首页 实地培训 VIP专区 文章中心 下载中心 精品动画 安全服务 安全产品 企业文化
技术论坛
 -->开创网络首先基于以学员为中心的人性化教学方式。以案例式教学、互动式教学为主线。
 
  当前位置: 首页 > 文章中心 > 工具使用 >
 
 
使用winpcap定制TCP包发送
发布者ID:3 作者: 发布时间:2008-05-11 08:36:32 来源: 点击:
 

前些时候做DOS方面的测试,由于协议学得不够好,有些回应不记得,所以就首先想到用hping来定制一些包,看看远程主机的回应。结果下载 的hping死活都不发包,换了多个不同版本的winpcap都不行。一怒之下,决定自己写个简单的。首先想到的是perl来做,最后觉得一样要安装 winpcap还有很多别的模块,不如直接c来实现一下,来得更痛快。

需要说明一下的是,在以太网头那里我故意偷懒了,没有获取本机的MAC地址而是写了个错误的。所以给内网用户发包的话,能发出去,只是你收不到回应了,发给外网就没这个问题,这是因为同交换机下面靠MAC地址来定位的。

最后一点,这里所有的包,目的MAC地址都是写的MAC,通过网关把数据转发出去的。虽然同交换机下面可以直接通过MAC定位,但是我懒得判断,直接发送给网关再转发会比较简单。

/* Code By yunshu, 2008-05-08, Make tcp packet to send to remote server
* I don’t know which version of winpcap needed by hping, so I wrote this code.
* Under winpcap 4.0.2, Dev-CPP 4.9.9.2, windows xp professional sp2
*/

#include <stdio.h>
#include <string.h>
#include <winsock2.h>
#include <iphlpapi.h>
#include <unistd.h>
#include <pcap.h>
#include <remote-ext.h>

#define IP_PROTO    0×0800

char    LocalIP[20] = { 0 };
char    InterfaceName[256] = { 0 };
char    GatewayIP[20] = { 0 };
BYTE    GatewayMac[6];

typedef struct et_header
{
    unsigned char   eh_dst[6];
    unsigned char   eh_src[6];
    unsigned short  eh_type;
}ET_HEADER;

typedef struct ip_hdr
{
    unsigned char       h_verlen;
    unsigned char       tos;
    unsigned short      total_len;
    unsigned short      ident;
    unsigned short      frag_and_flags;
    unsigned char       ttl;
    unsigned char       proto;
    unsigned short      checksum;
    unsigned int        sourceIP;
    unsigned int        destIP;
}IP_HEADER;

typedef struct tcp_hdr
{
    unsigned short    th_sport;
    unsigned short    th_dport;
    unsigned int    th_seq;
    unsigned int    th_ack;
    unsigned char    th_lenres;
    unsigned char    th_flag;
    unsigned short    th_win;
    unsigned short    th_sum;
    unsigned short    th_urp;
}TCP_HEADER;

typedef struct tsd_hdr
{
    unsigned long    saddr;
    unsigned long    daddr;
    char            mbz;
    char            ptcl;
    unsigned short    tcpl;
}PSD_HEADER;

unsigned short CheckSum(unsigned short * buffer, int size)
{
    unsigned long   cksum = 0;

    while (size > 1)
    {
        cksum += *buffer++;
        size -= sizeof(unsigned short);
    }
    if (size)
    {
        cksum += *(unsigned char *) buffer;
    }
    cksum = (cksum >> 16) + (cksum & 0xffff);
    cksum += (cksum >> 16);

    return (unsigned short) (~cksum);
}

/*
void GetLocalIP( )
{
    WORD        wVersionRequested;
    WSADATA        wsaData;
    char        name[255];
    PHOSTENT    hostinfo;  

    wVersionRequested = MAKEWORD( 2, 0 );

    if( WSAStartup( wVersionRequested, &wsaData ) == 0 )
    {
        if( gethostname( name, sizeof(name) ) == 0 )
        {
            if( (hostinfo = gethostbyname(name) ) != NULL )
            {
                strcpy( LocalIP, inet_ntoa( *(struct in_addr*)*hostinfo->h_addr_list ) );
            }
        }
    }

    WSACleanup(   );
}
*/

int GetDevices( )
{
    pcap_if_t    *alldevs;
    pcap_if_t    *d;

    int i = 0;
    char errbuf[PCAP_ERRBUF_SIZE];

    /* 获取本地机器设备列表 */
    if (pcap_findalldevs_ex(PCAP_SRC_IF_STRING, NULL /* auth is not needed */, &alldevs, errbuf) == -1)
    {
        fprintf(stderr,”Error in pcap_findalldevs_ex: %s\n“, errbuf);
        exit(1);
    }

    /* 打印列表 */
    for( d = alldevs; d != NULL; d = d->next )
    {
        printf(”%d. %s“, ++i, d->name);

        if (d->description)
        {
            printf( “ (%s)“, d->description );
        }

        if( d->addresses != NULL )
        {
            if( d->addresses->addr->sa_family == AF_INET )
            {

                printf( “: %s\n“, inet_ntoa( ((struct sockaddr_in *)d->addresses->addr)->sin_addr ) );
            }
            else
            {
                printf( “\n” );
            }
        }
        else
        {
            printf(” (No description available)\n“);
        }
    }

    if (i == 0)
    {
        printf(”\nNo interfaces found! Make sure WinPcap is installed.\n“);
        return -1;
    }

    printf( “\nPlease choose the index of your NetAdapter:” );
    int    AdapterIndex = 1;
    scanf( “%d“, &AdapterIndex );
    if( AdapterIndex > i )
    {
        printf( “网卡选错啦\n” );
        return -1;
    }

    d = alldevs;
    for( int index = 1; index < AdapterIndex; index ++ )
    {
        d = d->next;
    }

    if( d->name == NULL || d->addresses == NULL )
    {
        printf( “网卡选错啦\n” );
        return -1;
    }

    strcpy( InterfaceName, d->name );
    strcpy( LocalIP, inet_ntoa( ((struct sockaddr_in *)d->addresses->addr)->sin_addr ) );

    /* 不再需要设备列表了,释放它 */
    pcap_freealldevs(alldevs);

    return 1;
}

int GetGateWayMac( )
{
    PIP_ADAPTER_INFO AdapterInfo;

    ULONG    OutBufLen = sizeof(IP_ADAPTER_INFO);
    AdapterInfo = (IP_ADAPTER_INFO *)malloc(sizeof (IP_ADAPTER_INFO));
    if( AdapterInfo == NULL )
    {
        printf(”Error allocating memory needed to call GetAdaptersinfo\n“);
        return -1;
    }

    if( GetAdaptersInfo( AdapterInfo, &OutBufLen ) == ERROR_BUFFER_OVERFLOW )
    {
        free( AdapterInfo );
        AdapterInfo = (IP_ADAPTER_INFO *)malloc( OutBufLen );
        if( AdapterInfo == NULL )
        {
            printf(”Error allocating memory needed to call GetAdaptersinfo\n“);
            return -1;
        }
    }
if( GetAdaptersInfo( AdapterInfo, &OutBufLen ) == NO_ERROR ) { PIP_ADAPTER_INFO a = AdapterInfo; BOOL Found = FALSE; while( a ) { if( strcmp(a->IpAddressList.IpAddress.String, LocalIP) == 0 ) { strcpy( GatewayIP, a->GatewayList.IpAddress.String ); Found = TRUE; break; } a = a->Next; } if( !Found ) { printf( “Get gateway’s ip error.\n” ); free( AdapterInfo ); return -1; } else { free( AdapterInfo ); } } else { printf( “Get gateway’s ip error.\n” ); free( AdapterInfo ); return -1; } BYTE Mac[6]; ULONG MacLen = 6; SendARP( inet_addr(GatewayIP), 0, (PULONG)&Mac, &MacLen ); memcpy( GatewayMac, Mac, MacLen ); /* for( int index = 0; index < MacLen; index ++ ) { printf( “%d: %02x\n”, index, Mac[index] ); } printf( “\n%d\n”, MacLen ); */ } void Usage( char *me ) { printf( “Make tcp package 0.1, code by yunshu\n” ); printf( “%s: targetip targetport [flag]\n“, me ); printf( “flag: \n” ); printf( “ u|U set urg flag.\n” ); printf( “ a|A set ack flag.\n” ); printf( “ p|P set push flag.\n” ); printf( “ r|R set rst flag.\n” ); printf( “ s|S set syn flag.\n” ); printf( “ f|F set fin flag.\n” ); printf( “ default is syn flag, and you can use sa to set syn+ack, and more…\n” ); } int main( int argc, char *argv[] ) { ET_HEADER EtHeader; IP_HEADER IpHeader; TCP_HEADER TcpHeader; PSD_HEADER PsdHeader; u_char Buffer[sizeof(ET_HEADER) + sizeof(IP_HEADER) + sizeof(TCP_HEADER)] = { 0 }; if( (argc != 3) && (argc != 4) ) { Usage( argv[0] ); exit( -1 ); } int Flag = 2; if( argc == 4 ) { Flag = 0; if( strchr(argv[3], ‘U’) || strchr(argv[3], ‘u’) ) { Flag = Flag | 32; } if( strchr(argv[3], ‘A’) || strchr(argv[3], ‘a’) ) { Flag = Flag | 16; } if( strchr(argv[3], ‘P’) || strchr(argv[3], ‘p’) ) { Flag = Flag | 8; } if( strchr(argv[3], ‘R’) || strchr(argv[3], ‘r’) ) { Flag = Flag | 4; } if( strchr(argv[3], ‘S’) || strchr(argv[3], ’s’) ) { Flag = Flag | 2; } if( strchr(argv[3], ‘F’) || strchr(argv[3], ‘f’) ) { Flag = Flag | 1; } } //GetLocalIP( ); if( -1 == GetDevices( ) ) { exit( -1 ); } //printf( “Adapter is %s, ip is %s\n”, InterfaceName, LocalIP ); if( -1 == GetGateWayMac( ) ) { exit( -1 ); } //printf( “Gateway IP is %s\n”, GatewayIP ); //printf( “Gateway Mac is %x\n”, *GatewayMac ); memcpy( EtHeader.eh_dst, GatewayMac, 6 ); memset( EtHeader.eh_src, 0xa, 6 ); EtHeader.eh_type = htons( IP_PROTO ); IpHeader.h_verlen = (4<<4 | sizeof(IpHeader)/sizeof(unsigned int)); IpHeader.tos = 0; IpHeader.total_len = htons(sizeof(IpHeader)+sizeof(TcpHeader)); IpHeader.ident = 1; IpHeader.frag_and_flags = 0×40; IpHeader.ttl = 128; IpHeader.proto = IPPROTO_TCP; IpHeader.checksum = 0; IpHeader.sourceIP = inet_addr( LocalIP ); IpHeader.destIP = inet_addr( argv[1] ); TcpHeader.th_sport = htons( rand()%60000 + 1024 ); TcpHeader.th_dport = htons( atoi(argv[2]) ); TcpHeader.th_seq = htonl( rand()%900000000 + 100000 ); TcpHeader.th_ack = 0; TcpHeader.th_lenres = (sizeof(TcpHeader)/4<<4|0); TcpHeader.th_flag = Flag; TcpHeader.th_win = htons(512); TcpHeader.th_sum = 0; TcpHeader.th_urp = 0; PsdHeader.saddr = inet_addr( LocalIP ); PsdHeader.daddr = IpHeader.destIP; PsdHeader.mbz = 0; PsdHeader.ptcl = IPPROTO_TCP; PsdHeader.tcpl = htons(sizeof(TcpHeader)); memcpy( Buffer, &PsdHeader, sizeof(PsdHeader) ); memcpy( Buffer + sizeof(PsdHeader), &TcpHeader, sizeof(TcpHeader) ); TcpHeader.th_sum = CheckSum( (unsigned short *)Buffer, sizeof(PsdHeader) + sizeof(TcpHeader) ); memset( Buffer, 0, sizeof(Buffer) ); memcpy( Buffer, &IpHeader, sizeof(IpHeader) ); IpHeader.checksum = CheckSum( (unsigned short *)Buffer, sizeof(IpHeader) ); memset( Buffer, 0, sizeof(Buffer) ); memcpy( Buffer, (void *)&EtHeader, sizeof(ET_HEADER) ); memcpy( Buffer + sizeof(ET_HEADER), (void *)&IpHeader, sizeof(IP_HEADER) ); memcpy( Buffer + sizeof(ET_HEADER) + sizeof(IP_HEADER), (void *)&TcpHeader, sizeof(TCP_HEADER) ); char errbuf[PCAP_ERRBUF_SIZE] = { 0 }; pcap_t *fp; if ( (fp= pcap_open( InterfaceName, 100, PCAP_OPENFLAG_PROMISCUOUS, 100, NULL, errbuf ) ) == NULL ) { fprintf(stderr,”\nUnable to open the adapter. %s is not supported by WinPcap\n“, InterfaceName ); return -1; } if ( pcap_sendpacket( fp, Buffer, sizeof(Buffer) ) != 0 ) { fprintf(stderr,”\nError sending the packet: \n“, pcap_geterr(fp)); return -1; } printf( “send ok!\nData is:\n” ); for( int i = 0; i < sizeof(Buffer); i ++ ) { printf( “%02x “, Buffer ); } return 0; }


 
 
 
 
   
 
   
     
  • 课堂实景
  • 课程体系
  • 培训课程
  • 学费介绍
  • 巧用mstsc命令登录到console的方法
  • 课程介绍
  • 团队介绍
  • Linkideo免费Vpn
  • 就业前景
  • 汇款方式
    		•
     
     
     
    无标题文档
    一流开创网一流开创网一流开创网一流开创网一流开创网一流开创网一流开创网
      关于我们 | 联系方法 | 招聘信息 | 加入会员 | 诚征代理 | 广告服务 | 欢迎投稿 | 友情链接  
      版权所有:吉林省开创科技信息有限公司  
      服务热线:0431-84714442
    Copyright 2001 - 2007 All Rights Reserved