoofing, reset firewall state and restore targets ARP table.

Methods inherited from Base

available, get_by_name, inherited

Constructor Details

#initialize ⇒ Arp

Initialize the BetterCap::Spoofers::Arp object.

# File 'lib/bettercap/spoofers/arp.rb', line 19

def initialize
  @ctx          = Context.get
  @forwarding   = @ctx.firewall.forwarding_enabled?
  @spoof_thread = nil
  @sniff_thread = nil
  @capture      = nil
  @running      = false

  update_gateway!
end

Instance Method Details

#send_spoofed_packet(saddr, smac, daddr, dmac) ⇒ Object

Send a spoofed ARP reply to the target identified by the daddr IP address and dmac MAC address, spoofing the saddr IP address and smac MAC address as the source device.

# File 'lib/bettercap/spoofers/arp.rb', line 33

def send_spoofed_packet( saddr, smac, daddr, dmac )
  pkt = PacketFu::ARPPacket.new
  pkt.eth_saddr = smac
  pkt.eth_daddr = dmac
  pkt.arp_saddr_mac = smac
  pkt.arp_daddr_mac = dmac
  pkt.arp_saddr_ip = saddr
  pkt.arp_daddr_ip = daddr
  pkt.arp_opcode = 2

  @ctx.packets.push(pkt)
end

#start ⇒ Object

Start the ARP spoofing.

# File 'lib/bettercap/spoofers/arp.rb', line 47

def start
  Logger.debug "Starting ARP spoofer ( #{@ctx.options.spoof.half_duplex ? 'Half' : 'Full'} Duplex ) ..."

  stop() if @running
  @running = true

  if @ctx.options.spoof.kill
    Logger.warn "Disabling packet forwarding."
    @ctx.firewall.enable_forwarding(false) if @forwarding
  else
    @ctx.firewall.enable_forwarding(true) unless @forwarding
  end

  @sniff_thread = Thread.new { arp_watcher }
  @spoof_thread = Thread.new { arp_spoofer }
end

#stop ⇒ Object

Stop the ARP spoofing, reset firewall state and restore targets ARP table.

# File 'lib/bettercap/spoofers/arp.rb', line 65

def stop
  raise 'ARP spoofer is not running' unless @running

  Logger.debug 'Stopping ARP spoofer ...'

  @running = false
  begin
    @spoof_thread.exit
  rescue
  end

  Logger.debug "Restoring ARP table of #{@ctx.targets.size} targets ..."

  @ctx.targets.each do |target|
    if target.spoofable?
      5.times do
        spoof(target, true)
        sleep 0.3
      end
    end
  end

  Logger.debug "Resetting packet forwarding to #{@forwarding} ..."

  @ctx.firewall.enable_forwarding( @forwarding )
end