请下载jpcap-0.7.tar.gz
我们聚博有的同事被arp攻击,时常断网,尤其在连接审计平台的时候,
这是因为病毒电脑向网关等服务器通知了错误mac地址,导致我们断网。
因此我需要告诉网关,我正确的mac地址是多少,这样就可以解决arp攻击问题。
病毒程序是欺骗为错误信息,我们只能反过来再欺骗回去。于是参考网上的代码编写了下面的程序。
网关等地址写在setDesInfos()方法内,需要反欺骗的地址写在setSrcInfos()方法内。
如果上网是正常的,就不要使用下面的程序了。也不要用于不好的目的。
下面是源代码:
import java.net.InetAddress;
import java.util.ArrayList;
import java.util.List;
import jpcap.JpcapCaptor;
import jpcap.JpcapSender;
import jpcap.NetworkInterface;
import jpcap.packet.ARPPacket;
import jpcap.packet.EthernetPacket;
public class SendFakeARP {
//需要被通知解除arp欺骗的地址数组
private static InetAddress[] desIps = new InetAddress[3];
private static byte[][] desMacs = new byte[3][1];
//需要解除arp欺骗的地址数组
private static InetAddress[] srcIps = new InetAddress[8];
private static byte[][] srcMacs = new byte[8][1];
static void setDesInfos() throws Exception {
//为了使得arp攻击失效,因此需要对欺骗的地址,实施复位性质的反欺骗。
InetAddress desip0 = InetAddress.getByName("10.32.145.1");// 被欺骗的目标IP地址
byte[] desmac0 = stomac("00-00-5E-00-01-33");// 被欺骗的目标目标MAC数组
desIps[0] = desip0;
desMacs[0] = desmac0;
InetAddress desip1 = InetAddress.getByName("10.32.145.54");// 被欺骗的目标IP地址
byte[] desmac1 = stomac("00-1C-25-D9-B1-D2");// 被欺骗的目标目标MAC数组
desIps[1] = desip0;
desMacs[1] = desmac0;
}
static void setSrcInfos() throws Exception {
InetAddress srcip0 = InetAddress.getByName("10.32.145.83");// 源IP地址
byte[] srcmac0 = stomac("44-37-E6-6B-20-22"); // 重置为真的MAC数组
srcIps[0] = srcip0;
srcMacs[0] = srcmac0;
InetAddress srcip1 = InetAddress.getByName("10.32.145.102");// 源IP地址
byte[] srcmac1 = stomac("44-37-E6-64-D8-67"); // 重置为真的MAC数组
srcIps[1] = srcip1;
srcMacs[1] = srcmac1;
}
static List<ARPPacket> getArpPackets() throws Exception {
List<ARPPacket> aprPackets = new ArrayList<ARPPacket>();
setDesInfos();
setSrcInfos();
for (int i = 0; i < srcIps.length; i++) {
InetAddress srcip = srcIps[i];
byte[] srcmac = srcMacs[i];
if (srcip == null) {
continue;
}
for (int j = 0; j < desIps.length; j++) {
InetAddress desip = desIps[j];
byte[] desmac = desMacs[j];
if (desip == null) {
continue;
}
// 设置ARP包
ARPPacket arp = new ARPPacket();
arp.hardtype = ARPPacket.HARDTYPE_ETHER;
arp.prototype = ARPPacket.PROTOTYPE_IP;
arp.operation = ARPPacket.ARP_REPLY;
arp.hlen = 6;
arp.plen = 4;
arp.sender_hardaddr = srcmac;
arp.sender_protoaddr = srcip.getAddress();
arp.target_hardaddr = desmac;
arp.target_protoaddr = desip.getAddress();
// 设置DLC帧
EthernetPacket ether = new EthernetPacket();
ether.frametype = EthernetPacket.ETHERTYPE_ARP;
ether.src_mac = srcmac;
ether.dst_mac = desmac;
arp.datalink = ether;
aprPackets.add(arp);
}
}
return (aprPackets);
}
static byte[] stomac(String s) {
byte[] mac = new byte[]{(byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00};
String[] s1 = s.split("-");
for (int x = 0; x < s1.length; x++) {
mac[x] = (byte) ((Integer.parseInt(s1[x], 16)) & 0xff);
}
return mac;
}
public static void main(String[] args) throws Exception {
int time = 1; // 重发间隔时间(秒)
// 枚举网卡并打开设备
NetworkInterface[] devices = JpcapCaptor.getDeviceList();
NetworkInterface device = devices[0];
JpcapSender sender = JpcapSender.openDevice(device);
List<ARPPacket> arps = getArpPackets();
int index = 0;
// 发送ARP应答包
while (true) {
index++;
System.out.println("sending arp..");
for (ARPPacket arp : arps) {
sender.sendPacket(arp);
}
if (index == 10000) { //累了,多休息一会
Thread.sleep(time * 60 * 1000);
}
else {
Thread.sleep(time * 1000);
}
}
}
}