2020-2-capstone-design2 / 2017110275

Go to a project
Toggle navigation Toggle navigation pinning
이한솔
a01f1b63 1 parent 8d6370f7

add detection codes

Inline Side-by-side
Showing 18 changed files with 81 additions and 0 deletions
No preview for this file type
No preview for this file type
No preview for this file type
import os
import time
def ARPSpoofingDetection():
print("Check available hosts")
os.system("fping -g 192.168.0.0/24 1>/dev/null 2>/dev/null")
os.system("arp -a > arptable.txt")
ARPtable = open("arptable.txt", "r")
print("ARP Table below\n")
for line in ARPtable :
if line.find("incomplete") < 0 :
print(line)
ARPtable.seek(0)
Hosts = list()
for line in ARPtable :
# MAC Address
if line.find('.255') < 0 and line.find('incomplete') < 0 :
part = line.partition("at")
part = part[2]
part = part.rpartition("on")
MACAddress = part[0].rstrip().lstrip()
for i in Hosts :
if i == MACAddress :
print("**ARP Spoofing Detected**\n")
print(f"MAC Address : {MACAddress} \n")
Hosts.append(MACAddress)
while True :
ARPSpoofingDetection()
time.sleep(5)
from scapy.all import *
from scapy.arch.windows import get_windows_if_list
import sys
cnt = 0
def parse_packet(packet):
global cnt
if packet and packet.haslayer("UDP"):
payload = str(packet[UDP].payload)
if payload.find('octet') < 0:
pass
else:
a = payload.partition("octet")
a = a[0].rpartition('\\x01')
filename = a[2].partition('\\x00')
filename = filename[0]
print("Fuzzing with length ", len(filename))
if len(filename) == 209 :
print("error occurred")
sys.exit(1)
if len(filename) >= 190 :
cnt += 1
if cnt > 10 :
print("Fuzzing detected\n")
# udp = packet.getlayer('UDP')
# udp.show()
interfaces = get_windows_if_list()
#print(interfaces)
sniff(filter="udp port 69", iface=r'Ethernet0', prn=parse_packet)