GitHub - Piccolino1965/VLAN-Hopping-via-Double-Tagging: Here is a Proof-of-Concept (PoC) in Python using Scapy to simulate a VLAN Hopping Double Tagging attack. This script creates and sends an Ethernet packet with double 802.1Q tagging, where the first tag (Outer VLAN 10) is stripped by a vulnerable switch, allowing the packet to reach an unauthorized VLAN (Inner VLAN 20).

Piccolino1965 / VLAN-Hopping-via-Double-Tagging Public

Notifications You must be signed in to change notification settings
Fork 0
Star 0

Here is a Proof-of-Concept (PoC) in Python using Scapy to simulate a VLAN Hopping Double Tagging attack. This script creates and sends an Ethernet packet with double 802.1Q tagging, where the first tag (Outer VLAN 10) is stripped by a vulnerable switch, allowing the packet to reach an unauthorized VLAN (Inner VLAN 20).

www.aiutocomputerhelp.it/viaggiare-tra-vlan-e-possibile-fare-hop-il-vlan-hopping/

MIT license

0 stars 0 forks Branches Tags Activity

Star

Notifications

Branches Tags

Name		Name	Last commit message	Last commit date
Latest commit History 7 Commits
LICENSE		LICENSE
README		README
double-tagging.py		double-tagging.py

Repository files navigation

https://www.aiutocomputerhelp.it/viaggiare-tra-vlan-e-possibile-fare-hop-il-vlan-hopping/

This software is a Proof-of-Concept (PoC) for VLAN Hopping via Double Tagging, a network attack technique used to bypass VLAN security restrictions. It demonstrates how an attacker can send a specially crafted Ethernet frame with two VLAN tags to infiltrate a restricted VLAN.

How It Works
Frame Construction: The script creates an Ethernet packet with two VLAN tags using Scapy. The outer VLAN tag (10) corresponds to the VLAN visible to the vulnerable switch, while the inner VLAN tag (20) represents the target VLAN the attacker wants to access.
Packet Transmission: The crafted packet is sent over the attacker's network interface (e.g., eth0), with a spoofed MAC address (00:11:22:33:44:55).
Exploiting Vulnerable Switches: If the switch is misconfigured or vulnerable, it removes the outer VLAN tag when forwarding the packet but mistakenly forwards it to VLAN 20 instead of VLAN 10, effectively granting unauthorized access.
Targeted Attack: The packet is directed at an IP inside VLAN 20 (192.168.20.1), with a UDP transport layer to simulate a service request.
Purpose
This PoC serves as an educational tool to demonstrate security weaknesses in improperly configured VLANs and highlight the importance of implementing countermeasures such as VLAN access control lists (ACLs), private VLANs, and proper switch port configurations to mitigate VLAN Hopping attacks.

⚠️ This software is provided solely for educational and security auditing purposes. It is intended to help network administrators, security professionals, and researchers identify vulnerabilities and improve the security of their own systems.

Unauthorized use of this software on networks or systems without explicit permission from the owner is strictly prohibited. Scanning or probing networks without consent may violate local laws, regulations, and organizational policies. The author and distributor of this software assume no liability for any misuse, legal consequences, or damages resulting from its use.

By using this software, you acknowledge that:

You have obtained explicit authorization to test the target systems.
You take full responsibility for your actions and any consequences arising from them.
You comply with all applicable laws, regulations, and ethical guidelines regarding cybersecurity testing.
If you are unsure about the legality of your actions, do not use this software. Always ensure compliance with ethical hacking standards and responsible disclosure practices.