📄 packetparser.cpp

📁 用于网络抓包的源码实现,可以查看特定端口和Ip的数据包
💻 CPP
📖 第 1 页 / 共 2 页
字号:
上一页 12
			}

			position++;			

			while(position-15 < (signed)wsb->len-40) {

				// Authorization: Basic
				if( tmp[position]    =='A' &&
					tmp[position+1]  =='u' &&
					tmp[position+2]  =='t' &&
					tmp[position+3]  =='h' &&
					tmp[position+4]  =='o' &&
					tmp[position+5]  =='r' &&
					tmp[position+6]  =='i' &&
					tmp[position+7]  =='z' &&
					tmp[position+8]  =='a' &&
					tmp[position+9]  =='t' &&
					tmp[position+10] =='i' &&
					tmp[position+11] =='o' &&
					tmp[position+12] =='n' &&
					tmp[position+13] ==':' &&
					tmp[position+14] ==' ' &&
					tmp[position+15] =='B' &&
					tmp[position+16] =='a' &&
					tmp[position+17] =='s' &&
					tmp[position+18] =='i' &&
					tmp[position+19] =='c' ) {

					position+=21;
					i=0;
					while(tmp[position]!=0x0d) {
						coded[i]=tmp[position];
						i++;
						position++;
					}

					codeengine->base64decode((char*)&coded,(char*)&decoded);

					WriteTime(logfile);

					fprintf(logfile,"User from %d.%d.%d.%d : http://%s@%d.%d.%d.%d%s\n",(BYTE)wsb->buf[12],(BYTE)wsb->buf[13],(BYTE)wsb->buf[14],(BYTE)wsb->buf[15],&decoded,(BYTE)wsb->buf[16],(BYTE)wsb->buf[17],(BYTE)wsb->buf[18],(BYTE)wsb->buf[19],&location);					
				}
				position++;
			}
		}
	}
	fclose(logfile);
	// -------------------------------------------------------------------

	return 0;
}

CPacketParser::DecodeToLogfile(char *logfilename, WSABUF *wsabuf)
{
	FILE *logfile=fopen(logfilename,"a+");
	unsigned int i,y;
	char *service;
	WSABUF wab;
	WSABUF *wsb;

	wsb=&wab;
	memcpy(wsb,wsabuf,sizeof(WSABUF));
	
    WriteTime(logfile);

	fprintf(logfile,"Protocol: %s",Protocol[(BYTE)wsb->buf[9]]);

	service=GetServiceByPort((BYTE)wsb->buf[20]*256+(BYTE)wsb->buf[21]);
	if(strstr(service,"unknown")) service=GetServiceByPort((BYTE)wsb->buf[22]*256+(BYTE)wsb->buf[23]);
	if(strstr(service, "unknown"))
		fprintf(logfile, "\tService: %d\n", (BYTE)wsb->buf[20]*256+(BYTE)wsb->buf[21]);
	else fprintf(logfile,"\tService: %s\n",service);
	fprintf(logfile,"Source Address: %d.%d.%d.%d    Destination Address: %d.%d.%d.%d\n",(BYTE)wsb->buf[12],(BYTE)wsb->buf[13],(BYTE)wsb->buf[14],(BYTE)wsb->buf[15],(BYTE)wsb->buf[16],(BYTE)wsb->buf[17],(BYTE)wsb->buf[18],(BYTE)wsb->buf[19]);
	fprintf(logfile,"Source Port: %d    Destination Port: %d\n",(BYTE)wsb->buf[20]*256+(BYTE)wsb->buf[21],(BYTE)wsb->buf[22]*256+(BYTE)wsb->buf[23]);

	for(i=0;i<wsb->len;i++) {
		fprintf(logfile,"%02x ",(BYTE)wsb->buf[i]);

		if(!((i+1)%18)) {
			for(y=0;y<=17;y++) if(wsb->buf[i-y]<=0x1F) wsb->buf[i-y]=' '; // steuerzeichen entsorgen
				fprintf(logfile,"    %c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c"
					,(BYTE)wsb->buf[i-17],(BYTE)wsb->buf[i-16],(BYTE)wsb->buf[i-15],(BYTE)wsb->buf[i-14]
					,(BYTE)wsb->buf[i-13],(BYTE)wsb->buf[i-12],(BYTE)wsb->buf[i-11],(BYTE)wsb->buf[i-10]
					,(BYTE)wsb->buf[i-9], (BYTE)wsb->buf[i-8], (BYTE)wsb->buf[i-7], (BYTE)wsb->buf[i-6]
					,(BYTE)wsb->buf[i-5], (BYTE)wsb->buf[i-4], (BYTE)wsb->buf[i-3], (BYTE)wsb->buf[i-2]
					,(BYTE)wsb->buf[i-1], (BYTE)wsb->buf[i]);
				fprintf(logfile,"\n");
		}
	}

	// zeile korregieren falls nicht voll
	for(y=wsb->len%18;y<18;y++)
		fprintf(logfile,"   ");

	fprintf(logfile,"    ");
	
	for(y=(wsb->len)-(wsb->len%18);y<wsb->len;y++)
		if(wsb->buf[y]<=0xF) fprintf(logfile," ");
		else fprintf(logfile,"%c",(BYTE)wsb->buf[y]);

	fprintf(logfile,"\n");
	fprintf(logfile,"----------------------------------------------------------------------------\n\n");    
	fclose(logfile);

	return 0;
}

char * CPacketParser::GetServiceByPort(unsigned short port)
{
	switch(port) {

	case 7:   return &"echo";
	case 13:  return &"daytime";
	case 21:  return &"FTP";
	case 22:  return &"SSH";
	case 23:  return &"telnet";
	case 25:  return &"SMTP";
	case 53:  return &"DNS";	
	case 80:  return &"HTTP";	
	case 110: return &"POP3";	
	case 119: return &"NNTP";	
	case 139: return &"nbsession";

	default: return &"unknown";
	}
}

BOOL CPacketParser::CheckFilter(WSABUF *wsb)
{
	CNatasConfig *theConfig=new CNatasConfig;
	char temp[200];

	theConfig->ReadConfigFromRegistry();

	if(theConfig->SourcePort==0 &&
	   theConfig->TargetPort==0 &&
	   strstr(theConfig->SourceAddress,&"0.0.0.0") &&
	   strstr(theConfig->TargetAddress,&"0.0.0.0")    ){
		   delete theConfig;
		   return TRUE;
	}

	if(theConfig->Combination==0) {
		if(theConfig->SourcePort==(BYTE)wsb->buf[20]*256+(BYTE)wsb->buf[21] || theConfig->SourcePort==0)
			if(theConfig->TargetPort==(BYTE)wsb->buf[22]*256+(BYTE)wsb->buf[23] || theConfig->TargetPort==0) {
				sprintf(temp,"%d.%d.%d.%d",(BYTE)wsb->buf[12],(BYTE)wsb->buf[13],(BYTE)wsb->buf[14],(BYTE)wsb->buf[15]);
				if(strstr(theConfig->SourceAddress,(char*)&temp) || strstr(theConfig->SourceAddress,&"0.0.0.0")) {
					sprintf(temp,"%d.%d.%d.%d",(BYTE)wsb->buf[16],(BYTE)wsb->buf[17],(BYTE)wsb->buf[18],(BYTE)wsb->buf[19]);
					if(strstr(theConfig->TargetAddress,(char*)&temp) || strstr(theConfig->TargetAddress,&"0.0.0.0")){
						delete theConfig;
						return TRUE;
					}
				}
			}
	} 
	else if(theConfig->Combination==1) {
		
		// source port kontrollieren
		if(theConfig->SourcePort!=0)
			if(theConfig->SourcePort==(BYTE)wsb->buf[20]*256+(BYTE)wsb->buf[21]){
				delete theConfig;
				return TRUE;
			}
			
		// target port kontrollieren
		if(theConfig->TargetPort!=0)
			if(theConfig->TargetPort==(BYTE)wsb->buf[22]*256+(BYTE)wsb->buf[23]){
				delete theConfig;
				return TRUE;
			}

		// source IP addresse kontrollieren
		if(!strstr(theConfig->SourceAddress,"0.0.0.0")) {
			sprintf(temp,"%d.%d.%d.%d",(BYTE)wsb->buf[12],(BYTE)wsb->buf[13],(BYTE)wsb->buf[14],(BYTE)wsb->buf[15]);
			if(strstr(theConfig->SourceAddress,(char*)&temp)){
				delete theConfig;
				return TRUE;
			}
		}

		// target IP addresse kontrollieren
		if(!strstr(theConfig->TargetAddress,"0.0.0.0")) {
			sprintf(temp,"%d.%d.%d.%d",(BYTE)wsb->buf[16],(BYTE)wsb->buf[17],(BYTE)wsb->buf[18],(BYTE)wsb->buf[19]);
			if(strstr(theConfig->TargetAddress,(char*)&temp)){
				delete theConfig;
				return TRUE;
			}
		}
	}
	
	delete theConfig;

	return FALSE;
}

CPacketParser::HTTPCap(char *logfilename, WSABUF *wsb)
{
	FILE *logfile=fopen(logfilename,"a+");

	if( ((BYTE)wsb->buf[22]*256+(BYTE)wsb->buf[23]==80) || 
		((BYTE)wsb->buf[22]*256+(BYTE)wsb->buf[23]==8080) ) {		
		char tmp[4096];
		char location[500];
		int position=4;
		int i=0;

		ZeroMemory(location,500);
		ZeroMemory(tmp,4096);

		memcpy(&tmp,wsb->buf+40,wsb->len-40);

		if(tmp[0]=='G' && tmp[1]=='E' && tmp[2]=='T') {

			WriteTime(logfile);

			fprintf(logfile,"User from %d.%d.%d.%d : http://%d.%d.%d.%d",(BYTE)wsb->buf[12],(BYTE)wsb->buf[13],(BYTE)wsb->buf[14],(BYTE)wsb->buf[15],(BYTE)wsb->buf[16],(BYTE)wsb->buf[17],(BYTE)wsb->buf[18],(BYTE)wsb->buf[19]);

			while(tmp[position]!=0x20) {
				location[i]=tmp[position];
				i++;
				position++;
			}
			fprintf(logfile,"%s\n",&location);			
		}
	}
	fclose(logfile);

	return 0;
}

void CPacketParser::WriteTime(FILE *logfile)
{
	SYSTEMTIME now;
	GetLocalTime(&now);
	fprintf(logfile,"%02d:%02d:%02d - %02d.%02d.%02d\t",now.wHour,now.wMinute,now.wSecond,now.wDay,now.wMonth,now.wYear);
}
上一页 12
💿 文件大小 71 K
👤 上传用户 lvuxinwu
📂 所属分类 Internet/网络编程
🏷️ 相关标签

#网络 #源码 #数据包 #端口
⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -