📄 在tcp三次握手后插入伪造的tcp包.html
字号:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html><head><title>在TCP三次握手后插入伪造的TCP包 </title><meta http-equiv="Content-Type" content="text/html; charset=gb2312"><meta name="Keywords" content="安全焦点, xfocus, 陷阱网络, honeynet, honeypot, 调查取证, forensic, 入侵检测, intrusion detection, 无线安全, wireless security, 安全论坛, security forums, 安全工具, security tools, 攻击程序, exploits, 安全公告, security advisories, 安全漏洞, security vulnerabilities, 安全教程, security tutorials, 安全培训, security training, 安全帮助, security help, 安全标准, security standards, 安全代码, security code, 安全资源, security resources, 安全编程, security programming, 加密, cryptography," /><link rel="stylesheet" href="../../css/plone.css" type="text/css"></head><body bgcolor="#FFFFFF" text="#000000"><div class="top"> <div class="searchBox"> <form name="searchform" action="http://www.google.com/search" method="get"> <input type="hidden" name="domains" value="www.xfocus.net"> <input type="hidden" name="sitesearch" value="www.xfocus.net"> <input type="text" name="q" size="20"> <input type="submit" name="btnG" value="Google Search"> </form> </div> <img src="../../images/logo.gif" border="0" width="180" height="80" alt="xfocus logo"> <img src="../../images/title.gif" border="0" width="230" height="20" alt="xfocus title"></div><div class="tabs"> <a href="../../index.html" class="plain">首页</a> <a href="../../releases/index.html" class="plain">焦点原创</a> <a href="../../articles/index.html" class="selected">安全文摘</a> <a href="../../tools/index.html" class="plain">安全工具</a> <a href="../../vuls/index.html" class="plain">安全漏洞</a> <a href="../../projects/index.html" class="plain">焦点项目</a> <a href="https://www.xfocus.net/bbs/index.php?lang=cn" class="plain">焦点论坛</a> <a href="../../about/index.html" class="plain">关于我们</a></div><div class="personalBar"> <a href='https://www.xfocus.net/php/add_article.php'>添加文章</a> <a href='http://www.xfocus.org/'>English Version</a></div><table class="columns">
<tr>
<td class="left">
<div class="box">
<h5> 文章分类 </h5>
<div class="body">
<div class="content odd">
<div style="white-space: nowrap;">
<img src='../../images/folder_icon.gif' border='0'> <a href='../../articles/4.html'>专题文章</a><br><img src='../../images/folder_icon.gif' border='0'> <a href='../../articles/2.html'><b>漏洞分析 <<</b></a><br><img src='../../images/folder_icon.gif' border='0'> <a href='../../articles/3.html'>安全配置</a><br><img src='../../images/folder_icon.gif' border='0'> <a href='../../articles/1.html'>黑客教学</a><br><img src='../../images/folder_icon.gif' border='0'> <a href='../../articles/5.html'>编程技术</a><br><img src='../../images/folder_icon.gif' border='0'> <a href='../../articles/7.html'>工具介绍</a><br><img src='../../images/folder_icon.gif' border='0'> <a href='../../articles/6.html'>火墙技术</a><br><img src='../../images/folder_icon.gif' border='0'> <a href='../../articles/8.html'>入侵检测</a><br><img src='../../images/folder_icon.gif' border='0'> <a href='../../articles/9.html'>破解专题</a><br><img src='../../images/folder_icon.gif' border='0'> <a href='../../articles/11.html'>焦点公告</a><br><img src='../../images/folder_icon.gif' border='0'> <a href='../../articles/12.html'>焦点峰会</a><br>
</div>
</div>
</div>
</div>
<div class="box">
<h5> 文章推荐 </h5>
<div class="body">
<div class="content odd">
