arp.spoof

This module keeps spoofing selected hosts on the network using crafted ARP packets in order to perform a MITM attack.

Commands

arp.spoof on

Start ARP spoofer.

arp.ban on

Start ARP spoofer in ban mode, meaning the target(s) connectivity will not work.

arp.spoof/ban off

Stop ARP spoofer.

Parameters

parameterdefaultdescription
arp.spoof.targets<entire subnet>A comma separated list of MAC addresses, IP addresses, IP ranges or aliases to spoof (a list of supported range formats).
arp.spoof.whitelistA comma separated list of MAC addresses, IP addresses, IP ranges or aliases to skip while spoofing.
arp.spoof.internalfalseIf true, local connections among computers of the network will be spoofed as well, otherwise only connections going to and coming from the external network.
arp.spoof.fullduplexfalseIf true, both the targets and the gateway will be attacked, otherwise only the target (if the router has ARP spoofing protections in place this will make the attack fail).

Examples

Ban the address 192.168.1.6 from the network:

  1. > set arp.spoof.targets 192.168.1.6; arp.ban on

Spoof 192.168.1.2, 192.168.1.3 and 192.168.1.4:

  1. > set arp.spoof.targets 192.168.1.2-4; arp.spoof on