{"id":25812579,"url":"https://github.com/daisvke/ft_malcolm","last_synced_at":"2025-02-28T01:54:34.304Z","repository":{"id":176979718,"uuid":"655408467","full_name":"daisvke/ft_malcolm","owner":"daisvke","description":"This project implements Address Resolution Protocol (ARP) spoofing/poisoning, a foundational Man-in-the-Middle (MiM) attack.","archived":false,"fork":false,"pushed_at":"2025-01-26T08:14:22.000Z","size":104,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-01-26T09:21:31.089Z","etag":null,"topics":["42projects","arp-poisoning","arp-spoofing","cybersecurity","ecole42","ft-malcolm","man-in-the-middle","mitm","school42"],"latest_commit_sha":null,"homepage":"","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/daisvke.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-06-18T19:57:12.000Z","updated_at":"2025-01-26T08:14:26.000Z","dependencies_parsed_at":null,"dependency_job_id":"13b2bc3b-fc6b-45ee-b78d-c7ce97cb5fb3","html_url":"https://github.com/daisvke/ft_malcolm","commit_stats":null,"previous_names":["daisvke/ft_malcolm"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/daisvke%2Fft_malcolm","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/daisvke%2Fft_malcolm/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/daisvke%2Fft_malcolm/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/daisvke%2Fft_malcolm/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/daisvke","download_url":"https://codeload.github.com/daisvke/ft_malcolm/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":241087104,"owners_count":19907383,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["42projects","arp-poisoning","arp-spoofing","cybersecurity","ecole42","ft-malcolm","man-in-the-middle","mitm","school42"],"created_at":"2025-02-28T01:54:33.726Z","updated_at":"2025-02-28T01:54:34.297Z","avatar_url":"https://github.com/daisvke.png","language":"C","funding_links":[],"categories":[],"sub_categories":[],"readme":"# ft_malcolm\n\n## Description\n\nThis project implements **Address Resolution Protocol (ARP) spoofing/poisoning**, a foundational Man-in-the-Middle (MiM) attack.  \nThe attack exploits a vulnerability in the ARP protocol, tricking devices into associating the attacker’s MAC address with a legitimate IP address.  \n\n---\n\n## Commands\n\n### Usage\n```bash\nmake\nsudo ./ft_malcolm [HOST IP] [HOST MAC] [TARGET IP] [TARGET MAC] -v\n```\n\n- **HOST**: This machine (attacker).  \n- **TARGET**: The victim device sending ARP requests.  \n- **IP Format**: IPv4 (e.g., 192.168.1.1).  \n- **MAC Format**: `xx:xx:xx:xx:xx:xx` (separator can be `:` or `-`, case insensitive).  \n- **`-v`**: Enables verbose mode.  \n\n#### Example:\n```bash\nsudo ./ft_malcolm 10.0.2.15 08:00:27:e1:ad:e1 10.0.2.4 08:00:27:b9:e6:05 -v\n```\n\n---\n\n### Useful Commands\n| Command                           | Description                                                                                  |\n|-----------------------------------|----------------------------------------------------------------------------------------------|\n| `arp -a`                          | Displays the ARP table in a readable format.                                                 |\n| `arp -d [IP ADDRESS]`             | Deletes an IP address from the ARP table.                                                   |\n| `sudo arping -c 1 -i [INTERFACE] [IP]` | Sends a single ARP request. Example: `sudo arping -c 1 -i enp0s3 192.168.1.10`              |\n\n---\n\n## Example of Use\n\nThe following example simulates a MiM attack using two virtual machines (VMs) in **VirtualBox**.\n\n### Step-by-Step Guide\n\n1. **Set Up Virtual Machines**:\n   - Create 2 VMs (e.g., Ubuntu) with sufficient resources:  \n     - 6.4 GB memory, 7 CPUs, 42 MB video memory, VMSVGA with 3D acceleration enabled.  \n     - Virtual hard disks (10 GB is sufficient).\n\n2. **Configure Network Settings**:\n   - Open **VirtualBox \u003e Tools \u003e Network Manager**.  \n   - Under the **NAT Networks** tab, create a new NAT network if not already present.  \n   - Attach both VMs to the same NAT network:  \n     - Select VM \u003e Settings \u003e Network \u003e Attached to: `NAT Network`.\n\n3. **Install Required Tools**:\n   - VM1:  \n     ```bash\n     sudo apt install git make net-tools -y\n     ```\n   - VM2:  \n     ```bash\n     sudo apt install net-tools arping -y\n     ```\n\n4. **Run the Attack**:\n   - **VM1 (Attacker)**:  \n     Clone, compile, and execute the program using VM2’s IP and MAC as targets.  \n   - **VM2 (Victim)**:  \n     Send an ARP request to the attacker’s IP.\n\n5. **Verify Results**:\n   - On **VM1**, check the program output for ARP spoofing success.  \n   - On **VM2**, inspect the ARP table with `arp -a`.  \n     - The attacker’s MAC address should appear in the table for the host’s IP.  \n\n---\n\n## Technical Aspects\n\n### **What is ARP Spoofing?**\n\n**ARP spoofing** manipulates network communication by sending forged ARP packets. This allows an attacker to intercept, modify, or redirect network traffic.  \n\n#### ARP Spoofing Steps:\n1. **Monitor the Network**:  \n   - Capture ARP packets using raw sockets.\n2. **Craft Spoofed Packets**:  \n   - Replace the legitimate MAC address with the attacker’s.\n3. **Send Forged Packets**:  \n   - Broadcast them to the network.\n4. **Update ARP Tables**:  \n   - Devices update their tables with incorrect MAC-IP mappings.\n5. **Intercept/Manipulate Traffic**:  \n   - The attacker now controls communication between devices.  \n\n---\n\n### **Raw Sockets**\n\nA **raw socket** provides direct access to network protocols, bypassing standard APIs. This allows granular control of packet creation and manipulation, enabling custom headers and protocols.\n\n---\n\n### **ARP Packet Structure**\n\nEach ARP packet has a specific structure, as shown below:\n\n| **Layer**          | **Field**                    | **Details**                          |\n|---------------------|------------------------------|--------------------------------------|\n| **Ethernet Header** | Destination MAC Address      | Receiver's MAC address              |\n|                     | Source MAC Address          | Sender's MAC address                |\n|                     | EtherType                   | Identifies ARP (`0x0806`)           |\n| **ARP Header**      | Hardware Type               | Ethernet (`1`)                      |\n|                     | Protocol Type               | IPv4 (`0x0800`)                     |\n|                     | Hardware Address Length     | MAC address length (`6`)            |\n|                     | Protocol Address Length     | IPv4 address length (`4`)           |\n|                     | Operation                   | ARP Request (`1`), ARP Reply (`2`)  |\n|                     | Sender MAC Address          | Source MAC address                  |\n|                     | Sender IP Address           | Source IP address                   |\n|                     | Target MAC Address          | Destination MAC address             |\n|                     | Target IP Address           | Destination IP address              |\n\n---\n\n### **Network Packet Navigation**\n\nTo access specific layers:\n- Calculate offsets based on the header sizes.  \n- Use raw sockets to extract or manipulate packet fields.  \n\n---\n\n## Additional Functionalities\n\n- **Root Privilege Check**: Ensures the program is run as root.  \n- **Verbose Mode**: Displays ARP requests received in real-time.  \n- **Hostname Display**: Shows source and target hostnames.  \n\n---\n\n## Useful Links\n\n- [ARP Spoofing Explanation](https://www.youtube.com/watch?v=YJGGYKAV4pA)  \n- [Man-in-the-Middle Attack](https://www.youtube.com/watch?v=EC1slXCT3bg)  \n- [RFC 826 (ARP Protocol)](https://www.rfc-editor.org/rfc/rfc826)\n- [Address Resolution Protocol (ARP) Parameters](https://www.iana.org/assignments/arp-parameters/arp-parameters.xhtml)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdaisvke%2Fft_malcolm","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdaisvke%2Fft_malcolm","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdaisvke%2Fft_malcolm/lists"}