<img src='../../images/document_icon.gif' border='0'> <a href='../../articles/200408/733.html'>补丁管理最佳安全实践之资产评估</a><br><img src='../../images/document_icon.gif' border='0'> <a href='../../articles/200404/689.html'>国内网络安全风险评估市场与技术操作</a><br><img src='../../images/document_icon.gif' border='0'> <a href='../../articles/200410/743.html'>协作的信息系统风险评估</a><br>
</div>
</div>
</div>
</td>
<td class="main">
<h1>在TCP三次握手后插入伪造的TCP包</h1><br>创建时间:2005-05-03<br>文章属性:转载<br>文章提交:<a href='https://www.xfocus.net/bbs/index.php?lang=cn&act=Profile&do=03&MID=19646'>l0pht</a> (vbs_at_21cn.com)<br><br>在TCP三次握手后插入伪造的TCP包 <br />
一、说明<br />
<br />
用Socket的API Connect完成TCP建立连接的三次握手,同时子进程抓包,抓完三次握手的包后,插入第四个包即可,从对端返回的第五个包来看插入成功了,但因为插入了一个TCP包,之后的连接将发生混乱。可以将插入的那个包Data设置为HTTP Request,向WEB服务器提交请求。又如果目标系统的TCP序列号是可预计算的,那么是否可以做带伪源地址的Blind TCP three-time handshakes和插入,值得试验!<br />
<br />
二、脚本<br />
<br />
1、用到几个模块Net::RawIP Net::Pcap Net::PcapUtils NetPacket;<br />
2、pretty_table()函数是我原来做的,用来在命令行下打印表格(Table);<br />
3、测试环境-Linux、ADSL拨号,抓包的接口是ppp0,帧的结构和Eth帧结构不同,不能使用NetPacket::Ethernet模块中的strip函数处理帧首部,根据ethereal抓包的结构,我使用unpack函数取得了帧中的IP包;<br />
<br />
三、源代码<br />
<br />
#!/usr/bin/perl<br />
#By i_am_jojo@msn.com, 2005/04<br />
use strict;<br />
use warnings;<br />
<br />
use Net::RawIP;<br />
use Net::PcapUtils;<br />
use NetPacket::Ethernet;<br />
use NetPacket::IP;<br />
use NetPacket::TCP;<br />
<br />
use Socket;<br />
use Getopt::Std;<br />
use POSIX qw(strftime);<br />
<br />
my %opts;<br />
getopts('ht:p:u:n:', \%opts);<br />
<br />
print_help() and exit if(defined($opts{'h'}));<br />
print_help() and exit if(not defined($opts{'t'}) or not defined($opts{'p'}));<br />
<br />
die "\tInvalid Target Ipaddress!\n"<br />
if(defined($opts{'t'}) and $opts{'t'} !~ m/^\d+.\d+.\d+.\d+$/);<br />
<br />
die "\tInvalid Service Port!\n"<br />
if(defined($opts{'p'}) and $opts{'p'} !~ m/^\d+$/);<br />
<br />
my $request;<br />
if(defined($opts{'u'})) {<br />
$request = "GET $opts{'u'} HTTP/1.1\r\n";<br />
$request.= "Accept: text/html; text/plain\r\n";<br />
$request.= "\r\n";<br />
} else {<br />
$request = "GET / HTTP/1.1\r\n";<br />
$request.= "Accept: text/html; text/plain\r\n";<br />
$request.= "\r\n";<br />
}<br />
<br />
my $child = fork();<br />
<br />
if($child == 0) {<br />
#child process<br />
my ($next_packet, %next_header);<br />
my ($frame_hdr, $ip_packet);<br />
my ($ip_obj, $tcp_obj);<br />
my $counter = 0;<br />
<br />
my $pkt_descriptor = Net::PcapUtils::open(<br />
FILTER => 'ip',<br />
PROMISC => 0,<br />
DEV => 'ppp0',<br />
#DEV => 'eth0'<br />
);<br />
<br />
die "Net::PcapUtils::open returned: $pkt_descriptor\n" if (!ref($pkt_descriptor));<br />
print strftime '%Y/%m/%d %H:%M:%S, ', localtime and print "begin sniffing ...\n";<br />
<br />
while(($next_packet, %next_header) = Net::PcapUtils::next($pkt_descriptor)) { <br />
($frame_hdr, $ip_packet) = unpack 'H32a*', $next_packet;<br />
$ip_obj = NetPacket::IP->decode($ip_packet);<br />
#$ip_obj = NetPacket::IP->decode(NetPacket::Ethernet::eth_strip($next_packet));<br />
<br />
next if ($ip_obj->{'proto'} != 6);<br />
next if (($ip_obj->{'src_ip'} ne $opts{'t'})<br />
and ($ip_obj->{'dest_ip'} ne $opts{'t'}));<br />
<br />
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -