new: new arp.spoof.skip_restore option (fixes #874)

2025-03-12 04:36:03 -07:00 · 2021-05-11 12:20:10 +02:00 · 2021-05-11 12:20:10 +02:00 · 4fc84f2907
commit 4fc84f2907
parent 8c00207e7e
1 changed files with 39 additions and 18 deletions
--- a/modules/arp_spoof/arp_spoof.go
+++ b/modules/arp_spoof/arp_spoof.go
@ -3,6 +3,7 @@ package arp_spoof
 import (
 	"bytes"
 	"net"
+	"strings"
 	"sync"
 	"time"

@ -15,14 +16,15 @@ import (

 type ArpSpoofer struct {
 	session.SessionModule
-	addresses  []net.IP
-	macs       []net.HardwareAddr
-	wAddresses []net.IP
-	wMacs      []net.HardwareAddr
-	fullDuplex bool
-	internal   bool
-	ban        bool
-	waitGroup  *sync.WaitGroup
+	addresses   []net.IP
+	macs        []net.HardwareAddr
+	wAddresses  []net.IP
+	wMacs       []net.HardwareAddr
+	fullDuplex  bool
+	internal    bool
+	ban         bool
+	skipRestore bool
+	waitGroup   *sync.WaitGroup
 }

 func NewArpSpoofer(s *session.Session) *ArpSpoofer {
@ -35,6 +37,7 @@ func NewArpSpoofer(s *session.Session) *ArpSpoofer {
 		ban:           false,
 		internal:      false,
 		fullDuplex:    false,
+		skipRestore:   false,
 		waitGroup:     &sync.WaitGroup{},
 	}

@ -52,6 +55,20 @@ func NewArpSpoofer(s *session.Session) *ArpSpoofer {
 		"false",
 		"If true, both the targets and the gateway will be attacked, otherwise only the target (if the router has ARP spoofing protections in place this will make the attack fail)."))

+	noRestore := session.NewBoolParameter("arp.spoof.skip_restore",
+		"false",
+		"If set to true, targets arp cache won't be restored when spoofing is stopped.")
+
+	mod.AddObservableParam(noRestore, func(v string) {
+		if strings.ToLower(v) == "true" || v == "1" {
+			mod.skipRestore = true
+			mod.Warning("arp cache restoration after spoofing disabled")
+		} else {
+			mod.skipRestore = false
+			mod.Info("arp cache restoration after spoofing enabled")
+		}
+	})
+
 	mod.AddHandler(session.NewModuleHandler("arp.spoof on", "",
 		"Start ARP spoofer.",
 		func(args []string) error {
@ -171,20 +188,24 @@ func (mod *ArpSpoofer) Start() error {
 }

 func (mod *ArpSpoofer) unSpoof() error {
-	nTargets := len(mod.addresses) + len(mod.macs)
-	mod.Info("restoring ARP cache of %d targets.", nTargets)
-	mod.arpSpoofTargets(mod.Session.Gateway.IP, mod.Session.Gateway.HW, false, false)
+	if !mod.skipRestore {
+		nTargets := len(mod.addresses) + len(mod.macs)
+		mod.Info("restoring ARP cache of %d targets.", nTargets)
+		mod.arpSpoofTargets(mod.Session.Gateway.IP, mod.Session.Gateway.HW, false, false)

-	if mod.internal {
-		list, _ := iprange.ParseList(mod.Session.Interface.CIDR())
-		neighbours := list.Expand()
-		for _, address := range neighbours {
-			if !mod.Session.Skip(address) {
-				if realMAC, err := mod.Session.FindMAC(address, false); err == nil {
-					mod.arpSpoofTargets(address, realMAC, false, false)
+		if mod.internal {
+			list, _ := iprange.ParseList(mod.Session.Interface.CIDR())
+			neighbours := list.Expand()
+			for _, address := range neighbours {
+				if !mod.Session.Skip(address) {
+					if realMAC, err := mod.Session.FindMAC(address, false); err == nil {
+						mod.arpSpoofTargets(address, realMAC, false, false)
+					}
 				}
 			}
 		}
+	} else {
+		mod.Warning("arp cache restoration is disabled")
 	}

 	return nil