kArp – Linux Kernel Level ARP Hijacking/Spoofing Utility


Introduction

kArp is a linux patch that allows one to implement ARP hijacking in the kernel, but control it easily via userland. You may configure, enable and disable kArp via ProcFS or the sysctl mechanism.

kArp is implemented almost on the device driver level. Any ethernet driver (including 802.11 drivers) is supported. The kArp code is lower than the actual ARP code in the network stack, and thus will respond to ARP requests faster than a normal machine running a normal network stack, even if the machine we’re spoofing has a CPU twice as fast as ours!

Functionality

  • ARP Hijacking – Enabling ARP spoofing allows a user to spoof an ARP response to a specific victim host. Due to the low level at which the code exists, our spoofed packet is guaranteed to arrive at the victim’s network stack prior to the response of the machine we’ve impersonated.
  • ARP Hijacking the Impersonated – Enabling this function via arp_send_to_spoofed allows us to spoof the victim’s information to the impersonated machine as well, helping to solidify the MiM attack. However, this functionality may kill the speed of our spoofed frame to the victim, so it isn’t enabled by default.
  • ARP Flooding – Enabling this function via arp_flood causes the kernel to send a flood of random source and destination MAC addresses via a broken ARP frame. On some switches this will fill its internal MAC table, or overflow it. Often, the result of this attack is forcing the switch to fall back to dumb hub mode, allowing us to sniff the wire without a MiM attack.

Warning

kArp was written to beat the race in responding to an ARP Request from a target (victim) machine. It is *not* meant as an tool to flood a victim with ARP information. This means that some operating systems (MacOSX) that ingest unsolicited ARP responses may still obtain the actual MAC address of the machine we’re impersonating. Linux, however, only accepts the fastest response. If you want to flood a machine with fake ARP responses, use a userland tool.

For now, the URL is:

http://aversion.net/~north/karp/

Posted in: Hacking Tools, Linux Hacking

,


Latest Posts:


dSploit APK Download - Hacking & Security Toolkit For Android dSploit APK Download – Hacking & Security Toolkit For Android
dSploit APK Download is a Hacking & Security Toolkit For Android which can conduct network analysis and penetration testing activities.
Scallion - GPU Based Onion Hash Generator Scallion – GPU Based Onion Hash Generator
Scallion is a GPU-driven Onion Hash Generator written in C#, it lets you create vanity GPG keys and .onion addresses (for Tor's hidden services).
WiFi-Dumper - Dump WiFi Profiles and Cleartext Passwords WiFi-Dumper – Dump WiFi Profiles and Cleartext Passwords
WiFi-Dumper is an open-source Python-based tool to dump WiFi profiles and cleartext passwords of the connected access points on a Windows machine.
truffleHog - Search Git for High Entropy Strings with Commit History truffleHog – Search Git for High Entropy Strings with Commit History
truffleHog is a Python-based tool to search Git for high entropy strings, digging deep into commit history and branches. This is effective at finding secrets accidentally committed.
AIEngine - AI-driven Network Intrusion Detection System AIEngine – AI-driven Network Intrusion Detection System
AIEngine is a next-generation interactive/programmable Python/Ruby/Java/Lua and Go AI-driven Network Intrusion Detection System engine with many capabilities.
Sooty - SOC Analyst All-In-One CLI Tool Sooty – SOC Analyst All-In-One CLI Tool
Sooty is a tool developed with the task of aiding a SOC analyst to automate parts of their workflow and speed up their process.


Comments are closed.