📄 packetforge-ng.c
字号:
FILE *f; struct pcap_file_header pfh; struct pcap_pkthdr pkh; struct timeval tv; int n; if( opt.cap_out == NULL ) { printf("Please specify an output file (-w).\n"); return 1; } if( ( f = fopen( opt.cap_out, "wb+" ) ) == NULL ) { fprintf( stderr, "failed: fopen(%s,wb+)\n", opt.cap_out ); return( 1 ); } pfh.magic = TCPDUMP_MAGIC; pfh.version_major = PCAP_VERSION_MAJOR; pfh.version_minor = PCAP_VERSION_MINOR; pfh.thiszone = 0; pfh.sigfigs = 0; pfh.snaplen = 65535; pfh.linktype = LINKTYPE_IEEE802_11; n = sizeof( struct pcap_file_header ); if( fwrite( &pfh, 1, n, f ) != (size_t) n ) { fprintf( stderr, "failed: fwrite(pcap file header)\n" ); return( 1 ); } gettimeofday( &tv, NULL ); pkh.tv_sec = tv.tv_sec; pkh.tv_usec = tv.tv_usec; pkh.len = length; pkh.caplen = length; n = sizeof( pkh ); if( fwrite( &pkh, 1, n, f ) != (size_t) n ) { fprintf( stderr, "fwrite(packet header) failed\n" ); return( 1 ); } n = length; if( fwrite( packet, 1, n, f ) != (size_t) n ) { fprintf( stderr, "fwrite(packet data) failed\n"); return( 1 ); } return 0;}int read_prga(unsigned char **dest, char *file){ FILE *f; int size; if(file == NULL) return( 1 ); if(*dest == NULL) *dest = (unsigned char*) malloc(1501); f = fopen(file, "r"); if(f == NULL) { printf("Error opening %s\n", file); return( 1 ); } fseek(f, 0, SEEK_END); size = ftell(f); rewind(f); if(size > 1500) size = 1500; if( fread( (*dest), size, 1, f ) != 1 ) { fprintf( stderr, "fread failed\n" ); return( 1 ); } opt.prgalen = size; fclose(f); return( 0 );}int forge_arp(){ /* use arp request */ opt.pktlen = 60; memcpy( h80211, ARP_REQ, opt.pktlen ); memcpy( opt.dmac, "\xFF\xFF\xFF\xFF\xFF\xFF", 6 ); if( set_tofromds(h80211) != 0 ) return 1; if( set_bssid(h80211) != 0 ) return 1; if( set_smac(h80211) != 0 ) return 1; if( set_dmac(h80211) != 0 ) return 1; memcpy( h80211 + 40, opt.smac, 6 ); if( set_dip(h80211, 56) != 0 ) return 1; if( set_sip(h80211, 46) != 0 ) return 1; return 0;}int forge_udp(){ unsigned short chksum; opt.pktlen = 61; memcpy(h80211, UDP_PACKET, opt.pktlen); if( set_tofromds(h80211) != 0 ) return 1; if( set_bssid(h80211) != 0 ) return 1; if( set_smac(h80211) != 0 ) return 1; if( set_dmac(h80211) != 0 ) return 1; if( set_dip(h80211, 48) != 0 ) return 1; if( set_sip(h80211, 44) != 0 ) return 1; /* set udp length */ h80211[57] = '\x09'; /* generate + set ip checksum */ chksum = ip_chksum((unsigned short*)(h80211+32), 20); memcpy(h80211+42, &chksum, 2); return 0;}int forge_icmp(){ unsigned short chksum; opt.pktlen = 60; memcpy(h80211, ICMP_PACKET, opt.pktlen); if(memcmp(opt.dmac, NULL_MAC, 6) == 0) { memcpy( opt.dmac, "\xFF\xFF\xFF\xFF\xFF\xFF", 6 ); } if( set_tofromds(h80211) != 0 ) return 1; if( set_bssid(h80211) != 0 ) return 1; if( set_smac(h80211) != 0 ) return 1; if( set_dmac(h80211) != 0 ) return 1; if( set_dip(h80211, 48) != 0 ) return 1; if( set_sip(h80211, 44) != 0 ) return 1; /* generate + set ip checksum */ chksum = ip_chksum((unsigned short*)(h80211+32), 20); memcpy(h80211+42, &chksum, 2); return 0;}int forge_custom(){ if(read_raw_packet(h80211, opt.raw_file, opt.pktlen) != 0) return 1; if( set_tofromds(h80211) != 0 ) return 1; if(memcmp(opt.bssid, NULL_MAC, 6) != 0) { if( set_bssid(h80211) != 0 ) return 1; } if(memcmp(opt.dmac, NULL_MAC, 6) != 0) { if( set_dmac(h80211) != 0 ) return 1; } if(memcmp(opt.smac, NULL_MAC, 6) != 0) { if( set_smac(h80211) != 0 ) return 1; } return 0;}void print_usage(void){ printf(usage, getVersion("Packetforge-ng", _MAJ, _MIN, _SUB_MIN, _BETA) );}int main(int argc, char* argv[]){ int arg; int option_index; memset( &opt, 0, sizeof( opt ) ); /* initialise global options */ memset(opt.bssid, '\x00', 6); memset(opt.dmac, '\x00', 6); memset(opt.smac, '\x00', 6); memset(opt.dip, '\x00', 4); memset(opt.sip, '\x00', 4); memset(opt.fctrl, '\x00', 2); opt.prga = NULL; opt.cap_out = NULL; opt.raw_file = NULL; opt.mode = -1; opt.pktlen = -1; opt.prgalen = -1; opt.sport = -1; opt.dport = -1; opt.tods = 1; opt.fromds = 0; opt.encrypt = 1; while( 1 ) { option_index = 0; static struct option long_options[] = { {"arp", 0, 0, '0'}, {"udp", 0, 0, '1'}, {"icmp", 0, 0, '2'}, {"custom", 1, 0, '9'}, {0, 0, 0, 0 } }; int option = getopt_long( argc, argv, "p:a:c:h:jok:l:j:r:y:0129:w:e", long_options, &option_index ); if( option < 0 ) break; switch( option ) { case 0 : break; case 'p' : sscanf( optarg, "%x", &arg ); if( arg < 0 || arg > 65355 ) { printf( "Invalid frame control word.\n" ); return( 1 ); } opt.fctrl[0]=((arg>>8)&0xFF); opt.fctrl[1]=(arg&0xFF); break; case 'a' : if( getmac( optarg, 1, opt.bssid ) != 0 ) { printf( "Invalid AP MAC address.\n" ); return( 1 ); } break; case 'c' : if( getmac( optarg, 1, opt.dmac ) != 0 ) { printf( "Invalid destination MAC address.\n" ); return( 1 ); } break; case 'h' : if( getmac( optarg, 1, opt.smac ) != 0 ) { printf( "Invalid source MAC address.\n" ); return( 1 ); } break; case 'j' : opt.fromds = 1; break; case 'o' : opt.tods = 0; break; case 'e' : opt.encrypt = 0; break; case 'r' : if( opt.raw_file != NULL ) { printf( "Packet source already specified.\n" ); return( 1 ); } opt.raw_file = optarg; break; case 'y' : if( opt.prga != NULL ) { printf( "PRGA file already specified.\n" ); return( 1 ); } if( read_prga(&(opt.prga), optarg) != 0 ) { return( 1 ); } break; case 'w' : if( opt.cap_out != NULL ) { printf( "Output file already specified.\n" ); return( 1 ); } opt.cap_out = optarg; break; case 'k' : if( getip(optarg, opt.dip, &(opt.dport)) != 0 ) { printf( "Invalid destination IP address.\n" ); return 1; } break; case 'l' : if( getip(optarg, opt.sip, &(opt.sport)) != 0 ) { printf( "Invalid source IP address.\n" ); return 1; } break; case '0' : if( opt.mode != -1 ) { printf( "Mode already specified.\n" ); return( 1 ); } opt.mode = 0; break; case '1' : if( opt.mode != -1 ) { printf( "Mode already specified.\n" ); return( 1 ); } opt.mode = 1; break; case '2' : if( opt.mode != -1 ) { printf( "Mode already specified.\n" ); return( 1 ); } opt.mode = 2; break; case '9' : if( opt.mode != -1 ) { printf( "Mode already specified.\n" ); return( 1 ); } opt.pktlen = atoi(optarg); if(opt.pktlen < 24 || opt.pktlen > 2048) { printf( "Invalid packet length.\n" ); return 1; } opt.mode = 9; break; default : if(opt.mode != -1)break; print_usage(); return 1; } } switch (opt.mode) { case 0: if( forge_arp() != 0 ) { printf("Error building an ARP packet.\n"); return 1; } break; case 1: if( forge_udp() != 0 ) { printf("Error building an UDP packet.\n"); return 1; } break; case 2: if( forge_icmp() != 0 ) { printf("Error building an ICMP packet.\n"); return 1; } break; case 9: if( forge_custom() != 0 ) { printf("Error building a custom packet.\n"); return 1; } default: print_usage(); printf("Please specify a mode.\n"); return 1; } if(opt.encrypt) { if( create_wep_packet(h80211, &(opt.pktlen)) != 0 ) return 1; } else { /* set WEP bit = 0 */ h80211[1] = h80211[1] & 0xBF; } if( write_cap_packet(h80211, opt.pktlen) != 0 ) { printf("Error writing pcap file %s.\n", opt.cap_out); return 1; } return 0;}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -