如何将mac os x en1接口置于监控模式以与python3 scapy一起使用?

时间:2015-07-16 16:40:06

标签: python macos python-3.x wireless scapy

在我的Mac上,无线接口是en1接口。我可以使用mac的机场应用程序将接口置于监控模式,但是当我使用python 3时它不能与scapy模块一起工作。我怎样才能使这个工作?

提前致谢

ifconfig输出 

gem 'doorkeeper-mongodb', github: 'doorkeeper-gem/doorkeeper-mongodb'

检测到数据包的Python脚本(使用机场将en1置于mon模式后) 

lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
    options=3<RXCSUM,TXCSUM>
    inet6 ::1 prefixlen 128 
    inet 127.0.0.1 netmask 0xff000000 
    inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1 
    nd6 options=1<PERFORMNUD>
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
stf0: flags=0<> mtu 1280
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
    options=10b<RXCSUM,TXCSUM,VLAN_HWTAGGING,AV>
    nd6 options=1<PERFORMNUD>
    media: autoselect (none)
    status: inactive
fw0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 4078
    lladdr 00:3e:e1:ff:fe:0f:0a:4a 
    nd6 options=1<PERFORMNUD>
    media: autoselect <full-duplex>
    status: inactive
en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
    inet6 fe80::7ed1:c3ff:fe6e:eeda%en1 prefixlen 64 scopeid 0x6 
    inet 192.168.1.2 netmask 0xffffff00 broadcast 192.168.1.255
    nd6 options=1<PERFORMNUD>
    media: autoselect
    status: active
en2: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
    options=60<TSO4,TSO6>
    media: autoselect <full-duplex>
    status: inactive
p2p0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 2304
    media: autoselect
    status: inactive
awdl0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1452
    inet6 fe80::18b8:64ff:fec8:85%awdl0 prefixlen 64 scopeid 0x9 
    nd6 options=1<PERFORMNUD>
    media: autoselect
    status: active
bridge0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
    options=63<RXCSUM,TXCSUM,TSO4,TSO6>
    Configuration:
        id 0:0:0:0:0:0 priority 0 hellotime 0 fwddelay 0
        maxage 0 holdcnt 0 proto stp maxaddr 100 timeout 1200
        root id 0:0:0:0:0:0 priority 0 ifcost 0 port 0
        ipfilter disabled flags 0x2
    member: en2 flags=3<LEARNING,DISCOVER>
            ifmaxaddr 0 port 7 priority 0 path cost 0
    nd6 options=1<PERFORMNUD>
    media: <unknown type>
    status: inactive

conf.route的输出 

from scapy.all import *

def pktIdentifier(pkt):
    if pkt.haslayer(Dot11Beacon):
        print ("[+] Detected 802.11 Beacon Frame")
    elif pkt.haslayer(Dot11ProbeReq):
        print ("[+] Detected 802.11 Probe Frame")
    elif pkt.haslayer(TCP):
        print ("[+] Detected TCP Packet")
    elif pky.haslayer(UDP):
        print ("[+] Detected UDP Packet")

conf.iface = 'en1'
sniff(prn=pktIdentifier)

3 个答案:

答案 0 :(得分:2)

简答:你可以使用MonkeyPatch _PcapWrapper_pypcap类。下面提供了一个示例代码。

稍长一点答案:在Mac OS X上scapy通过libpcap嗅探接口。我们不是调用 pcap_open_live ,而是调用 pcap_create pcap_set_rfmon pcap_activate (按此顺序)。这将把接口设置为监控模式并开始捕获。我在scapy-python3(0.21)和macOS Sierra 10.12.6下测试了以下MonkeyPatch。确保使用管理员权限运行此代码。

from scapy.all import *

import scapy.arch.pcapdnet
from ctypes import POINTER, byref, create_string_buffer
from ctypes.util import find_library

class _PcapWrapper_pypcap_monkeypatched(scapy.arch.pcapdnet._PcapWrapper_pypcap):
    def __init__(self, device, snaplen, promisc, to_ms):
        self.errbuf = create_string_buffer(PCAP_ERRBUF_SIZE)
        self.iface = create_string_buffer(device.encode('ascii'))

        #self.pcap = pcap_open_live(self.iface, snaplen, promisc, to_ms, self.errbuf)

        STRING = c_char_p

        _lib_name = find_library("pcap")
        if not _lib_name:
            raise OSError("Cannot fine libpcap.so library")
        _lib=CDLL(_lib_name)


        pcap_create = _lib.pcap_create
        pcap_create.restype = POINTER(pcap_t)
        pcap_create.argtypes = [STRING, STRING]

        pcap_set_rfmon = _lib.pcap_set_rfmon
        pcap_set_rfmon.restype = c_int
        pcap_set_rfmon.argtypes = [POINTER(pcap_t), c_int]

        pcap_activate = _lib.pcap_activate
        pcap_activate.restype = c_int
        pcap_activate.argtypes = [POINTER(pcap_t)]


        self.pcap = pcap_create(self.iface, self.errbuf)
        pcap_set_rfmon(self.pcap, 1)
        pcap_activate(self.pcap)
        self.header = POINTER(pcap_pkthdr)()
        self.pkt_data = POINTER(c_ubyte)()
        self.bpf_program = bpf_program()

scapy.arch.pcapdnet._PcapWrapper_pypcap = _PcapWrapper_pypcap_monkeypatched

def pktIdentifier(pkt):
    if pkt.haslayer(Dot11Beacon):
        print("[+] Detected 802.11 Beacon Frame")
    elif pkt.haslayer(Dot11ProbeReq):
        print("[+] Detected 802.11 Probe Frame")

sniff(iface="en0", prn=pktIdentifier)

答案 1 :(得分:1)

在Mac OS上使用嗅探功能设置monitor=True时,Catalina总是对我有用。示例:scapy.all.sniff(iface='en0, monitor=True)然后显然是您想要的其他功能。

答案 2 :(得分:0)

这是一个可能的答案:http://www.cqure.net/wp/2014/04/scapy-with-wifi-monitor-rfmon-mode-on-os-x/ 如果您要在http://github.com/phaethon/scapy上提交错误,我会协助修补部分。

相关问题
最新问题