freshbug's notes

freshbug的代码人生

bekilledlzyID:bekilledlzy
[修改头像]
12065次访问,排名8272(-5)好友0人,关注者0
bekilledlzy的文章
原创 17 篇
翻译 0 篇
转载 32 篇
评论 6 篇
freshbug的公告
访问www.freshbug.com
自2007年10月16日
freshbug的联系方式:
freshbug@gmail.com
最近评论
loadend:你好,我想问一下,那注册google ad帐户的时候不是要填网址嘛,填什么呢?是不是填http://blog.csdn.net/用户名/??
freshbug:stl里面有一些静态变量 不能跨dll vector有时候能跨dll是因为连续的内存分布

跨模块传输数据最好是能用C风格的结构 用C++类很容易出问题
wang:我是向dll中传一个map指针,结果也是it++之后就内存泄漏
wang:我也遇到了类似问题。
远离尘嚣:老大,能把你的Uft8ToAnsi是自定义的转码函数共享一下嘛?万分感谢!
软件项目交易
订阅我的博客
XML聚合  FeedSky
订阅到鲜果
订阅到Google
订阅到抓虾
订阅到BlogLines
订阅到Yahoo
订阅到GouGou
订阅到飞鸽
订阅到Rojo
订阅到newsgator
订阅到netvibes
文章分类
收藏
    相册
    who's freshbug?
    技术站点
    老牛们的blog
    咨讯
    存档

    转载 伪造tcp数据包(tcp校验和算法)

    新一篇: 用SecureCRT来上传和下载数据

    如何伪造tcp数据包,并进行正确的校验。下面的例子演示了这一过程,附完整的程序源码(linux gcc)


    下面的程序是在linux下进行tcp伪造的一个例子:涉及原始套接字和tcp的校验算法
    

     
    

    /************************tcp_pseudo.c********************/
    

    /** Author :cbchen. */
    #include 
    #include 
    #include 
    #include 
    #include 
    #include 
    #include 
    #include 
    #include 
    #include 
    #include 
    #include 
    #define INTERFACE "eth0"
    #define IP	""
    /*Prototype area*/
    int Open_Packet_Socket();
    int Open_Raw_Socket();
    int Set_Promisc(char *interface, int sock);
    void send_tcp_ack(int sockfd,struct sockaddr_in *addr);
    unsigned short check_sum(unsigned short *addr,int len);
    struct ip *iprecv;
    struct tcphdr *tcprecv;
    struct sockaddr_in addr;

    int main() 
    {
    int sockfd,sendfd,bytes_recieved;

    char buffer[1518];
    u_char *buf2;
    char	saddr[20],daddr[20];

    sockfd=Open_Packet_Socket();
    sendfd=Open_Raw_Socket();
    //printf("sockfd:%d\tsendfd:%d\n",sockfd,sendfd);

    int on=1;
    	/******** 设置IP数据包格式,告诉系统内核模块IP数据包由我们自己来填写 ***/
    setsockopt(sendfd,IPPROTO_IP,IP_HDRINCL,&on,sizeof(on));
    Set_Promisc(INTERFACE, sockfd);
    int count=1;

    while(1)
    {

     bytes_recieved = recvfrom(sockfd, buffer, 1518, 0, NULL, NULL);

     buf2=buffer;
     buf2+=14;
     iprecv=(struct ip *)buf2;
     //iprecv+=sizeof(struct ethhdr*);
    /*See if this is a TCP packet*/
     if(iprecv->ip_v == 4&iprecv->ip_p == 6) {
     printf("---------------------------Number %d packet-----------------------------------------------\n",count);
     count++;
     printf("\nBytes received ::: %5d\n",bytes_recieved);
    printf("ip version:%u\n",iprecv->ip_v);

     printf("IP包头解码:\n");
     printf("Source ip:%s\t",inet_ntoa(iprecv->ip_src));
     printf("Dest ip:%s\t",inet_ntoa(iprecv->ip_dst));
     printf("proto:%u\n",iprecv->ip_p);
     buf2+=iprecv->ip_hl<<2;
     printf("TCP包头解码:\n");
    tcprecv = (struct tcphdr*)buf2;
     //tcprecv = (struct tcphdr *)(buffer + (iprecv->ip_hl<<2));
     printf("Source port :::%d\n",ntohs(tcprecv->source));
     printf("Dest port :::%d\n",ntohs(tcprecv->dest));
     printf("seq num:%u\n",ntohl(tcprecv->seq));
     printf("ack num:%u\n",ntohl(tcprecv->ack_seq));
     printf("urg:%x\tack:%x\tpsh:%x\trst:%x\tsyn:%x\tfin:%x\n",tcprecv->urg,tcprecv->ack,tcprecv->psh,tcprecv->rst,tcprecv->syn,tcprecv->fin);
     bzero(&addr,sizeof(struct sockaddr_in));
    	addr.sin_family=AF_INET;
                            //addr2.sin_port=htons(thdr->source);
    			addr.sin_port=tcprecv->source;
    			//addr2.sin_addr=iphdr->ip_src;
    		        addr.sin_addr=iprecv->ip_src;

    /********* 发送阻隔包了!!!! ****/
    if(tcprecv->syn==1&tcprecv->urg!=1&tcprecv->ack!=1&tcprecv->psh!=1&tcprecv->rst!=1&tcprecv->fin!=1)
    {
    //send_tcp_ack(sendfd,&addr);
    //printf("It's a syn pocket!\n");
    }
    }
    }
     close(sockfd);
     close(sendfd);
    }
    //end main

    /******* 发送阻隔包的实现 *********/
    /*
    void send_tcp_ack(int sockfd,struct sockaddr_in *addr)
    {
    	struct send_tcp
       	{
          	struct iphdr ip;
          	struct tcphdr tcp;
       	} send_tcp;

    	struct pseudo_header
       	{
          	unsigned int source_address;
          	unsigned int dest_address;
          	unsigned char placeholder;
          	unsigned char protocol;
          	unsigned short tcp_length;
          	struct tcphdr tcp;
       	} pseudo_header;

    	int tcp_socket;
       	struct sockaddr_in sin;
       	int sinlen;

       	// form ip packet 
       	send_tcp.ip.ihl = 5;
       	send_tcp.ip.version = 4;
       	send_tcp.ip.tos = 0;
       	send_tcp.ip.tot_len = htons(40);
       	send_tcp.ip.frag_off = 0;
       	send_tcp.ip.ttl = 64;
       	send_tcp.ip.protocol = IPPROTO_TCP;
       	send_tcp.ip.check = 0;
       	send_tcp.ip.saddr = iprecv->ip_dst.s_addr;
       	send_tcp.ip.daddr = addr->sin_addr.s_addr;

       	// form tcp packet 
       	send_tcp.tcp.dest = addr->sin_port;
    	send_tcp.tcp.source = tcprecv->dest;
       	send_tcp.tcp.ack_seq = htonl(ntohl(tcprecv->seq)+0x01);
       	send_tcp.tcp.res1 = 0;
       	send_tcp.tcp.doff = 5;
       	send_tcp.tcp.fin = 0;
       	send_tcp.tcp.syn = 1;
       	send_tcp.tcp.rst = 0;
       	send_tcp.tcp.psh = 0;
       	send_tcp.tcp.ack = 1;
       	send_tcp.tcp.urg = 0;
       	send_tcp.tcp.res2 = 0;
       	send_tcp.tcp.window = htons(512);
       	send_tcp.tcp.check = 0;
       	send_tcp.tcp.urg_ptr = 0;
         	send_tcp.tcp.seq = tcprecv->seq;

          	// set fields that need to be changed 
          	//send_tcp.tcp.source++;
          	send_tcp.ip.id = 0 ;
          	//send_tcp.tcp.seq++;
          	send_tcp.tcp.check = 0;
          	send_tcp.ip.check = 0;

          	// calculate the ip checksum 
          	send_tcp.ip.check = in_cksum((unsigned short *)&send_tcp.ip, 20);

          	// set the pseudo header fields 
          	pseudo_header.source_address = send_tcp.ip.saddr;
         	pseudo_header.dest_address = send_tcp.ip.daddr;
          	pseudo_header.placeholder = 0;
          	pseudo_header.protocol = IPPROTO_TCP;
          	pseudo_header.tcp_length = htons(20);
          	bcopy((char *)&send_tcp.tcp, (char *)&pseudo_header.tcp, 20);
          	send_tcp.tcp.check = in_cksum((unsigned short *)&pseudo_header, 32);
          	sinlen = sizeof(sin);
    	int count;
    	for(count=0;count<2;count++){
          	if(sendto(sockfd, &send_tcp, 40, 0, (struct sockaddr *)addr,sizeof(struct sockaddr))<0)
    	{
    	printf("sendto error!\n");
    	}
    	else
    	{
    	printf("send packet ok!\n");
    	}
    	

    }
    */


    /* 下面是首部校验和的算法 */
    unsigned short in_cksum(unsigned short *addr, int len)    /* function is from ping.c */
    {
        register int nleft = len;
        register u_short *w = addr;
        register int sum = 0;
        u_short answer =0;

        while (nleft > 1)
           	{
           	sum += *w++;
           	nleft -= 2;
          	}
        if (nleft == 1)
         	{      
           	*(u_char *)(&answer) = *(u_char *)w;
            sum += answer;
         	}
        sum = (sum >> 16) + (sum & 0xffff);
        sum += (sum >> 16);
        answer = ~sum;
        return(answer);
    }
    int Open_Packet_Socket()
    {
    int sock;
    sock=socket(AF_INET,SOCK_PACKET,htons(ETH_P_ALL));
    	if (sock==-1) 
    	{
    		perror("socket");
    		exit(errno);
    	}
    printf("sockfd:%d\n",sock);
    return(sock);
    }
    int Open_Raw_Socket()
    {
    int sock;
    sock=socket(AF_INET,SOCK_RAW,IPPROTO_TCP);
    	if (sock==-1) 
    	{
    		perror("socket");
    		exit(errno);
    	}
    printf("sendfd:%d\n",sock);
    return(sock);
    }


    int Set_Promisc(char *interface, int sockfd ) 
    {
    	struct ifreq ifr;
     	strncpy(ifr.ifr_name,interface,strnlen(interface)+1);
    	if (ioctl(sockfd,SIOCGIFFLAGS,&ifr)==-1) 
    	{
    		perror("ioctl1");
    		exit(errno);
    	}
    	ifr.ifr_flags |= IFF_PROMISC;
    	if (ioctl(sockfd,SIOCSIFFLAGS,&ifr)) 
    	{
    		perror("ioctl2");
    		exit(errno);
    	}

    // printf("Setting interface ::: %s ::: to promisc...ok....\n", interface);
     return(1);
    }



     

    发表于 @ 2007年10月16日 12:46:00|评论(loading...)|编辑

    旧一篇: 在TCP三次握手后插入伪造的TCP包

    评论:没有评论。
    发表评论  


    登录
    Csdn Blog version 3.1a
    Copyright © freshbug