Saturday, May 6, 2017

CSArp Netcut

I use Arcai's Netcut sometimes. It works. But sometimes, it abruptly crashes and doesn't go quite as easy as I would like it to. I found it to be a little too sluggish.
Then I thought to give SharpPcap a try, just to fool around, to see if I could capture some packets here and there, knowing that it must be such an insurmountable task to complete such a project, especially with the limited networking knowledge I have. But, one thing led to another and I had dived in too deep. On the first day, May 4, 2017, I tried using the GetIpNetTable API to get the ids of devices currently connected to my LAN. It was a tough thing for me to finally get something of some value that could accomplish some semblance of my goal. The entire day, I spent searching the internet for that one API and gluing together pieces to make it tick. And tick it did but I realised the system ARP table information it provided was little indication of all the devices of my LAN. Frustrated, I slept on it.
The next morning, I actually started fiddling with SharpPcap, it was a low level based high level API after all. I quite successfully and pretty quickly realised that capturing ARP packets with this .NET library was trivial and upon analysing numerous Debug.Print() outputs from my Visual Studio 2017's Output Window of the captured packets, and knitting them together with the information I gathered on ARP from the internet, I finally pieced together a method to produce a list of devices connected in the LAN. In short, I did it by basically sending ARP Request packets to every possible IP on a LAN that utilises the ipv4 protocol. Then, to actually perform an ARP spoofing/"cache poisoning" attack, I tried some 4-5 combinations of Requests/Response/To gateway/To target device/Broadcast/"Unicast"(targetted transmission) packets. That day, I was unable to make it work without raising alarms on the target device; for instance, when sending(Unicasting/Broadcasting) ARP packets(Request and/or Response) pretending to be sent by  the gateway device(router in my case), my desktop's ESET Smart Security 10 shouted at the screen non-stop and while it did work on my android phone, I wanted my program to work on every device, like Arcai's Netcut seemed to, so cleanly. It was yesterday.
Determined to get it right, today morning, I changed the code to send targetted ARP requests to the gateway, while pretending to be the target device. I ran it and voila! It worked perfectly. No alarm bells or warning signs. It just worked! With some cosmetic touches to the program(which took, as they always do, significant amount of time for the auxiliary function they serve) I uploaded the first version, 0, to GitHub. After that, I immediately thought of why I wanted so desperately a program like Arcai's Netcut in the first place and added some improvements/extra functionalities. And just some time ago, I published it in my GitHub repository for the program.
Here it is, in its infant glory...

It may be brittle yet. But it works for me, and it's open source. So, feel free to do anything and everything with it.
Download here
GitHub @ here
PS: SharpPcap, used by this application, requires WinPCap to be installed. At the time of this writing, it can be downloaded from here