A Python-based ARP spoofing and session hijacking script designed for penetration testing to intercept and exploit network traffic within a local network.
경찰청 자문을 위해 진행한 프로젝트
This tool is used by penetration testers and red teamers to perform network reconnaissance, ARP spoofing, and session hijacking attacks to capture and reuse session cookies for unauthorized web service access. It is practical in environments where SSL is not enforced, enabling attackers to hijack active sessions without credentials.
This tool only works on unencrypted (non-SSL) traffic, limiting its effectiveness against modern HTTPS-secured sites. Proper network setup is required to avoid MAC address conflicts between host and guest OS. The project was developed as a proof-of-concept under police advisory and should be used responsibly and legally. Evil twin attacks were attempted but only ARP spoofing succeeded.
Use Kali Linux as the attack operating system
Ensure python3 is installed along with the nmap Python library
Install and configure tcpdump and arpspoof on the Linux system
Add an external LAN device to Kali Linux to prevent MAC address conflicts with the host OS
Clone the repository or download the script files to Kali Linuxip scanning with nmap
Scan the local network to discover all connected devices
arpspoof -t <target_ip> <gateway_ip>
Perform ARP spoofing to redirect target's traffic to the attacker
echo 1 > /proc/sys/net/ipv4/ip_forward
Enable IP forwarding to relay packets from the target to the router
tcpdump -i <interface> -w capture.pcap
Capture network packets from the target for analysis
Use a Chrome extension to inject captured session cookies
Reuse hijacked session cookies to log into web services without credentials