1: #pragma comment(lib,"wpcap.lib")
2: #pragma comment(lib,"ws2_32.lib")
3: #pragma comment(lib,"wsock32.lib")
4:
5: #include <stdio.h>
6: #define HAVE_REMOTE
7: #include <pcap.h>
8: //#include "remote-ext.h"
9: #include <conio.h>
10: #include <packet32.h>
11: #include <ntddndis.h>
12: #include "ArpCheat.h"
13: #define LINE_LEN 16
14:
15:
16: /* packet handler 函数原型 */
17: void packet_handler(u_char *param, const struct pcap_pkthdr *header, const u_char *pkt_data);
18:
19:
20: int main(int argc,char* argv[])
21: {
22: pcap_if_t *alldevs; //全部网卡列表
23: pcap_if_t *d; //一个网卡
24: int inum; //用户选择的网卡序号
25: int i=0; //循环变量
26: pcap_t *adhandle; //一个pcap实例
27: pcap_t *fp;// 打开存储报文的文件
28: char errbuf[PCAP_ERRBUF_SIZE]; //错误缓冲区
29: unsigned char *mac; //本机MAC地址
30: unsigned char *packet; //ARP包
31: unsigned long fakeIp; //要伪装成的IP地址
32: pcap_addr_t *pAddr; //网卡地址
33: unsigned long ip; //IP地址
34: unsigned long netmask; //子网掩码
35:
36: struct bpf_program fcode;
37:
38: pcap_dumper_t *dumpfile;
39: char source[PCAP_BUF_SIZE];
40:
41: char packet_filter[] = "tcp";
42: // 0a 04 09 d9 ip:10.4.9.217
43: // 0a 04 09 e4 ip:10.4.9.228
44:
45:
46: /*if(argc!=2){
47: printf("Usage: %s inet_addr\n",argv[0]);
48: return -1;
49: } */
50: //strcpy(argv[1],"");
51:
52: //从参数列表获得要伪装的IP地址
53: /*fakeIp = inet_addr(argv[1]);
54:
55: if(INADDR_NONE==fakeIp){
56: fprintf(stderr,"Invalid IP: %s\n",argv[1]);
57: return -1;
58: } */
59:
60: /* 获得本机网卡列表 */
61: if (pcap_findalldevs_ex(PCAP_SRC_IF_STRING, NULL, &alldevs, errbuf) == -1)
62: {
63: fprintf(stderr,"Error in pcap_findalldevs: %s\n", errbuf);
64: exit(1);
65: }
66:
67: /* 打印网卡列表 */
68: for(d=alldevs; d; d=d->next)
69: {
70: printf("%d", ++i);
71: if (d->description)
72: printf(". %s\n", d->description);
73: else
74: printf(". No description available\n");
75: }
76: //如果没有发现网卡
77: if(i==0)
78: {
79: printf("\nNo interfaces found! Make sure WinPcap is installed.\n");
80: return -1;
81: }
82: //请用户选择一个网卡
83: printf("Enter the interface number (1-%d):",i);
84: scanf("%d", &inum);
85:
86: //如果用户选择的网卡序号超出有效范围,则退出
87: if(inum < 1 || inum > i)
88: {
89: printf("\nInterface number out of range.\n");
90: /* Free the device list */
91: pcap_freealldevs(alldevs);
92: return -1;
93: }
94:
95:
96:
97:
98: /* 移动指针到用户选择的网卡 */
99: for(d=alldevs, i=0; i< inum-1 ;d=d->next, i++);
100:
101: // mac = GetSelfMac(d->name+8); //+8以去掉"rpcap://"
102:
103: /*printf("发送ARP欺骗包,本机(%.2X-%.2X-%.2X-%.2X-%.2X-%.2X) 试图伪装成%s\n",
104: mac[0],mac[1],mac[2],mac[3],mac[4],mac[5],argv[1]); */
105:
106:
107:
108: /* 打开网卡 */
109: if ( (adhandle= pcap_open(d->name, // name of the device
110: 65536, // portion of the packet to capture
111: PCAP_OPENFLAG_PROMISCUOUS, // 混杂模式 @add by chai //0, //open flag
112: 1000, // read timeout
113: NULL, // authentication on the remote machine
114: errbuf // error buffer
115: ) ) == NULL)
116: {
117: fprintf(stderr,"\nUnable to open the adapter. %s is not supported by WinPcap\n",
118: d->name);
119: /* Free the device list */
120: pcap_freealldevs(alldevs);
121: return -1;
122: }
123: printf("\nlistening on %s...\n", d->description);
124: //获取子网掩码
125: netmask=((struct sockaddr_in *)(d->addresses->netmask))->sin_addr.S_un.S_addr;
126:
127: /* 打开堆文件 */
128: dumpfile = pcap_dump_open(adhandle, "cd.txt");
129: if(dumpfile==NULL)
130: {
131: fprintf(stderr,"\nError opening output file\n");
132: return -1;
133: }
134: //过滤规则
135: if (pcap_compile(adhandle, &fcode, packet_filter, 1, netmask) <0 )
136: {
137: fprintf(stderr,"\nUnable to compile the packet filter. Check the syntax.\n");
138: /* 释放设备列表 */
139: pcap_freealldevs(alldevs);
140: return -1;
141: }
142: //设置过滤器
143: if (pcap_setfilter(adhandle, &fcode)<0)
144: {
145: fprintf(stderr,"\nError setting the filter.\n");
146: /* 释放设备列表 */
147: pcap_freealldevs(alldevs);
148: return -1;
149: }/////
150: printf("\nlistening on %s... Press Ctrl+C to stop...\n", d->description);
151:
152:
153:
154:
155:
156: /* 释放设备列表 */
157: pcap_freealldevs(alldevs);
158:
159: /* 开始捕获 */
160: //pcap_loop(adhandle, 10, packet_handler, NULL);
161:
162: pcap_loop(adhandle, 2, packet_handler2, (unsigned char *)dumpfile);
163:
164: /* 根据新WinPcap语法创建一个源字符串 */
165: if ( pcap_createsrcstr( source, // 源字符串
166: PCAP_SRC_FILE, // 我们要打开的文件
167: NULL, // 远程主机
168: NULL, // 远程主机端口
169: "cd.txt", // 我们要打开的文件名
170: errbuf // 错误缓冲区
171: ) != 0)
172: {
173: fprintf(stderr,"\nError creating a source string\n");
174: return -1;
175: }
176: /* 打开捕获文件 */
177: if ( (fp= pcap_open(source, // 设备名
178: 65536, // 要捕捉的数据包的部分
179: // 65535保证能捕获到不同数据链路层上的每个数据包的全部内容
180: PCAP_OPENFLAG_PROMISCUOUS, // 混杂模式
181: 1000, // 读取超时时间
182: NULL, // 远程机器验证
183: errbuf // 错误缓冲池
184: ) ) == NULL)
185: {
186: fprintf(stderr,"\nUnable to open the file %s.\n", source);
187: return -1;
188: }
189:
190: // 读取并解析数据包,直到EOF为真
191: pcap_loop(fp, 0, dispatcher_handler, NULL);
192:
193:
194:
195: //for(pAddr=d->addresses; pAddr; pAddr=pAddr->next)
196: //{
197: // //得到用户选择的网卡的一个IP地址
198: // ip = ((struct sockaddr_in *)pAddr->addr)->sin_addr.s_addr;
199: // //得到该IP地址对应的子网掩码
200: // netmask = ((struct sockaddr_in *)(pAddr->netmask))->sin_addr.S_un.S_addr;
201: // if (!ip || !netmask){
202: // continue;
203: // }
204: // //看看这个IP和要伪装的IP是否在同一个子网
205: // if((ip&netmask)!=(fakeIp&netmask)){
206: // continue; //如果不在一个子网,继续遍历地址列表
207: // }
208:
209: // unsigned long netsize = ntohl(~netmask); //网络中主机数
210: // unsigned long net = ip & netmask; //子网地址
211:
212: // for(unsigned long n=1; n<netsize; n++){
213: // //第i台主机的IP地址,网络字节顺序
214: // unsigned long destIp = net | htonl(n);
215: // //构建假的ARP请求包,达到本机伪装成给定的IP地址的目的
216: // while(1)
217: // {
218: // packet = BuildArpPacket(mac,fakeIp,destIp);
219: // if(pcap_sendpacket(adhandle, packet, 60)==-1){
220: // fprintf(stderr,"pcap_sendpacket error.\n");
221: // }
222: // }
223: // }
224:
225: //}
226:
227: return 0;
228: }
229: void dispatcher_handler(u_char *temp1, const struct pcap_pkthdr *header, const u_char *pkt_data)
230: {
231: u_int i=0;
232:
233: /* 打印pkt时间戳和pkt长度 */
234: printf("%ld:%ld (%ld)\n", header->ts.tv_sec, header->ts.tv_usec, header->len);
235:
236: /* 打印数据包 */
237: for (i=1; (i < header->caplen + 1 ) ; i++)
238: {
239: printf("%.2x ", pkt_data[i-1]);
240: if ( (i % LINE_LEN) == 0) printf("\n");
241: }
242:
243: printf("\n\n");
244:
245: }
246:
247: /* 回调函数,用来处理数据包 */
248: void packet_handler2(u_char *dumpfile, const struct pcap_pkthdr *header, const u_char *pkt_data)
249: {
250: /* 保存数据包到堆文件 */
251: pcap_dump(dumpfile, header, pkt_data);
252: }
253:
254:
255: /* 每次捕获到数据包时,libpcap都会自动调用这个回调函数 */
256: void packet_handler(u_char *param, const struct pcap_pkthdr *header, const u_char *pkt_data)
257: {
258: struct tm *ltime;
259: char timestr[16];
260: time_t local_tv_sec;
261:
262: /* 将时间戳转换成可识别的格式 */
263: local_tv_sec = header->ts.tv_sec;
264: ltime=localtime(&local_tv_sec);
265: strftime( timestr, sizeof timestr, "%H:%M:%S", ltime);
266:
267: printf("%s,%.6d len:%d\n", timestr, header->ts.tv_usec, header->len);
268:
269: }
270:
271: /**
272: * 获得网卡的MAC地址
273: * pDevName 网卡的设备名称
274: */
275: //unsigned char* GetSelfMac(char* pDevName)
276: //{
277: //
278: // static u_char mac[6];
279: //
280: // memset(mac,0,sizeof(mac));
281: //
282: // LPADAPTER lpAdapter = PacketOpenAdapter(pDevName);
283: //
284: // if (!lpAdapter || (lpAdapter->hFile == INVALID_HANDLE_VALUE))
285: // {
286: // return NULL;
287: // }
288: //
289: // PPACKET_OID_DATA OidData = (PPACKET_OID_DATA)malloc(6 + sizeof(PACKET_OID_DATA));
290: // if (OidData == NULL)
291: // {
292: // PacketCloseAdapter(lpAdapter);
293: // return NULL;
294: // }
295: // //
296: // // Retrieve the adapter MAC querying the NIC driver
297: // //
298: // OidData->Oid = OID_802_3_CURRENT_ADDRESS;
299: //
300: // OidData->Length = 6;
301: // memset(OidData->Data, 0, 6);
302: // BOOLEAN Status = PacketRequest(lpAdapter, FALSE, OidData);
303: // if(Status)
304: // {
305: // memcpy(mac,(u_char*)(OidData->Data),6);
306: // }
307: // free(OidData);
308: // PacketCloseAdapter(lpAdapter);
309: // return mac;
310: //
311: //}
312:
313: /**
314: * 封装ARP请求包
315: * source_mac 源MAC地址
316: * srcIP 源IP
317: * destIP 目的IP
318: */
319: //unsigned char* BuildArpPacket(unsigned char* source_mac, unsigned long srcIP,unsigned long destIP)
320: //{
321: // static struct arp_packet packet;
322: // //目的MAC地址为广播地址,FF-FF-FF-FF-FF-FF
323: // memset(packet.eth.dest_mac,0xFF,6);
324: // //源MAC地址
325: // memcpy(packet.eth.source_mac,source_mac,6);
326: // //上层协议为ARP协议,0x0806
327: // packet.eth.eh_type = htons(0x0806);
328: // //硬件类型,Ethernet是0x0001
329: // packet.arp.hardware_type = htons(0x0001);
330: // //上层协议类型,IP为0x0800
331: // packet.arp.protocol_type = htons(0x0800);
332: // //硬件地址长度:MAC地址长度为0x06
333: // packet.arp.add_len = 0x06;
334: // //协议地址长度:IP地址长度为0x04
335: // packet.arp.pro_len = 0x04;
336: // //操作:ARP请求为1
337: // packet.arp.option = htons(0x0001);
338: // //源MAC地址
339: // memcpy(packet.arp.sour_addr,source_mac,6);
340: // //源IP地址
341: // packet.arp.sour_ip = srcIP;
342: // //目的MAC地址,填充0
343: // memset(packet.arp.dest_addr,0,6);
344: // //目的IP地址
345: // packet.arp.dest_ip = destIP;
346: // //填充数据,18B
347: // memset(packet.arp.padding,0,18);
348: // return (unsigned char*)&packet;
349: //}