new: new arp.spoof.skip_restore option (fixes #874)

bettercap · May 11, 2021 · 4fc84f2 · 4fc84f2
1 parent 8c00207
commit 4fc84f2
Showing 1 changed file with 40 additions and 19 deletions.
diff --git a/modules/arp_spoof/arp_spoof.go b/modules/arp_spoof/arp_spoof.go
@@ -3,6 +3,7 @@ package arp_spoof
 import (
  "bytes"
  "net"
+ "strings"
  "sync"
  "time"
 
@@ -15,14 +16,15 @@ import (
 
 type ArpSpoofer struct {
  session.SessionModule
- addresses []net.IP
- macs []net.HardwareAddr
- wAddresses []net.IP
- wMacs []net.HardwareAddr
- fullDuplex bool
- internal bool
- ban bool
- waitGroup *sync.WaitGroup
+ addresses []net.IP
+ macs []net.HardwareAddr
+ wAddresses []net.IP
+ wMacs []net.HardwareAddr
+ fullDuplex bool
+ internal bool
+ ban bool
+ skipRestore bool
+ waitGroup *sync.WaitGroup
 }
 
 func NewArpSpoofer(s *session.Session) *ArpSpoofer {
@@ -35,6 +37,7 @@ func NewArpSpoofer(s *session.Session) *ArpSpoofer {
  ban: false,
  internal: false,
  fullDuplex: false,
+ skipRestore: false,
  waitGroup: &sync.WaitGroup{},
  }
 
@@ -52,6 +55,20 @@ func NewArpSpoofer(s *session.Session) *ArpSpoofer {
  "false",
  "If true, both the targets and the gateway will be attacked, otherwise only the target (if the router has ARP spoofing protections in place this will make the attack fail)."))
 
+ noRestore := session.NewBoolParameter("arp.spoof.skip_restore",
+ "false",
+ "If set to true, targets arp cache won't be restored when spoofing is stopped.")
+
+ mod.AddObservableParam(noRestore, func(v string) {
+ if strings.ToLower(v) == "true" || v == "1" {
+ mod.skipRestore = true
+ mod.Warning("arp cache restoration after spoofing disabled")
+ } else {
+ mod.skipRestore = false
+ mod.Info("arp cache restoration after spoofing enabled")
+ }
+ })
+
  mod.AddHandler(session.NewModuleHandler("arp.spoof on", "",
  "Start ARP spoofer.",
  func(args []string) error {
@@ -171,20 +188,24 @@ func (mod *ArpSpoofer) Start() error {
 }
 
 func (mod *ArpSpoofer) unSpoof() error {
- nTargets := len(mod.addresses) + len(mod.macs)
- mod.Info("restoring ARP cache of %d targets.", nTargets)
- mod.arpSpoofTargets(mod.Session.Gateway.IP, mod.Session.Gateway.HW, false, false)
-
- if mod.internal {
- list, _ := iprange.ParseList(mod.Session.Interface.CIDR())
- neighbours := list.Expand()
- for _, address := range neighbours {
- if !mod.Session.Skip(address) {
- if realMAC, err := mod.Session.FindMAC(address, false); err == nil {
- mod.arpSpoofTargets(address, realMAC, false, false)
+ if !mod.skipRestore {
+ nTargets := len(mod.addresses) + len(mod.macs)
+ mod.Info("restoring ARP cache of %d targets.", nTargets)
+ mod.arpSpoofTargets(mod.Session.Gateway.IP, mod.Session.Gateway.HW, false, false)
+
+ if mod.internal {
+ list, _ := iprange.ParseList(mod.Session.Interface.CIDR())
+ neighbours := list.Expand()
+ for _, address := range neighbours {
+ if !mod.Session.Skip(address) {
+ if realMAC, err := mod.Session.FindMAC(address, false); err == nil {
+ mod.arpSpoofTargets(address, realMAC, false, false)
+ }
  }
  }
  }
+ } else {
+ mod.Warning("arp cache restoration is disabled")
  }
 
  return nil