Working with command line interface makes many users feel uncomfortable with this tool but Scapy brings us a benefit of many popular tools like : hping , nmap, arpspoof ,arp-sk ,arping,tcpdump ,tetheral ,p0f and so on..
Scapy works perfectly with packets and give pentester the ability to test some advanced attacks like VLAN hopping, ARP cache poisoning, VOIP decoding on WEP encrypted channel …)
Let’s start by the installation package here is the list of software to make Scapy works fine under windows system:
There is also some other modules that can improve Scapy capacity, we will keep them to another post.
After installing these software packages you open a command prompt (cmd.exe), change to the directory containing scapy.py and run Scapy with “python scapy.py” (or just “scapy.py”) and all should works good now, you can try command ls () to list all protocols that it supports (ARP ,DNS…).
Well this tool is powerful in creating a sequence of packets; Scapy is able to create several packets on different ports in which make it a huge port scanner. Next thing that we can do is to scan the network for the active host by using Arp ping. It is the fastest way in finding computers on the LAN, or trying to send ICMP packets to list the active hosts on the Network. If ICMP protocol is disabled on the LAN you can use different TCP ping on any active port like http port 80.
Here at Sectechno there were a various posts on the DNS cache poisoning like the Google.co.ma incident. It’s not difficult to make Arp cache poisoning by Scapy, it uses already function arpcachepoison () to set the Mac of the attacker with the IP of the victim. So if client will ask for the victim web server he will be redirected physically to the attacker website.
Scapy also supports Fuzzing,Fuzzer testing is a tactic used by vulnerability researchers, with pushing a random data into applications or operating system components to see if it crashes and where it crashes. So it hammers on the application inputs.
The main important thing in Scapy is that you don’t need to write a new tool. For writing proof of concept to Microsoft IP option DoS needed 115 lines in C language, while with Scapy is released by just one line:
Send (IP (dst=”target”,options=”/x02/x27”+”X”*38)/TCP())
Finally with Scapy you can do everything you want (sniffing, fuzzing, Arp spoofing) all offline and without internet connection , you just connect to python scenario and you can work without borders.
make sure you subscribe to my RSS feed!