如何将Mac OS X En1接口置于监控器模式以与python3 scapy一起使用? [英] How can I put mac os x en1 interface into monitor mode to use with python3 scapy?
问题描述
在我的Mac上,无线接口是en1接口.我可以使用Mac的Airport应用程序将界面置于监视模式,但是当我使用python 3时,它不能与scapy模块一起使用.
On my mac the wireless interface is the en1 interface. I can put the interface into monitor mode using mac's airport application but then it doesn't work with the scapy module when i use python 3. How can i make this work?
预先感谢
ifconfig输出
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
options=3<RXCSUM,TXCSUM>
inet6 ::1 prefixlen 128
inet 127.0.0.1 netmask 0xff000000
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
nd6 options=1<PERFORMNUD>
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
stf0: flags=0<> mtu 1280
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=10b<RXCSUM,TXCSUM,VLAN_HWTAGGING,AV>
nd6 options=1<PERFORMNUD>
media: autoselect (none)
status: inactive
fw0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 4078
lladdr 00:3e:e1:ff:fe:0f:0a:4a
nd6 options=1<PERFORMNUD>
media: autoselect <full-duplex>
status: inactive
en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet6 fe80::7ed1:c3ff:fe6e:eeda%en1 prefixlen 64 scopeid 0x6
inet 192.168.1.2 netmask 0xffffff00 broadcast 192.168.1.255
nd6 options=1<PERFORMNUD>
media: autoselect
status: active
en2: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
options=60<TSO4,TSO6>
media: autoselect <full-duplex>
status: inactive
p2p0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 2304
media: autoselect
status: inactive
awdl0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1452
inet6 fe80::18b8:64ff:fec8:85%awdl0 prefixlen 64 scopeid 0x9
nd6 options=1<PERFORMNUD>
media: autoselect
status: active
bridge0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=63<RXCSUM,TXCSUM,TSO4,TSO6>
Configuration:
id 0:0:0:0:0:0 priority 0 hellotime 0 fwddelay 0
maxage 0 holdcnt 0 proto stp maxaddr 100 timeout 1200
root id 0:0:0:0:0:0 priority 0 ifcost 0 port 0
ipfilter disabled flags 0x2
member: en2 flags=3<LEARNING,DISCOVER>
ifmaxaddr 0 port 7 priority 0 path cost 0
nd6 options=1<PERFORMNUD>
media: <unknown type>
status: inactive
用于检测数据包的Python脚本(使用机场将en1置于mon模式后)
from scapy.all import *
def pktIdentifier(pkt):
if pkt.haslayer(Dot11Beacon):
print ("[+] Detected 802.11 Beacon Frame")
elif pkt.haslayer(Dot11ProbeReq):
print ("[+] Detected 802.11 Probe Frame")
elif pkt.haslayer(TCP):
print ("[+] Detected TCP Packet")
elif pky.haslayer(UDP):
print ("[+] Detected UDP Packet")
conf.iface = 'en1'
sniff(prn=pktIdentifier)
配置路由的输出
Network Netmask Gateway Iface Output IP
0.0.0.0 0.0.0.0 192.168.0.1 en1 192.168.0.7
127.0.0.0 255.0.0.0 0.0.0.0 lo0 127.0.0.1
127.0.0.1 255.255.255.255 0.0.0.0 lo0 127.0.0.1
169.254.0.0 255.255.0.0 0.0.0.0 en1 192.168.0.7
192.168.0.0 255.255.255.0 0.0.0.0 en1 192.168.0.7
192.168.0.1 255.255.255.255 0.0.0.0 en1 192.168.0.7
192.168.0.1 255.255.255.255 0.0.0.0 en1 192.168.0.7
192.168.0.7 255.255.255.255 0.0.0.0 en1 192.168.0.7
192.168.0.255 255.255.255.255 0.0.0.0 en1 192.168.0.7
推荐答案
简短回答:您可以MonkeyPatch _PcapWrapper_pypcap类.下面提供了示例代码.
Short Answer: You could MonkeyPatch the _PcapWrapper_pypcap class. An example Code is provided below.
稍长一点的答案::在Mac OS X上,scapy通过libpcap嗅探接口.而不是调用 pcap_open_live ,而是调用 pcap_create , pcap_set_rfmon 和 pcap_activate (按此顺序).这会将界面设置为监视模式并开始捕获.我在scapy-python3(0.21)和macOS Sierra 10.12.6下测试了以下MonkeyPatch.确保您以管理员权限运行此代码.
Slightly Longer Answer: On Mac OS X scapy sniffs on interfaces through libpcap. Instead of calling pcap_open_live we call pcap_create, pcap_set_rfmon and pcap_activate (in this order). This will set the interface in monitor mode and start capturing. I tested the following MonkeyPatch under scapy-python3 (0.21) and macOS Sierra 10.12.6. Make sure you run this Code with admin rights.
from scapy.all import *
import scapy.arch.pcapdnet
from ctypes import POINTER, byref, create_string_buffer
from ctypes.util import find_library
class _PcapWrapper_pypcap_monkeypatched(scapy.arch.pcapdnet._PcapWrapper_pypcap):
def __init__(self, device, snaplen, promisc, to_ms):
self.errbuf = create_string_buffer(PCAP_ERRBUF_SIZE)
self.iface = create_string_buffer(device.encode('ascii'))
#self.pcap = pcap_open_live(self.iface, snaplen, promisc, to_ms, self.errbuf)
STRING = c_char_p
_lib_name = find_library("pcap")
if not _lib_name:
raise OSError("Cannot fine libpcap.so library")
_lib=CDLL(_lib_name)
pcap_create = _lib.pcap_create
pcap_create.restype = POINTER(pcap_t)
pcap_create.argtypes = [STRING, STRING]
pcap_set_rfmon = _lib.pcap_set_rfmon
pcap_set_rfmon.restype = c_int
pcap_set_rfmon.argtypes = [POINTER(pcap_t), c_int]
pcap_activate = _lib.pcap_activate
pcap_activate.restype = c_int
pcap_activate.argtypes = [POINTER(pcap_t)]
self.pcap = pcap_create(self.iface, self.errbuf)
pcap_set_rfmon(self.pcap, 1)
pcap_activate(self.pcap)
self.header = POINTER(pcap_pkthdr)()
self.pkt_data = POINTER(c_ubyte)()
self.bpf_program = bpf_program()
scapy.arch.pcapdnet._PcapWrapper_pypcap = _PcapWrapper_pypcap_monkeypatched
def pktIdentifier(pkt):
if pkt.haslayer(Dot11Beacon):
print("[+] Detected 802.11 Beacon Frame")
elif pkt.haslayer(Dot11ProbeReq):
print("[+] Detected 802.11 Probe Frame")
sniff(iface="en0", prn=pktIdentifier)
这篇关于如何将Mac OS X En1接口置于监控器模式以与python3 scapy一起使用?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
