arp.spoof
This module keeps spoofing selected hosts on the network using crafted ARP packets in order to perform a MITM attack.
Commands
Section titled “Commands”arp.spoof on
Section titled “arp.spoof on”Start ARP spoofer.
arp.ban on
Section titled “arp.ban on”Start ARP spoofer in ban mode, meaning the target(s) connectivity will not work.
arp.spoof off / arp.ban off
Section titled “arp.spoof off / arp.ban off”Stop ARP spoofer.
Parameters
Section titled “Parameters”| Parameter | Default | Description |
|---|---|---|
arp.spoof.fullduplex | false | If true, both the targets and the gateway will be attacked, otherwise only the target (if the router has ARP spoofing protections in place this will make the attack fail). |
arp.spoof.internal | false | If true, local connections among computers of the network will be spoofed as well, otherwise only connections going to and coming from the external network. |
arp.spoof.skip_restore | false | If set to true, targets arp cache won’t be restored when spoofing is stopped. |
arp.spoof.targets | <entire subnet> | A comma separated list of MAC addresses, IP addresses, IP ranges or aliases to spoof (a list of supported range formats). |
arp.spoof.whitelist | A comma separated list of MAC addresses, IP addresses, IP ranges or aliases to skip while spoofing. |
Examples
Section titled “Examples”Ban the address 192.168.1.6 from the network:
set arp.spoof.targets 192.168.1.6; arp.ban onSpoof 192.168.1.2, 192.168.1.3 and 192.168.1.4:
set arp.spoof.targets 192.168.1.2-4; arp.spoof on