This module keeps spoofing selected hosts on the network using crafted ARP packets in order to perform a MITM attack.
arp.spoof onStart ARP spoofer.
arp.ban onStart ARP spoofer in ban mode, meaning the target(s) connectivity will not work.
arp.spoof/ban offStop ARP spoofer.
| parameter | default | description |
|---|---|---|
arp.spoof.targets |
<entire subnet> |
A comma separated list of MAC addresses, IP addresses, IP ranges or aliases to spoof (a list of supported range formats). |
arp.spoof.whitelist |
A comma separated list of MAC addresses, IP addresses, IP ranges or aliases to skip while spoofing. | |
arp.spoof.internal |
false |
If true, local connections among computers of the network will be spoofed as well, otherwise only connections going to and coming from the external network. |
arp.spoof.fullduplex |
false |
If true, both the targets and the gateway will be attacked, otherwise only the target (if the router has ARP spoofing protections in place this will make the attack fail). |
Ban the address 192.168.1.6 from the network:
> set arp.spoof.targets 192.168.1.6; arp.ban on
Spoof 192.168.1.2, 192.168.1.3 and 192.168.1.4:
> set arp.spoof.targets 192.168.1.2-4; arp.spoof on