Scapy on Yosemite
There seems to be quite a few people trying to get Scapy installed and running on Yosemite.
Scapy is getting kind of old and as a result, as of the writing of this article, there doesn’t seem to be a user-friendly way to get it working on the latest reincarnation of OS X.
While Googling for a solution, I stumbled upon a post from juhnu describing a procedure to get Scapy installed on an older version of Mac OS and I decided to give it a go, just for fun.
By the end of the exercise, I had a broken install that I managed to get up and running with slight modifications of juhnu’s procedure.
Dependencies
Let’s start by getting the dependencies out of the way, before we jump into Scapy’s own installation. As you may know, you will need at least Mac OS X Command Line Tools and most probably Xcode, in order to build the necessary packages.
Building libdnet
As of the writing of this post, the latest version of libdnet is 1.12. So let’s go ahead and download, build and install it:
1 2 3 4 5 6 7 |
$ wget http://libdnet.googlecode.com/files/libdnet-1.12.tgz $ tar xvf libdnet-1.12.tgz $ ./configure $ make $ sudo make install $ cd python $ sudo python2.6 setup.py install |
I have highlighted for you line 7, which contains a key element in this game. You must explicitly use python2.6 here (and everywhere else in this tutorial). Yosemite defaults to python 2.7 and your dear friend Scapy won’t like it!
Installing pylibpcap
Let’s install pylibpcap, a python module for the legendary libpcap packet capture library. As of the writing of this article, the latest version is 0.6.4.
1 2 3 4 |
$ wget http://dfn.dl.sourceforge.net/sourceforge/pylibpcap/pylibpcap-0.6.4.tar.gz $ tar xvf pylibpcap-0.6.4.tar.gz $ cd pylibpcap-0.6.4 $ sudo python2.6 setup.py install |
Here again, make sure to use python2.6 on line 4 when installing pylibpcap.
Installing Scapy
Up to here, you should already be able to install and run Scapy on your Yosemite machine. There are some other optional libraries that will give you additional functionality and we will take care of those after installing Scapy. As of the writing of this article, wget scapy.net will get you version 2.2 of Scapy. If you find yourself with a different version, you will want to adjust line 3 of the following block accordingly:
1 2 3 4 |
$ wget scapy.net $ unzip scapy-latest.zip $ cd scapy-2.2 $ sudo python2.6 setup.py install |
Once again, I cannot stress how important it is to run python2.6 and not simply python, as highlighted in line 4.
In its current state, you should be able to run Scapy just fine, although it will complain with some warnings. Just make sure to use sudo if you’re planning to inject packets.
1 |
$ sudo scapy |
Installing Additional Libraries
You can get rid of most of the warnings by installing 3 additional libraries that will give you the possibility to decrypt WEP trafic, make impressive graphical PostScript/PDF dumps of a packet or a list of packets or even plot IP ID patterns.
Installing pycrypto
Get yourself the latest version of pycrypto (2.6.1 as of the writing of this article) and proceed to install:
1 2 3 4 |
$ wget http://ftp.dlitz.net/pub/dlitz/crypto/pycrypto/pycrypto-2.6.1.tar.gz $ tar xfz pycrypto-2.6.1.tar.gz $ cd pycrypto-2.6.1 $ sudo python2.6 setup.py install |
Again, notice the use of python2.6 (sorry for being so insistent…).
Installing gnuplot-py
The latest available version of gnuplot-py at the moment of the writing of this article is 1.8. Get it from the website and proceed to install (if you use Safari to download, it will decompress the archive and you will end up with just a tarball):
1 2 3 |
$ tar xfz gnuplot-py-1.8.tar.gz $ cd gnuplot-py-1.8 $ sudo python2.6 setup.py install |
Installing PyX
For this library, we’ll make an exception and we will not install the latest version. As of the writing of this article, the latest version of PyX is 0.13. However, this version is only compatible with Python 3 and therefore, it will not work with our Scapy install. So you will want to get version 0.12.1 which is the latest version available to be compatible with Python 2.6. Go ahead and download the file from the website and comeback here to finish the install:
1 2 3 |
$ tar xfz PyX-0.12.1.tar.gz $ cd PyX-0.12.1 $ sudo python2.6 setup.py install |
Did you notice the python2.6 for the last two libraries? Just checking 😉
There you go. Your Scapy should be ready to go. When you run Scapy (with sudo… don’t forget), you might be greeted with these 3 warning:
1 2 3 |
WARNING: No route found for IPv6 destination :: (no default route?) the sha module is deprecated; use the hashlib module instead The popen2 module is deprecated. Use the subprocess module. |
You may safely ignore these warnings. Happy Scaping!