Masquerade

ARP Spoofing GUI


Description

!! USE WITH CAUTION !!

Introduction:

This is a GUI for arp spoofing, inspired by netkillUI from Teggers. It requires jailbreak and the installation of various packages listed below. Keep in mind that if you use this on a network you do not own or have permission to break, it is probably ILLEGAL, and you are NOT ANONYMOUS.


System Requirements:

  • [wget] (found in default repos)
  • [unzip] (found in default repos)
  • [Network Commands] package (for arp)
  • [Python3] (default repos or https://mcapollo.github.io/Public/)
  • [Pip] (can be installed using shortcut)
  • Internet connection to github (to download arpspoof)
  • iDevice SSH port open

You will need to be jailbroken and have SSH configured to listen on some port. This can be set using [OpenSSH Settings], found on default repos. Please read the description below before using the shortcut.


Description:

Masquerade is a 'GUI' for ARP spoofing. It automates the use of the arpspoof command. This shortcut uses the arpspoof project found here: (https://github.com/byt3bl33d3r/arpspoof). As a result, it needs Python3 and pip to install.

"In computer networking, ARP spoofing, ARP cache poisoning, or ARP poison routing, is a technique by which an attacker sends (spoofed) Address Resolution Protocol (ARP) messages onto a local area network. Generally, the aim is to associate the attacker's MAC address with the IP address of another host, such as the default gateway, causing any traffic meant for that IP address to be sent to the attacker instead." - Wikipedia

The device that you target, or kill, will likely have their network connection seemingly turned off, but it is just redirecting to your device.

Upon installing the shortcut, you will be asked to provide your device's root password and SSH port. This is used to log in as root to use the arpspoof command. It does not send anything back to me, and the only internet connection required is only used for installing and actually running arpspoof.


List of functions:


"Proceed with Masquerade"

Probably the choice you were looking for. This function leads to the actual arpspoof command. Use it to select a device to kill. You are then given the following options:

  • Run arp scan

This runs the command arp -a, which lists all IP addresses of devices connected to the network. You can then select a specific IP to kill. If there are many devices on your network, scanning will take a long time to complete.

  • Manually input target IP

Sometimes there may be way too many IP addresses to comb through. If you know your target IP address, you can enter it here.

  • Kill all connected devices

This option kills all devices detected through arp -a. If it looks like the shortcut is hanging, that is probably normal and depends on how many devices are connected to the network. Use this with caution.

In all cases, a confirmation notification will be shown once the arpspoof command has been run. The specific command for all above options is: "arpspoof -i en0 -t <target IP> -r <your IP> &>/dev/null &". This puts arpspoof in background, and allows you to run multiple attacks at once.


"Stop all arpspoof processes"

Runs "killall python3". As arpspoof runs as a python process, this will kill any arpspoof process currently running.


"Install arpspoof"

This installs arpspoof from GitHub. There is a subsection that allows you to install pip as well, if it is not already installed. More information about installation is below.


Manual Install:

It is recommended to install pip and arpspoof yourself in order to see what errors may occur, but the shortcut has a script to install both packages automatically. The shortcut executes the commands listed below AS ROOT USER. These are the same steps as with installing manually through a terminal or SSH.


To install pip:

wget https://bootstrap.pypa.io/get-pip.py
python3 get-pip.py

To install arpspoof from Github [pip must be installed first]:

mkdir arpspoof
cd arpspoof/
wget https://github.com/byt3bl33d3r/arpspoof/archive/refs/heads/master.zip
unzip master.zip
cd arpspoof-master/
/usr/local/bin/pip install -r requirements.txt
/usr/local/bin/python3 setup.py install

Manual Usage:

Masquerade automates the process using shortcuts, but this means you cannot debug or see where errors occur in the spoofing process. If you wish to manually use arpspoof, you can follow the steps below in a terminal like NewTerm, or through SSH.

su
arp -a
arpspoof -i en0 -t XXX.XXX.XXX -r YYY.YYY.YYY

Before anything, you should find your own ip address. This can be found in Settings.app, or using commands like ifconfig if installed. Then, in the first step, we will invoke the root user, as arpspoof needs root privilege to run. The next step scans for IP addresses connected to the network. Here, you can find your target IP address. For the next command, put your target IP address in the place of XXX.XXX.XXX, and your IP address in the place of YYY.YYY.YYY. The terminal should then show you the output of the command.


Again, please be very careful when using this shortcut. Firstly if you do this on a network you do not own or have permission to break, it is probably ILLEGAL, and you are NOT ANONYMOUS. Secondly, it will probably ruin your battery life to leave this running. Be sure you know what you are doing.


Thanks to byt3bl33d3r and Teggers

Thank you for using Masquerade!


Latest Release Notes

1.0 - Nov. 17, 2021, 2:08 a.m.

Initial release