sniffer.h

用Ｃ语言编写的可以截获邮件的相关代码

#ifndef SNIFFER_H
#define SNIFFER_H

#define	ARP_DETECT			1         //ARP扫描
#define	ARP_SPOOF			2         //ARP欺骗
#define	ARP_RESET			3         //ARP重置
#define ARP_SNIFFER         4         //ARP嗅探
#define SYN_SCAN            5         //SYN扫描

#define FRAME_TYPE_ARP		0x0806
#define FRAME_TYPE_IP		0x0800
#define HARD_TYPE_ETHERNET	0x0001
#define OP_ARP_REPLY		0x0002
#define OP_ARP_REQUEST		0x0001
#define ARP_TIMEOUT			12000
#define ARP_SEND_INTERVAL	2000
#define MAX_IP_NUMBER       255

#define NTLMSSP_NEGOTIATE 0X00000001
#define NTLMSSP_CHALLENGS 0X00000002
#define NTLMSSP_AUTH	  0X00000003

#define SMB_PW_COMMAND  0x73

//for kerberos
#define MY_TYPE   X509_ASN_ENCODING
#include "winsock2.h"
#include "winsvc.h"
#include <conio.h>
#include <NtDDNdis.h>
#include <ctype.h>
//#include <atlenc.h>
#include <Windows.h>

#pragma pack(push,1)

typedef struct _ETHERNET_HDR
{
	BYTE	DstMac[6];
	BYTE	SrcMac[6];
	WORD	FrameType;
}ETHERNET_HDR,*PETHERNET_HDR;

typedef struct _ARP_PACKET
{
	ETHERNET_HDR	hdr;
	WORD			HardType;
	WORD			ProtType;
	BYTE			HardSize;
	BYTE			ProtSize;
	WORD			op;
	BYTE			SenderMac[6];
	DWORD			SenderIP;
	BYTE			TargetMac[6];
	DWORD			TargetIP;
}ARP_PACKET,*PARP_PACKET;

typedef struct _IP_PACKET
{
	ETHERNET_HDR	hdr;
	BYTE			VerLen;
	BYTE			TOS;
	WORD			TotalLen;
	WORD			Ident;
	WORD			FlagFrag;
	BYTE			TTL;
	BYTE			Prot;
	WORD			Checksum;
	DWORD			SrcIP;
	DWORD			DstIP;
}IP_PACKET,*PIP_PACKET;

typedef struct tcp_hdr  //TCP头结构
{
	USHORT th_sport;
	USHORT th_dport;
	unsigned int th_seq;
	unsigned int th_ack;
	unsigned char th_lenres;
	unsigned char th_flag;
	USHORT th_win;
	USHORT th_sum;
	USHORT th_urp;
}TCP_PACKET,*PTCP_PACKET;

typedef struct _IP_BLOCK
{
	DWORD	IPStart;
	DWORD	IPEnd;
	int		task;
}IP_BLOCK,*PIP_BLOCK;

typedef struct _GET_MAC
{
	DWORD	IP;
	PBYTE	MAC;
}GET_MAC,*PGET_MAC;

typedef struct username_length {
	u_char byte1;
	u_char byte2;
}username_length;

typedef struct username_offset {
	u_char byte1;
	u_char byte2;
}username_offset;

typedef struct password_length {
	u_char byte1;
	u_char byte2;
}password_length;

typedef struct password_offset {
	u_char byte1;
	u_char byte2;
}password_offset;

typedef struct sqlErrNum {
	u_char byte1;
	u_char byte2;
	u_char byte3;
	u_char byte4;
}sqlErrNum;
typedef struct netbios_header
{ 
	unsigned char type; 
	unsigned char flags; 
	unsigned short length; 
} netbios_header; 


typedef struct smb_header
{ 
	unsigned char protocol[4]; 
	unsigned char command; 
	unsigned short status; 
	unsigned char reserved; 
	unsigned char flags; 
	unsigned short flags2; 
	unsigned char pad[12]; 
	unsigned short tid; 
	unsigned short pid; 
	unsigned short uid; 
	unsigned short mid; 
} smb_header; 

typedef struct SecurityBlobNegotiate
{
	struct 
	{
		char	identifier[8];
		ULONG 	NTLMType; 
	}NTLMSSP;
	ULONG Flags;
	struct
	{
		USHORT Length;
		USHORT MaxLength;
		ULONG  Offset;  // for SecurityBlob
	}CaseInsensitiveOne;
	struct
	{
		USHORT Length;
		USHORT MaxLength;
		USHORT  Offset;	 // for SecurityBlob
	}CaseInsensitiveTwo;
	char NativeOS[50];
	char NativeLanManager[50];
	USHORT PrimaryDomain;	
}SecurityBlobNegotiate;

typedef struct SecurityBlobAuth
{
	struct 
	{
		UCHAR	identifier[8];
		ULONG 	NTLMType; 
	}NTLMSSP;
	struct
	{
		USHORT Length;
		USHORT MaxLength;
		ULONG  Offset;  // for SecurityBlob
	}LanManagerResponse;
	struct
	{
		USHORT Length;
		USHORT MaxLength;
		ULONG  Offset;	 // for SecurityBlob
	}NTLMResponse;
	struct
	{
		USHORT Length;
		USHORT MaxLength;
		ULONG  Offset;	 // for SecurityBlob
	}DomainName;
	struct
	{
		USHORT Length;
		USHORT MaxLength;
		ULONG  Offset;	 // for SecurityBlob
	}UserName;
	struct
	{
		USHORT Length;
		USHORT MaxLength;
		ULONG  Offset;	 // for SecurityBlob
	}HostName;
	struct
	{
		USHORT Length;
		USHORT MaxLength;
		ULONG  Offset;	 // for SecurityBlob
	}SessionKey;
	ULONG Flags;

	char NativeOS[50];
	u_short NativeLanManager;
	char PrimaryDomain[50];	
}SecurityBlobAuth;

typedef struct SecurityBlobChallengs
{
	struct 
	{
		UCHAR	identifier[8];
		ULONG 	NTLMType; 
	}NTLMSSP;
	struct
	{
		USHORT Length;
		USHORT MaxLength;
		ULONG  Offset;  // for SecurityBlob
	}Domain;
	ULONG 	Flags;
	UCHAR 	challenge[8];
	UCHAR	Reserved[8];
	struct
	{
		USHORT Length;
		USHORT MaxLength;
		ULONG  Offset;  // for SecurityBlob
	}AddressList;
	UCHAR	NativeOS[50];
	UCHAR	NativeLanManager[50];
}SecurityBlobChallengs;

/* UDP header*/
typedef struct udp_header
{
	u_short sport;			// Source port
	u_short dport;			// Destination port
	u_short len;			// Datagram length
	u_short crc;			// Checksum
}udp_header;

typedef struct _ORACONNECT
{
	unsigned short Version;
	unsigned short VersionC;
	unsigned short SerOpt;
	unsigned short SessUSize;
	unsigned short MaxTrans;
	unsigned short NTprot;
	unsigned short LineTv;
	unsigned short Vof1H;
	unsigned short LenofCon;
	unsigned short OffsetCon;
	DWORD          MaxRevData;
	unsigned char  Flag1;
	unsigned char  Flag2;
	DWORD          TCFI1;
	DWORD          TCFI2;
	unsigned char  UID[8];
	char * ConnectData;
}ORACONNECT,*PORACONNECT;

typedef struct _ORAREDIRECT
{
	unsigned short Len;
	char *RedirectData;
}ORAREDIRECT,*PORAREDIRECT;

typedef struct _ORACLE_HEADER_REQUEST
{
	unsigned short Length;
	unsigned short pCheckSum;
	unsigned char  Type;
	unsigned char  Reverse;
	unsigned short hCheckSum;
	ORACONNECT     oracon;
}ORACLE_HEADER_REQUEST,*PORACLE_HEADER_REQUEST;

typedef struct _ORACLE_HEADER_REDIRECT
{
	unsigned short Length;
	unsigned short pCheckSum;
	unsigned char  Type;
	unsigned char  Reverse;
	unsigned short hCheckSum;
	ORAREDIRECT    orared;
}ORACLE_HEADER_REDIRECT,*PORACLE_HEADER_REDIRECT;

#pragma pack(push)


/*

BOOL		GetProcedures();
void		Usage();
BOOL		InitPcapDriver();
BOOL		PacketStartDriver();
int			ParseAdapterList( PSTR AdapterList, PSTR *AdapterName[], PSTR *AdapterDesc[]);
BOOL		FreeAdapterList( PSTR *AdapterName[], PSTR *AdapterDesc[]);
BOOL		GetAdapterMac(LPADAPTER lpAdapter, BYTE AdapterMac[]);
BOOL		GetMacFromIP(DWORD IP, DWORD senderIP, PBYTE MAC);
BOOL		SendArpReply(IP_BLOCK ipb);
BOOL		GetAdapterIP( PSTR AdapterName, DWORD *IP);
void		PrintPackets(LPPACKET lpPacket);
BOOL		SendArpRequest( DWORD IP, DWORD senderIP, int task);
DWORD WINAPI ReceiveArpReply(LPVOID lpParam);
DWORD WINAPI Receive(LPVOID lpParam);
DWORD WINAPI Spoof(LPVOID lpParam);
int Capture(LPPACKET lpPacket);
DWORD WINAPI Sniffer();
DWORD WINAPI Send(LPVOID lpParam);
BOOL		FilterPackets(LPPACKET lpPacket, GET_MAC *pgm);
void		PrintPacket(LPPACKET lpPacket, IP_BLOCK *pipb);
void		DisplayPacket(LPPACKET lpPacket, IP_BLOCK *pipb);
int			as_req(UCHAR* Begin);
int			as_rep(UCHAR*Begin);
int			tgs_req(UCHAR*Begin);
int			tgs_rep(UCHAR*Begin);
*/
#endif